May 29, 2014

The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.

tcSometime in the last 24 hours, truecrypt.org began forwarding visitors to the program’s home page on sourceforge.net, a Web-based source code repository. That page includes instructions for helping Windows users transition drives protected by TrueCrypt over to BitLocker, the proprietary disk encryption program that ships with every Windows version (Ultimate/Enterprise or Pro) since Vista. The page also includes this ominous warning:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”

“This page exists only to help migrate existing data encrypted by TrueCrypt.”

“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. But a cursory review of the site’s historic hosting, WHOIS and DNS records shows no substantive changes recently.

What’s more, the last version of TrueCrypt uploaded to the site on May 27 (still available at this link) shows that the key used to sign the executable installer file is the same one that was used to sign the program back in January 2014 (hat tip to @runasand and @pyllyukko). Taken together, these two facts suggest that the message is legitimate, and that TrueCrypt is officially being retired.

That was the same conclusion reached by Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute and a longtime skeptic of TrueCrypt — which has been developed for the past 10 years by a team of anonymous coders who appear to have worked diligently to keep their identities hidden.

“I think the TrueCrypt team did this,” Green said in a phone interview. “They decided to quit and this is their signature way of doing it.”

Green last year helped spearhead dual crowdfunding efforts to raise money for a full-scale, professional security audit of the software. That effort ended up pulling in more than $70,000 (after counting the numerous Bitcoin donations) —  far exceeding the campaign’s goal and demonstrating strong interest and support from the user community. Earlier this year, security firm iSEC Partners completed the first component of the code review: an analysis of TrueCrypt’s bootloader (PDF).

Green said he’s disappointed that the TrueCrypt team ended things as abruptly as they did, and that he hopes that a volunteer group of programmers can be brought together to continue development of the TrueCrypt code. That could be a dicey endeavor given the license that ships with TrueCrypt, which Green says leaves murky and unanswered the question of whether users have the right to modify and use the code in other projects.

“There are a lot of things they could have done to make it easier for people to take over this code, including fixing the licensing situation,” Green said. “But maybe what they did today makes that impossible. They set the whole thing on fire, and now maybe nobody is going to trust it because they’ll think there’s some big evil vulnerability in the code.

Green acknowledged feeling conflicted about today’s turn of events, and that he initially began the project thinking TrueCrypt was “really dangerous.”

“Today’s events notwithstanding, I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green said. “But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits.”

Whether or not volunteer developers pick up and run with the TrueCrypt code to keep it going, Green said he’s committed to finishing what he started with the code audit, if for no other reason than he’s sitting on $30,000 raised for just that purpose.

“Before this happened, we were in process of working with people to look at the crypto side of the code, and that was the project we were going to get done over this summer,” Green said. “Hopefully, we’ll be able to keep TrueCrypt.”


363 thoughts on “True Goodbye: ‘Using TrueCrypt Is Not Secure’

  1. Richard Steven Hack

    I’m still not convinced that this isn’t some sort of hack. However, the problem appears to be that there is no way to determine that one way or the other, given that the developers apparently have always been anonymous.

    The further point is that since this software was developed by anonymous people who have now apparently become unreliable that perhaps this software never should have been “trusted.”

    Like Nick Fury in Captain America: The Winter Soldier: “It’s things like that give me trust issues.”

    It’s probably a good idea not to use ANY security software that doesn’t have a clear, identified provenance of development. TrueCrypt clearly no longer applies.

    1. Verified

      I disagree.
      The really important thing is to have an open source software, which can be audited and used to build executables.
      I don’t mind if the authors remain anonymous and I wouldn’t trust a closed source crypto software even if I knew authors’ identities.

      I think the fact TC authors protected their anonimity for ten years in not necessarily suspicious. They could have good reasons for doing that, for example they could be professional crypto analysts (salaried by a company to develop commercial products in competition with TC) or belonging to a LEA!
      In both cases, they could be blackmailed by security agencies and that could be just what happened.

  2. Nathan

    There is also some speculation that possibly a new NSL was at heart of the issue and this is there way of leaving the product working but dissuading its use since it would then be compromised by new code that they would have to put into the product do to a NSL…

  3. dfnctsc

    Krebs, there is a typo in your article. In the second paragraph the hyperlinked BitLocker text is written “BitlLocker”. It contains both a lower case and uppercase ‘l’.

  4. eCurmudgeon

    Q: Do any open source, cross-platform equivalents to TrueCrypt exist for USB device encryption (i.e. flash drives and the like)?

    1. xChris

      You can try the EncFS.

      I moved to EncFS some years ago, as I liked the way is working and also there was an android app that supported it. Then I got the BoxCryptor Classic (commercial product) that is compatible with the EncFS, as I sync my EncFS folders on the Cloud…. Pls note that the BoxCryptor Classic is not compatible with the BoxCryptor , different products.

