29
May 14

True Goodbye: ‘Using TrueCrypt Is Not Secure’

The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.

tcSometime in the last 24 hours, truecrypt.org began forwarding visitors to the program’s home page on sourceforge.net, a Web-based source code repository. That page includes instructions for helping Windows users transition drives protected by TrueCrypt over to BitLocker, the proprietary disk encryption program that ships with every Windows version (Ultimate/Enterprise or Pro) since Vista. The page also includes this ominous warning:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”

“This page exists only to help migrate existing data encrypted by TrueCrypt.”

“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. But a cursory review of the site’s historic hosting, WHOIS and DNS records shows no substantive changes recently.

What’s more, the last version of TrueCrypt uploaded to the site on May 27 (still available at this link) shows that the key used to sign the executable installer file is the same one that was used to sign the program back in January 2014 (hat tip to @runasand and @pyllyukko). Taken together, these two facts suggest that the message is legitimate, and that TrueCrypt is officially being retired.

That was the same conclusion reached by Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute and a longtime skeptic of TrueCrypt — which has been developed for the past 10 years by a team of anonymous coders who appear to have worked diligently to keep their identities hidden.

“I think the TrueCrypt team did this,” Green said in a phone interview. “They decided to quit and this is their signature way of doing it.”

Green last year helped spearhead dual crowdfunding efforts to raise money for a full-scale, professional security audit of the software. That effort ended up pulling in more than $70,000 (after counting the numerous Bitcoin donations) —  far exceeding the campaign’s goal and demonstrating strong interest and support from the user community. Earlier this year, security firm iSEC Partners completed the first component of the code review: an analysis of TrueCrypt’s bootloader (PDF).

Green said he’s disappointed that the TrueCrypt team ended things as abruptly as they did, and that he hopes that a volunteer group of programmers can be brought together to continue development of the TrueCrypt code. That could be a dicey endeavor given the license that ships with TrueCrypt, which Green says leaves murky and unanswered the question of whether users have the right to modify and use the code in other projects.

“There are a lot of things they could have done to make it easier for people to take over this code, including fixing the licensing situation,” Green said. “But maybe what they did today makes that impossible. They set the whole thing on fire, and now maybe nobody is going to trust it because they’ll think there’s some big evil vulnerability in the code.

Green acknowledged feeling conflicted about today’s turn of events, and that he initially began the project thinking TrueCrypt was “really dangerous.”

“Today’s events notwithstanding, I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green said. “But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits.”

Whether or not volunteer developers pick up and run with the TrueCrypt code to keep it going, Green said he’s committed to finishing what he started with the code audit, if for no other reason than he’s sitting on $30,000 raised for just that purpose.

“Before this happened, we were in process of working with people to look at the crypto side of the code, and that was the project we were going to get done over this summer,” Green said. “Hopefully, we’ll be able to keep TrueCrypt.”

Tags: , , , , , , , , ,

363 comments

  1. “For example, tc performed a security audit which came out that they are not doing so bad”

    Maybe that is the whole problem. If people have software they can trust they might actually start using it.

    So a 3-letter agency steps to stop it.

  2. Or maybe dev got a job offer from MS he could not refuse with a condition of shutting down TC…

  3. What about Cryptic Disk, guys (works on Windows) ?
    http://www.exlade.com/cryptic-disk

  4. Perhaps they got a knock on the door from the NSA, and decided that the Lavabit exit was their only option.

    The explicit warnings that it’s not secure, and a final binary which does not encrypt, may have been the only way to not break the law.

    Perhaps they got an NSA visit a long time ago, and the audit is going to show us as much. I really hope the audit completes and they are in the clear. Otherwise i think the default position will be that it was always compromised.

    Certainly intriguing.

  5. If a developer decide to stop developing his/her crypto software, and out of all the encryption software out there today, he/she decided to recommend “MS BITLOCKER”

    This is enough to know something “fishy” is going on.

