Software to encrypt user files – TrueCrypt – has always been surrounded by mystery and at the same time been a reliable tool. Mystery – because the authors cypher completely anonymous, TrueCrypt considered reliable because he never gave reason to doubt this. Even the first “wave” of code audits confirmed that no bookmarks and no security holes.
But then suddenly the idyll was broken quite a strange event – the official site TrueCrypt was installed redirect to the page of the project on Sourceforge, where there is a new version (7.2), and a warning is written in big red letters – WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues (“ WARNING: isplzovaniya TrueCrypt safe, because it may contain open vulnerability “). After warning the authors are advised to stop using the TC and go to the Microsoft BitLocker (which adds another strange happening).
In addition to the strange message has information on the termination of software development since May of this year (ie already) – partly because of alleged termination support Windows XP, which had no built-in functions to encrypt files.
Laid final release of TrueCrypt 7.2 (signed by the private key of the official sponsors of the draft) as different from the previous version of the remote code to encrypt the information (you can only decrypt existing containers) and the error message about unsafe use. The new version should be used for the transition to similar products.
Linux users TrueCrypt authors give even more strange recommendations on migration analogues – TC proposed to be deleted in the repository and search for packages that contain the words “encryption” or “crypt”.
Alas, the code is distributed under the TrueCrypt TrueCrypt License own license and is not free, that is, a community of open source developers can not use this code and make an offshoot project, continuing its development.
The community, in connection with the “mysterious drain” has several versions and guesses, give them below:
All this time the author was TrueCrypt NSA, it also supported the project until the second round of audit code reached “very interesting.” Here and it’s time to cover all quietly, so as not to create a scandal.
Anonymous authors found secret services and tried to put pressure on them to the ones provided in the code setting bookmarks and every backdoors. The authors decided, while there is time, quickly notify the community and reveal the threat to information security (and in the style of the so-called “evidence canary”).
Reviewers simply bothered to support the project and they decided to “go beautifully.”
Authors “politely asked” to introduce into the code tab, they refused. Intelligence agencies have decided to put pressure on them and cover uncomfortable project at any cost.
Special services offered money which was simply impossible to refuse. And the project covered.
Produced crafty website defacement, kidnapped private key developers. Soon the normal operation of the project will be restored.