I like Truecrypt. I really like Truecrypt.
Or I did.
It appears that Truecrypt is dead. Things are “different” at the Sourceforge page, with a declaration that development has ended and a recommendation to move files to Microsoft’s BitLocker. The internet is abuzz with the news of it, and with rampant speculation.
The primary, obvious theories are as follows: Has the webpage been hacked? A developer gone rogue? Did the audit find something major? Or something more sinister, such as government “encouragement” to include a backdoor for their use? The latter is what prompted Lavabit to fold.
My assumption, given the recommendation to shift to an encryption program far less likely to be trusted (if anything is compromised, that surely is), given the audit has so far found nothing of major concern, and given the final 7.2 release’s code suggests it can’t be trusted (as noted in news links above) is that there has been strong-arming to include a backdoor, and the developers have chosen to abide by the letter, if not the spirit, of the “request.” I’m no sort of programmer, but I am a top-flight pessimist who rarely finds himself let down by his cynical predictions, and it would not be surprising in the least to discover that “They” wanted to kill off, or at least neuter, one of the most popular and easiest to use encryption programs around.
For the time being, 7.1a is probably safe, if you’re a current installation or old install file around, and 7.2 is definitely unsafe. I’d be choosy about where I downloaded an old version from, as well.
Of course, for the vast majority of us living in the tin-foil-hat-free world, most encryption programs are “safe” in the sense that the secrets we’re keeping aren’t worth the government’s time to pursue. But it’s the principle of the thing.
UPDATE: ArsTehnica has a roundup of the most popular theories.
Sundry Complaints 