Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt Website Says To Switch To BitLocker

Posted by Soulskill on from the so-long-and-thanks-for-all-the-Jkkms0EuPPlvOmW7Mk5x2A== dept.

Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.

4 of 566 comments (clear)

  1. Re:So, what now? by Qzukk · · Score: 5, Funny

    You can get your copy from www.totallynotnsa.com/truecrypt.7.1.nsa.zip

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  2. Re:Fishy by Anonymous Coward · · Score: 2, Funny

    Since TrueCrypt is being audited maybe they figure they can't insert back doors now.

    ^^^^THIS would be my guess. TC has always smelled very suspicious with its 3 anonymous developers supposedly maintaining a large and complex program on multiple platforms - it's too much for 3 coders - and the highly suspect "Truecrypt Foundation" (registered with bogus details). It is probable that TC was established and developed by a 3-letter agency purely so they could plant backdoors.

  3. Re:So, what now? by Anonymous Coward · · Score: 2, Funny

    This version is safer: https://www.totallynotnsa.com/truecrypt.7.1.no-nsa-backdoor.zip?evil=false

  4. Re:Hacked or NSA? by PrimaryConsult · · Score: 3, Funny

    ... and *you're* the reason they have to ban smartphones during trivia night at the local bar...