TrueCrypt has long been a widely respected whole-drive encryption product. It's multi-platform (Mac, Windows, and Linux), free and open-source software, and it's widely believed to be virtually impenetrable.
On Wednesday, seemingly out of the blue, the TrueCrypt homepage (truecrypt.org) began redirecting to the project's SourceForge page (truecrypt.sourceforge.net), which had a note stating the following:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
"This page exists only to help migrate existing data encrypted by TrueCrypt.
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
There was also a new version of TrueCrypt available, version 7.2, that only allows volume decryption. In other words, it can be used for removing TrueCrypt encryption only, not installing it.
Immediately the security community began frantically trying to figure out what was going on. What had happened? Had TrueCrypt really been canceled, or was this all an elaborate hoax?
Here are some facts worthy of consideration:
- The TrueCrypt development team has always been mostly anonymous, which makes it very difficult to simply ask someone whether all of this was legitimate
- The new TrueCrypt version was cryptographically signed with a key very similar to the one used to sign the previous version of the software, and the key was generated in 2012 around the time the old key expired, so if it was a fake then this stunt would have either been planned years in advance or else someone would have had to steal the developers' private key
- TrueCrypt's site redirection wasn't done by changing the domain registration information, which seemed to indicate that the site changes were either done by the TrueCrypt developers or else the sites themselves were hacked (presumably by the same individual or group who released the new version of the software)
- All references to truecrypt.org (the old site) had been removed from the new version of the software, which would make sense if the dev team were really ceasing development and were concerned that the domain name registration would eventually expire
- Implying that the end of support for Windows XP was one of the reasons for ceasing development, and recommending that Windows users trust Microsoft's proprietary BitLocker encryption (which is only available on more expensive versions of Windows) and that Linux users just install any old encryption product, among other things, seemed very suspect
There were lots of reasons for concern. Some were suspicious that the mysterious new version contained malware (which wasn't helped by the fact that Microsoft's SmartScreen filter began blocking the download, which was subsequently reported in a fairly sensationalistic article by The Register). Some worried that older versions of TrueCrypt may have been compromised as well, paranoically suggesting that the first letters of the words "not secure as" from the first sentence on the new SourceForge page might be a subtle hint that the NSA had a backdoor into the software.
Others suggested that the idea of TrueCrypt's developers urging users to switch to the completely closed-source Microsoft BitLocker solution, or to create an encrypted disk image on a Mac (with a screenshot showing "none" selected for the encryption, no less) rather than using Apple's FileVault full-drive encryption, and telling Linux users to just "install any" encryption package all seemed so ludicrous that it might be the TrueCrypt developers' version of a warrant canary, perhaps hinting at possible or actual attempts by a government agency to secretly undermine TrueCrypt's security.
Numerous security experts weighed in with their opinions, from the likes of Johns Hopkins cryptography professor Matthew Green (who was instrumental in initiating the recent and ongoing independent audit of TrueCrypt), noted cryptography expert Bruce Schneier, independent security reporter and researcher Brian Krebs, and Security Now! podcast host Steve Gibson (see also Gibson's live discussion with Tom Merritt on Daily Tech News Show 2245).
So what does this mean for Mac users?
Most TrueCrypt users (whether on Mac, Windows, or Linux) who currently have their hard drives encrypted with TrueCrypt 7.1a probably have no major cause for concern, at least not at this time. The first phase of the recent TrueCrypt 7.1a audit "found no evidence of backdoors or otherwise intentionally malicious code" in the Windows version, and no "high-severity issues" were found (see the full report, which discloses some medium- and low-severity issues, at istruecryptauditedyet.com). Furthermore, we can assume that based on public trials such as the Daniel Dantas case that at least some government agencies including the Brazilian National Institute of Criminology (INC) and the U.S. Federal Bureau of Investigation (FBI) have been unable to circumvent TrueCrypt in the past, as long as a strong password was used.
Mac users who currently use TrueCrypt and are worried about continuing to use it may wish to decrypt their drives (using version 7.1a, not 7.2) and switch to Apple's own alternative: FileVault 2. OS X Mavericks, Mountain Lion, and Lion all include this full-disk encryption solution, which can be enabled via System Preferences under Security & Privacy; see this Apple support article for instructions.
Note that if you're using Mac OS X v10.6.8 (Snow Leopard) or earlier, you're limited to an older version of FileVault (which Apple now calls "legacy FileVault") that only allows encryption of a user's home directory, not whole-disk encryption. This old version of FileVault is less secure because virtual memory swap files, caches, and documents stored outside of the encrypted user directory could contain sensitive information. Users of Snow Leopard or older versions of Mac OS X should strongly consider upgrading to a newer version for improved security.
For those who still wish to use TrueCrypt in spite of the warnings on the software's official homepage, Gibson has decided to host a repository of all final 7.1a installers and source code, along with a justification of why he feels it's still safe to use. Gibson is hopeful that new developers will pick up the torch and continue to develop the software.