    • Exactly, recommending proprietary software over TrueCrypt, which is also platform independent is the diametral contrary to what TrueCrypt originally stand for.

      Theory:
      1) They received a national security letter.
      2) They lost their anonymity and take the easy way out before they receive a NSL.
      3) Death of a main/co-developer?
      4) Issues are too much work to fix (if #4 == true)

      Something really really bad must have happened, they would never recommend MS BL instead over their own program. Seems like a desperate reaction, maybe they had to hand over their keys to the fedgovs.

      I’m just glad that I don’t require the use of TC right now and my company actually only allows BL on their IBM company notebooks. After all it’s their data.

      Year 1 post Snowden isn’t looking very bright for civil rights and privacy.

      • TrueCrypt was 1) Proprietry, 2) not FOSS, 3) Stolen from E4M code.

        • Not approved by FSF, yes, but non-commercial and at least open source. So they are just very secretive.

          I don’t see the problem. If they now changed to LGPL or GNU everything would be perfect.

          Them burning all the bridges and telling people to use BL is immature.

          • ITYM OSI, not FSF.

            It would be epic if they went for a copyfree license instead of GPL though. That would be perfect for everyone.

  6. I can’t believe no one has suggested that the entire project might have been an NSA project all along.

    • you can say that about anything. I can say you’re an NSA project. I can say this site is an NSA project. I can say google is an NSA project.

      • Google is / was a CIA project.

        • Yup, definatly CIA project as is Facebook, also CIA funded via one of their shell companies.

          This is a typical CIA operation, they got caught doing the same in Cuba recently. Same idea.

    • Actually, Forbes has an article where someone does suggest that – that TrueCrypt was an NSA product all along, and the backdoors are about to be found in the next phase of the audit.

      I’d like to say conspiracy theory, but after everything else that has been revealed in the past 12 months…

    • If it was, then why did the government have so much trouble in Colorado last year?

  7. Nothing is secure nowadays. We can’t trust nothing and nobody. The entire web is untruthful. Security is a myth.

  8. Does not make sense Mr Krebs, I have to assume this is vandalism and the original dev’s lost their access and cannot regain control without outing themselves (which they seem averse to doing).

    Look at the stated reason for ending support, especially if you know that truecrypt is available for many other platforms than just windows.

    Therefore I’m not taking the bait.

  9. TrueCrypt was stolen from E4M code, supprised it lasted this long, it was not FOSS, it was not GPL, it was a PROPRIETRY license.

    Giid riddance TrueCrypt, it had no future, no GPT (Guid Partition Table) support, and thus, large spindles cannot be encrypted.

    DiskCryptor is GPL and FOSS, and TC container compatible. It supports algorithm cascading, sector encryption and file container encryption et al.

    It is the only real FOSS alternative now, AND is more importantly GPL so we can fork it legally.

    Why oh why did the TrueCrypt audit not investigate the issue of stolen code, that basically made them a laughing stock.

    Whoever donated money to TrueCrypt audit, HAHA *Nelson Muntz*, should have donated it to a true FOSS license and not a PROPRIETRY license that is stolen.

    DiskCryptor
    https://diskcryptor.net/wiki/Main_Page

    • Diskcryptor is not a replacement for Truecrypt as it only support Windows

      • I am on windows, it is close and good enough for me, and that is what matters right now.

        AND, it is GPL and FOSS, so it can be forked over and ported if you wish, something TrueCrypt cannot as it is 1) STOLEN from E4M code, 2) PROPRIETRY License 3) major legal issues steming from point 1.

        • An alternative for you != the only real alternative right now since it doesn’t run on any real OS.

        • Provide proof or shut the fuck up.

