Security
by Jimmy Nicholls| 29 May 2014
Uncertainty over encryption tool used by NSA whistleblower Edward Snowden.
A shutdown message posted on encryption software provider TrueCrypt’s website has prompted speculation that legal issues or hacking may have brought an end to the project.
Visitors to the website are presented with a warning that the software is no longer secure, followed by instructions to migrate any data to Microsoft’s BitLocker.
A message displayed on the website said: “The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images.”
The abruptness of the switch has led to many concerns about the safety of the TrueCrypt 7.2 package, with some also speculating that the anonymous developers behind the project were facing legal troubles.
A favoured tool of NSA whistleblower Edward Snowden, TrueCrypt recently began an independent audit following a crowdfunding session raising $60,000.
Following the first phase contracted auditors iSEC reported that there was “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas”, though they added there were some vulnerabilities in the code that were probably unintentional.
Matthew Green, a cryptography professor at John Hopkins University in the US, who helped lead the fundraising effort for the audit, thought it “unlikely” that an unknown hacker identified the TrueCrypt developers, stole the private signing key posted at the end of the webpage, and hacked the site.
“Unlikely is not the same as impossible. So it’s possible that this whole thing is a hoax. I just doubt it,” he added.
“An alternative is that somebody was about to de-anonymise the TrueCrypt developers and this is their response.”