The Mysterious Death of One of the Internet's Most Popular Encryption Tools

Thursday, May 29, 2014 - 10:40 AM


TrueCrypt is a program that allows users to do "on-the-fly encryption," meaning it essentially creates a little partition between your encrypted and unencrypted files. It's really easy to use relative to most encryption software, and a lot of security experts like Bruce Schneier publicly recommend it. Or at least they used to. Yesterday, the official download site for TrueCrypt warned users that the program was no longer secure, and advised them to stop using it.

The problem is that the anonymous developers who made TrueCrypt gave no indication of exactly why it was no longer safe, which has whipped the internet's privacy nuts and hackers into a speculation frenzy. The most obvious theories are that they received a government subpoenaor were hacked by either the government or someone else. Still others speculate that it was infighting amongst the developers.

In the wake of all the Snowden revelations, an independent audit of TrueCrypt was funded on indiegogo last fall. The idea was for security experts to pore over the program and just make sure it does what it says it does with no weaknesses, and the first phase of that audit was completed just last month

As a security layperson, my totally uneducated speculation isn't worth much, but it could be that the developers of TrueCrypt knew that futher auditing would reveal security issues, Haystack-style, and decided to shut it down before that could happen. But who can say? It's hard enough to know the efficacy of a privacy program like TrueCrypt as a security researcher, so for those of us without computer science degrees, it's totally opaque. PJ compared it to buying narcotics - unless you have a trusted relationship with the dealer, the purity of your security program remains an open question. Is there any way to apply the 10 Crack Commandments to internet encryption software?


More in:

Comments [1]

Erik R. from Colindres, Spain

PJ's always there with a drug metaphor. :-) "Crack" works in both domains.

May. 29 2014 12:18 PM

Leave a Comment

Email addresses are required but never displayed.

Supported by

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by Meredith Haggerty. You can subscribe to the TLDR podcast here. You can follow our blog here. I tweet @manymanywords and @tldr.

Subscribe to Podcast iTunes RSS