          • TC stolen from E4M code

            http://en.wikipedia.org/wiki/TrueCrypt

            “E4M and SecurStar dispute

            Original release of TrueCrypt was made by anonymous developers deemed “the TrueCrypt Team”.[7] Shortly after version 1.0 was released in 2004, the TrueCrypt Team reported receiving emails from Wilfried Hafner, manager of SecurStar, a computer security company.[8] According to the TrueCrypt Team, Hafner claimed in the emails that the acknowledged author of E4M, developer Paul Le Roux, had stolen the source code from SecurStar as an employee. It was further stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on the code and distribute it freely. Hefner alleges all versions of E4M always belonged only to SecurStar, and Le Roux did not have any right to release it under such a license.

            This led the TrueCrypt Team to immediately stop developing and distributing TrueCrypt, which they announced online through usenet.[8] TrueCrypt Team member David Tesařík stated that Le Roux informed the team that there was a legal dispute between himself and SecurStar, and that he received legal advisement not to comment on any issues of the case. Tesařík concluded that should the TrueCrypt Team continue distributing TrueCrypt, Le Roux may ultimately be held liable and be forced to pay consequent damages to SecurStar. To continue in good faith, he said, the team would need to verify the validity of the E4M license. However, because of Le Roux’s need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.[8][9]

            Thereafter, would-be visitors reported trouble accessing the TrueCrypt website, and 3rd party mirrors appeared online making the source code and installer continually available, outside of official sanction by the TrueCrypt Team.[10][11]

            In the FAQ section of its website, SecurStar maintains its claims of ownership over both E4M and Scramdisk, another free encryption program. The company states that with those products, SecurStar “had a long tradition of open source software”, but that “competitors had nothing better to do but to steal our source code”, causing the company to make its products closed-source, offering the ability to review the code for security only to selected customers, after they placed a substantial order and signed a non-disclosure agreement.[12]”

            http://cyberside.planet.ee/truecrypt

            You can even see E4M listed here in this archive of TrueCrypt.

      • it is GPL. adding support for whatever else you need it is possible and will no doubt arrive. Whatever the next de-facto choice needs to support windows from the get go and this as good of a start as I’ve seen. I’m sure as hell not going to wait around.

        • Not to state the obvious, but if the NSA backdoored Truecrypt, what in God’s name makes you think they haven’t also backdoored Windows? Attempting to secure any files on Windows is utterly pointless. Common sense would tell you to switch to a secure OS

          • Common sense also tells me to use an OS with application support.

            Come back to me when I can run my apps on it.

            Until then, you are a minority.

          • oh you mean like windows running on virtualbox.

            isolate that bloated piece of spyware, don’t make it your primary os!

  10. I’m using True Crypt on Windows XP Pro. When I buy a new desk top with Windows 8 installed will True Crypt function on containers? Please answer yes or no. I have no interest in total hard drive encryption. I just want to load files and folders into password protected, encrypted containers.

    • The latest TrueCrypt runs on Windows 8. However the developers just said it is not secure, so you should stop using it. If you are just using Windows BitLocker seems like a good solution.

    • Yes, TrueCrypt runs on Win8 to load containers – that’s how I am using it. I assume it will also mount encrypted external drives (such as usb flash drives) though I can’t verify this. It will *not* allow system drive encryption under Win 8 or any system not using an MBR partition table.

      I have issue with the statement that it is insecure – more accurately it has not yet been proven secure – not the same thing. Personally I am waiting the final results of the audit, which I understand _is_ continuing, before making a decision on this point.

  11. I think that recent revelations have really shaken the trust that Americans have in our government and in some private sector technology companies. We have a lawless president who will do anything to get and expand his power and the power of the federal government and that makes him a very dangerous man. Combine that fact with what has been disclosed about the NSA’s phenomenal skills and capabilities and it is very easy to presume that software such as TrueCrypt are in fact tools of our government’s intelligence agencies.

    • It does not matter who the president is silly person. Read history and you will see that the Administrations efforts to rein in or further deploy intelligence services is minimal at best. They continue their function regardless of who is elected to president.

      Unless you want to count Dick Cheney’s contributions to the security and stability of the United States, there my friend you will find the answers you seek.