  5. hink

    On the other hand, trusting OSS developed fully anonymously is the ultimate challenge to the principles that OSS builds on.

    1. Hearth

      OSS is also built on the premise of peer review, which is especially necessary when talking about security software as in this case. I for one love TrueCrypt and as a frequent user was very happy about the progress of the audit. It feels like a sad day for the internet if this truly does represent the end of the project. I am not aware of anything that approaches TC’s capabilities for cross platform disk and virtual volume encryption.

      However, assuming the audit comes back showing everything is fine, I see no reason to stop using version 7.1 that has been working perfectly for the last couple years.

  6. G33z3r

    If Truecrypt devs have really thrown in the towel, the good news is this is a relatively simple problem to solve (creating encrypted containers, that is…) and the open source community ought to be able to tackle at least that challenge.

    Recommending Bitlocker as a solution? That’s honestly the first thing that made me question what’s going on. Seriously…

  7. gorilla bone warrior

    Darkness hates it when a light is shown upon it. The meat is in the audit, let it continue without any delays.

  8. Bill Cole

    The iSec initial audit report was very critical of the TC code quality, and implied that it looks like the work of a single coder. There was no update for 2 years. The build process requires a 20 year old MS compiler, manually extracted from an exe installer.

    Imagine yourself as the lead/solo developer working on TC. No one pays you for this, governments hate you, much of the crypto community is throwing rocks at you while your user community spends half of its time joining in with clueless paranoia and the other half whining about feature gaps (e.g. GPT boot disks.) You have to eat, so you have a real paying job. You’re not so young any more (doing the TC crap for a decade) and maybe the real job now includes responsibilities that crowd out side work. Or maybe you’ve got a family you love more than the whiny paranoids you encounter via TC. And now iSec is telling you your code is sloppy and unreadable, and that you should take on a buttload of mind-numbing work to pretty it up so they will have an easier time figuring out where some scotch-fueled coding session in 2005 ( or maybe something you inherited from a past developer) resulted in a gaping exploitable hole that everyone will end up calling a NSA backdoor.

    Maybe you just toss it in. Why not? Anyone with a maintained OS has an integrated alternative and as imperfect as they may be, they are better than TC for most users. Maintaining TC isn’t really doing much good for many people and the audit just pushed a giant steaming pile of the least interesting sort of maintenance into top priority. Seems like a fine time to drop it and be your kids’ soccer coach.

    1. Kaldek

      +1

      Carefull, Bill. People will start to suggest that you’re the anonymous TC developer because you posted so eloquently in the third person. 🙂

      1. Bill Cole

        LOL

        I’m “close” only in that I’ve experienced similar burnout and seen it in other developers.

    2. Knighthawk

      I really was leaning toward NSL, till I read this post, still seems odd messaging, even for a fukitol pill. 😉

      1. anon

        Mr. Cole is probably right. And the TC dev probably made a deal with Krebs or someone to make this look mysterious so we’d read scratch our heads and read their blog. Everybody wins!

    3. Jason

      Hmm. Maybe the 20-year old compiler only runs on XP, and newer compilers and OSes may be completely untrustworthy for compilation of TC. But XP still works, it will just no longer get updates, so that in itself is not a great reason.

    4. Timd

      That is a reasonable explanation.

      Why would the developers not just open up the development to more developers a number of years ago? Give more developers commit access and so on.

      Another possibility is that NSA got to the devs a few years ago and have just been sitting on the site and repo waiting to pull this move-to-bitlocker explanation.

      What is stopping a group of people from forking true crypt? the nsa.

    5. Andy

      TC was a very polished product. I can even begin to imagine how many manhours it must have taken.

      And then I ponder the question… can one single coder be a) so brillient and b) have so much time on his hands to produce this kind of product on THREE platforms?

      The intimate knowledge of cryptology + the very advanced knowledge of coding very close to the system core on at least two platforms… (I have not checked again, but IIRC it allowed bootable FDE on Mac and Win but only container managemen on linux).

      I can understand the reasoning for the “dropping the towel” argument, but I see not a single reason why he would a) modify all the old versions in the repo and b) not announce this step on the regular website.

      There is very certainly foul play at work here.

    6. tsp

      well written…and the other option that is left out is that maybe something came up medically that forbids the person to spend as much time coding. Either way, I am one of the sad panda’s

    7. Verified

      I respectfully disagree.

      I fully realize that the developer(s) could be tired to support the product, but they could have ended their commitment in a much better way:
      – avoiding to say that “there could be vulnerabilities” (yess, any software COULD have them) and waiting for the audit’s end
      – freeing the license
      – saying “we have no more time/wish to develop/support it, please go on, the code is yours”
      – avoiding to declare the end of the product with a rudimentary web page, which looks like a defacement
      – avoiding to “suggest” to shift from an open source to the most suspicious of all the closed source crypto softwares
      – avoiding to release a useless and suspicious 7.2 release

      Too many strange behaviours.

