Stories from the (True)Crypt

Back in 2010, I came across an open source solution for FDE (Full Disk Encryption) named TrueCrypt. We needed to secure company data, including emails, documents and passwordsbut  the boss didn’t want to pay for a solution like Symantec’s PGP Whole Disk Encryption. We run our tests, measured slower boot times, explored recovery options and deployed the solution at more that 300 laptops.

As time passed, users started complaining about slower performance of the OS, especially at machines with no AES CPU support, a few installations had to be rebuild due to abnormal shutdowns that led to file system’s corruption, but overall we could live with it. After all, this solution was acceptable by IT audit.

From time to time, rumors came to life, regarding the two programmers behind TrueCrypt  and the maintenance efforts needed when the software became available for both Windows and MacOS. Conspiracy theories arose about backdoors:

Is TrueCrypt a CIA Honeypot?
Is TrueCrypt Audited Yet?

Out of a sudden, around May 2014, the official page of TrueCrypt changed and a warning was displayed by the developers stating that TrueCrypt is no longer secure and users should decrypt their drives ASAP:

The latest working version released to public is TrueCrypt 7.1a, dated back in February 2012. In May 2014, TrueCrypt 7.2 was released, but encryption capabilities have been removed from the application. This version serves as a way to migrate existing data to other encryption solutions, despite the fact that no major flaws were found in 1st phase of security audit. You may still use TrueCrypt 7.1a for encrypting your files, but it won’t be a good idea after all.

TrueCrypt: No major flaws found during audit

Alternatives, do exist out there, like VeraCrypt, CipherShed, TCnext, all TrueCrypt forks.



More on great TrueCrypt alternatives, shall be found at the following interesting post:

Source: wiki, arstechnica, arstechnica