    • Agreed, I’m uninstalling TrueCrypt everywhere as a safety precaution, it’s over. Thx obma

  12. Regarding DiskCryptor: As far as I can tell it is only available for Windows Systems which makes it unsuitable for many people which use TrueCrypt for cross platform encryption.

  13. @HSPCD: That’s ridiculous, you watch far too much Fox News. If you had 1/2 a brain you’d know the program was started & continues to be supported by GWB Cheney & the entire lying GOP party.

    • Very true. The Dick and Bush Show started it and now it cannot be stopped, by anybody, short of burning down the gov’t and starting over. Not Tea Party style, Soviet Union style. The KGB for instance.

      The Village Idiot was a gift that just keeps on giving.

  14. Perhaps the devs are saying “You’ve not found anything. Your audit is almost done. If you complete the audit having not found the problem you’ll be endorsing something we know to be weak but cannot talk about. LOOK HARDER.”

    • Tim McCracken

      That would be nice, however I think an email pointed at Matthew Green would have achieved the same thing.

  15. I also wonder to what extent the growing availability of self-encrypting drives and now, solid state self-encrypting drives, is a factor in this development – and what the availability of hardware-based drive encryption will do to such software solutions??

    • The only way we will be satisified with encryption is if we have it lock stock and barrel, FOSS or nothing.

      DiskCryptor meets that requirement, for Windows platforms.

      Whoever sunk money into a PRIORIETRY product that was based on STOLEN code for a security audit, was a FOOL.

  16. This whole thing casts doubt on the entire project. We need the security audit now if someone else is going to pick up the project.

    I see 3 cases that could have caused this.

    1. They got hacked, which means nothing released via their project can be counted on as authentic. Even if the site goes online and a new key is used, we don’t know who that is.

    2. They got tired/bored/quit the project. Sad, but possible and the best case scenario.

    3. They were forced to shutdown the project/something happened to someone on the project. If I were anonymously developing security software I would have a fail-safe with the other members of the team and an automated fail-safe. Basically, if someone didn’t hear from a team member in X time, then the project is considered compromised and destroyed. If all members of the team fail to check in to an automated system in Y time the project is considered compromised and automatically destroyed. You may call me nuts, but considering the laws around exporting crypto software anonymity may be necessary, and a fail-safe is not unreasonable if you are truly dedicated to security.

    I don’t know. Just saying my 2 cents.

  17. Whoever paid money to this security audit, to a tune of over $70,000 hahahaha, enjoy your burn. Somebody is laughing all the way to the bank, and it is not the funders.

    DiskCryptor for Windows is where you should have looked, OR, funded a real FOSS clean implementation and designed and audited from the ground up. Not this TrueCrypt stolen trash.

    • GNU/Linux is where you should have looked. Nothing can be secure on Windows. The entire OS has been backdoored without question. ZuluCrypt accomplishes the exact same thing as TrueCrypt just not cross-platform.

      • And I shall just dump my professional job and no longer be able to run my apps on it.

        Good move, you should be a consultant.

      • Then run windows on virtualbox. Linux Mint is the safer cheaper and more reliable version of windows, and then put windows on top of that. No reason to run windows as your primary os unless you have no choice

  18. Is you must use this stolen product

    http://cyberside.planet.ee/truecrypt/

    You can even see E4M there archived.

    TrueCrypt has NO FUTURE, it is gone. No GPT support nothing.

    Use DiskCryptor on Windows, it is GPL and FOSS and has a future.

  19. youdontneedtoknow

    @HSPCD: PresidentS (plural)

    @Anne: Get your head out from the sand, Obama has already proven, on this issue at least, he’s even more pro-intelligence than the Bushes. Bush Jr started it, Obama expanded it. That’s the truth. THERE IS NO D VS R HERE!! Get over it before its too late: vote 3rd party. (Assuming our vote even counts anymore: George Carlin didn’t think so, and I’m thinking more and more he was right all along. This is NOT a good thing.)