      I think they have been blackmailed.
      If they protected their anonimity for ten years, maybe they have good reasons to do that. Contacting the audit team could have beeen compromised their anonimity and some security agency could have now blackmailed them.
      The strange and almost unbelievable behaviour could be their way to comply to the blackmail but at the same time giving hints that they have been forced.

  9. i'm swimming in your MBR!

    Now let’s fund an audit of TAILS, which is also developed by anonymous personnel.

  10. NAME (REQUIRED)

    Try dm-crypt in a Linux VM under VirtualBox. Share directories with Windows host over SMB.

  11. notafish

    Very odd, linking this to Windows XP, since TrueCrypt is a multi-platform product. Indeed, that was one of its advantages over BitLocker, dm-crypt & co.

    Wonder what the real story is…

  12. Richard

    I still don’t think we have the whole story… and I don’t think anyone has it 100% right yet.

    The BitLocker how-to just screams troll to me.

    Hopefully people will get to the bottom of it all.

    1. Andrey

      And how about their tutorial about macox native (eh eh? what comes with ms (up pro version?)) encryption? Also trolling?

  13. Tom Hessman

    Did anyone read the “other platforms” page? Here is what they said Linux users should do:

    “Search available installation packages for words encryption and crypt, install any of the packages found and follow its documentation.”

    How could that possibly be legit?

  14. Martin

    Is it possible that TC is actually so good that NSA could only fling FUD by hack deface? Schneier is still silent on this – DAE find this suspicious?

  15. Jason

    they knew years ahead of time that MS was dropping support for XP. This was not some last minute notice on MS part.

    The conclusion is that truecrypt is no longer trustworthy. My gut feeling is that they are pulling a lavabit. They got an offer they can’t refuse, so are closing down shop rather than complying.

    Someone else suggested that the suggestion to use bitlocker is so unlikely, it’s a signal of shenanigans. Perhaps it’s their dead canary?

    1. Digital Defense

      “The conclusion is that truecrypt is no longer trustworthy.”

      The whole situation is a good reminder that no single piece of software is ever 100% trustworthy and we should always have multiple layers of protection.

  16. Jonny

    This stinks of a NSL.

    I reckon the developers have been identified by the NSA and been served with a cease and desist order via an NSL. Or, version 7.2 has been compromised by way of a backdoor or escrow keys and this is their way or warning people off this release.

  17. Nico

    Maybe the main developer just died.
    One of his colleagues is cleaning up.

  18. Lennie

    @Bill Cole if that is true: change the license and make it a proper open source project.

    1. Bill Cole

      Are you familiar with the history and ancestry of TC?

      It’s not clear that the current TC developers have unencumbered license control of the code they distributed but it is clear that they don’t own all the applicable copyrights. Le Roux’s name remains in the code and the E4M license remains in the package, while SecureStar continues to assert that Le Roux had no rights to E4M. How exactly the TC developers reached the truce that allowed them to continue releases has never been made clear, but the continued use of the restrictive TC license and the inclusion of the E4M license implies that there was no true resolution.

      That mess is one more motivation to just walk away.

      1. jdgalt

        The developer(s), whoever they were, have kept their identities hidden, so I’d be really surprised if they either can or would want to successfully assert copyright, unless the government is pulling their strings. Even then, it will be quite easy for the rest of us to change a few names in the source and keep using it.

        Meanwhile, let’s all grab our copies while the grabbing’s good.

        https://github.com/DrWhax/truecrypt-archive

  19. so sad

    Really saddened by the news. Looking forward to alternatives being developed for and by the community.

    1. Adam

      DiskCryptor has important advantage over Truecrypt: it allows to have more than one independently encrypted system partition. So you can have two or more completely independently encrypted Windows instalation on a single hard drive. There is no way that a virus on one instalation can affect the other.

  20. NikSam

    Guilibility test ….
    It so easy to convince people to believe anything these days, just media or simple post on the net can discredit something you trusted for long time.

    Yeah sure 🙂
    Go use MS Crap alternative guys, would be good forya 🙂
    oh what? you do not have MS, ok just search “encryption” and install any crap you find 🙂

    If you users are dumb like that is it worth to continue developing something for them, if they would just believe one single post, even ridiculous but looking legit ?

  21. Ray

    Bitlocker is definitely not a good alternative. Anyone in the security field would agree. Its quite obvious something fishy is going on. I think the developers received an NSL from our government which is why they are quiet & cannot talk openly about anything. It seems most likely our government forcibly took over the truecrypt site & made modifications to it.

  22. stef

    So, forgive me if this sounds dumb, but is someone saying that truecrypt version 7.1 is still ok?

Comments are closed.