Anyone who is interested in IT security and hasn’t been in Antartica with their head stuck in a bucket of tar, cannot fail to have heard of the demise of Truecrypt encryption software.
- http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
- http://www.theguardian.com/technology/2014/may/30/encryption-software-truecrypt-closes-doors?commentpage=1
Being a fairly pragmatic sort of goose, I decided to forget the conspiracy theories for now, and to try find a way out of this mess instead. So here are some recent developments and fact(oid)s that you may wish to have a gander at…
1) A site has been set up in Switzerland to continue the Truecrypt project. Earlier (and most-likely unaffected) versions of Truecrypt are available there for all major operating systems:-
2) The above site has also placed all the Truecrypt source code in a publicly accessible, and freely copyable repository called Github:-
3) There are other projects that have been working on Truecrypt-compatible alternatives for some time. One such project is TCPlay. TCPlay and its associated libraries are in most GNU/Linux and BSD repositories. Whilst is a CLI-only utility, it will create, encrypt and decrypt Truecrypt volumes.
4) Users of Debian-based GNU/Linuxes, such as Ubuntu, Kubuntu, Mint etc. can get TCPlay by opening a terminal window and typing the following command and hitting the return key:-
sudo apt-get install tcplay
5) For those who need a GUI version of TCPlay, one such application is under development, called ZuluCrypt:-
Please note that ZuluCrypt has some usability shortcomings that the developer is currently fixing. And it also currently requires you to compile the executable binary from source. However, expect to see pre-compiled binaries c/w many bugfixes for various GNU/Linux distros in the next few months.
6) Also expect to see most encryption projects concentrating on GNU/Linux and/or BSD first, before they are ported to Windows. There seems a general consensus in the infosec community that people who are serious about security do not use Microsoft Windows.
7) Finally, and this is important: there is currently NO evidence that earlier versions of Truecrypt have been affected. The advice to users is continue with an old version until this mess is sorted out. Moving all your stuff to another encryption methodology, in a wild panic, is probably the worst thing you could do.
PS. for any Truecrypt users who could not be arsed to read any of the above, please at least read this:-
Steve Gibson is a pretty clued-up guy and it’s good to see a little common sense amidst all the hysteria and conspiracy theory.
HTH. G