    @everyone: proprietary, closed source bitlocker? Really? I try not to let anything from the Evil Empire of Redmond touch what I own, but seriously, anyone who trusts security whole-heartedly to something closed-source is an idiot or worse. Yes, this includes anti-virus, which itself acts like a virus. I don’t know about Truecrypt, but I have no doubt, based on M$’s past cooperation, that Bitlocker has a backdoor. Prove me wrong, please, if you can.

    • OF COURSE there’s a “D vs R here” and you said it yourself: Bush started it. It is now out of Obama’s control because that’s how “I’ve got a secret” works. Think J. Edgar Hoover on steroids (or, estrogen, as the case may be).

  20. not dead:
    cannot encrypt partitions >2tb because of GPT but can encrypt unpartitioned raw disk up to several terabytes: the limit is that you must have the entire disk space on a single volume so if you encrypt a raw disk of 4tb (or more using a raid) you can only see all 4 terabytes of space on a single letter.

    • It has no future, in fact it’s past 10 years of existence was questionable at best given it’s stolen disputed history.

      Invest time, money and energy into a real FOSS alternative, not proprietry like TrueCrypt, and definatly not one with a questionable history, and one that has an accountable organisation/face to it.

  21. Bae-blah-blah-blah

    I just want to mention that this has wiped out the TrueCrypt forum too.

    There were hundreds of users at the TC forum (myself included), which contained a goldmine of information, not just about TrueCrypt itself but also crypto and computer security in general.

    Many people put in many hours of work in the forum, and it would seem that that repository of knowledge is gone at a stroke.

    So farewell Dan, pepak, Nicky and all the others…. “Sic transit gloria mundi”.

  22. For them to so suddenly stop something that they have been working on for a long period of time makes me think that something sketchy is definitely up. It just doesn’t make sense that they would recommend another program over theirs unless they were aware of something bad going on. I’m interested to see what happens when the audit is complete!

    • Sketchy as in it was stolen from E4M code, yes definatly.

      Only this time, it has caught up with them now and bit them in the butt big time.

      They were living the past 10 years on stolen code, they stole over $70,000 in audit funds raised and now laughing all the way to the bank.

      Good scam, well done.

      Now time to move on to a real FOSS / GPL implementation.

      How about DiskCryptor to begin with.

      • Anderer Gregor

        If, as a single developer whose large project survided even step one of this security audit, you would even vaguely consider living ten years out of 70.000 “stolen” USD — then you should definitely change your job. Or your country.

        Even leaving aside the fact that the 70k$ did not went to the developers of TC (they are still anonymous), but to the auditors.

      • Sensational garbage. You clearly didn’t bother to understand both sides, etc.
        https://groups.google.com/forum/#!topic/alt.security.scramdisk/HYa8Wb_4acs
        I think it’s safe to conclude nobody knows what the hell happened.

        • TrueCrypt is dead, get over it, I know you are in mourning but, move on.

          Crying won’t help you.

      • Obsess Much?!

        We get it. You really have a hate-filled obsession over TC but, based on your glowing support of DiskCryptor, I’ll stay away from that product.

        The product is probably just a stable as you appear to be.

        • I don’t care what you use, there are very few FOSS alternatives, if you have one, use it, or you will end up in this mess again later.

          As far as I am converned you can stick to your <2TB drives with MBR and BIOS. Eventually it WILL catch up with you, just as TrueCrypt's past has caught up to it, it only took 10 years. I suspect your wimpering about TrueCrypt will catch up to you sooner.

          • Obsess Much?!

            The only one whimpering about TC is you.

            Even your view of what people use TC for is highly myopic. WDE is actually a fraction of what most use TC for judging from my user base.

            Besides, hardware based WDE is much more efficient.

            Unless your product can operate across multiple platforms, it is more limited than TC especially for the most common uses.

  23. If you need cross platform then google pyskein which is Skein/Threefish SHA3. Lot’s of Blake2 implementations too

    • Randomisation

      If it is not using mouse and input driven randomisation, it is going to be much easier to attack due to the pseudo-random generator weaknesses.

      You need a human random input to up the difficulty.

  24. “Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. But a cursory review of the site’s historic hosting, WHOIS and DNS records shows no substantive changes recently.”

    How would WHOIS and DNS change if a web server got hacked?? O wait, they wouldn’t

  25. Stop wasting DONATED money chasing TrueCrypt, it has a questionable legal existence to begin with.

    Put the remaining funds into a CLEAN ROOM or FOSS/GPL implemention.

    STOP WASTING MONEY ON STOLEN PROPRIETRY TRUECRYPT THAT IS NOT EVEN FOSS.

    • Hey genius, if you’re going to spam the forum with a bunch of ads for DiskCryptor, you might want to teach all of your socks how to spell “proprietary.”

    • hello nsa

    • The funds were donated specifically for that purpose. To use them for any other purpose would be breach of trust. Either the audit must be completed or the funds returned to the donors – many of whom were anonymous.

      Just because the future versions of TC are in dead does not mean that we can’t continue to use the current version (ie 7.1) which still has significant value. However, to verify that this is in fact safe to do, the audit must be completed.

  26. Anderer Gregor

    Let’s assume, just for the moment, there was a NSL from a government of your choice which basically said:
    1) Hand over your signature key, such that we can sign messages/software from now on
    2) All software you distribute must use the following escrow key scheme/backdoor/… for encryption
    3) Do not talk about this NSL

    a) Are such NSL unheard of?
    b) Would, what happened to the website, be violating this NSL?
    c) Is there any other reaction for the authors that would neither compromise their users nor violate the NSL (and got them into jail)?

    My answers for this hypothetical scenario are,
    a) No, at least in the US and Russia. See Lavabit, etc.
    b) In this wording, not. They are no longer distributing any software not using a hypothetical escrow key. They did not mention any NSL, and they even signed this message with their signature key, having handed it over or not. They are even suggesting US-government-approved crypto systems instead.
    c) See Lavabit of what actually got them into jail. But everyone now considers TC’s signature key, the web site, and the current binary to be broken. No one will use anything newer than 7.1a, especially if it is signed with their key.

  27. Can we please get rid of the DiskCryptor spammers?

    • What alternatives do you suggest?

      We are all stuck in this mess.

      I am desperatly listening for your suggestion.

      Thanks.

    • Don’t think that they are product spammers. They seem more intent on stopping the audit and defaming truecrypt.

      So much Popcorn

      • Why would we want to continue to spend money on a product that has been publically 1) declared dead and no longer recommended and supproted, 2) Not open source and thus not forkable and of benefit to the community, and, 3) see point 1.

        Mr Green stated he had $30,000 of funding left, in my opinion that would be better spent on a clean and real FOSS implementation to fill this now gaping hole in the communities security, especially NOW when we need it MOST.

        TrueCrypt has not been updated in two (2) years, it has no future, no GUID Partition Table support, that means you are limited to 2TB disks, that also means you cannot boot to GPT disks of ANY size.

        Waste of money in my opinion, spend it wisely and efficently.

        I hope he is listening. It is common sense.

        • Lrn2SockPuppet

          Really, your spelling and grammar choices give you away. Your expression of intent and motive is also transparently obvious. I haven’t seen “trolling” this amateurish for a long time. If you are getting paid for this FUD. Who are you ripping off?

          Why do I never see Jobs @ trolling. I would make a better job of it than the idiots who are currently shills.

          Still good popcorn time though!

        • Yeah. After all this ranting, I’m more convinced than ever that this audit of TrueCrypt needs to be followed through to completion.

  28. Michael Greenwood

    Well, it’s been a fun ride.

    Time to jump off the Titanic (or was it the Olympus 🙂 ).

    Moving on to a real FOSS alternative.

    Enjoy falling onto your own sword 🙂

    http://alternativeto.net/software/truecrypt/

    There is your alternatives, pick one.

    I’m evaluating DiskCryptor.