In a very surprising (and somewhat shocking) turn of events, TrueCrypt’s official SourceForge page (which the official TrueCrypt website truecrypt.org also points to) has suddenly been replaced with a warning that TrueCrypt is not secure, together with instructions on how to migrate away from TrueCrypt to BitLocker. The full text of the warning is:
‘WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.’
Whether the warning is genuine, or whether the website has been hacked is a topic of fierce speculation on Twitter. It has even been suggested that the warning is the result of some kind of warrant canary, issued in the face of a National Security Letter aimed at gagging news of NSA tampering with TrueCrypt’s algorithms.
At the time of writing however, no-one (except presumably the devs) knows for sure what is going on, but the advice to migrate to BitLocker, which is made by Microsoft (whose products are widely believed to be backdoored by the NSA and FBI) is fishy in the extreme.
As with most members of the security community, we have always been big fans of Truecrypt, but the first phase of crowdfunded project to definitively audit TrueCrypt’s code found that, while there was no evidence of a backdoor, some of the coding was very sloppy,
‘Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth… The team also found a potential weakness in the Volume Header integrity checks… The integrity protection can be bypassed, but XTS prevents a reliable attack, so it does not currently appear to be an issue. Nonetheless, it is not clear why a cryptographic hash or HMAC was not used instead.’
Phase 2 of this audit, beginning on the formal cryptanalysis, should have already started, and it is possible that today’s events are a consequence of its finding. However, Matthew Green, a professor specializing in cryptography at Johns Hopkins University and one of the people who spearheaded the TrueCrypt audit told Ars Technica that he had received no advance warning about the announcement, although it appears to be ‘legit’.
While experts and users alike scrabble to find out that has really happened, others are looking for alternatives to TrueCrypt. As noted earlier, no-one interested in security would trust a Microsoft product such a BitLocker (even if this slide is a fake), so Diskcryptor has been suggested for Windows users, or Dm-crypt/LUKS and bwalex/tc-play (a free TrueCrypt Implementation based on dm-crypt) for Linux users.
This is a breaking story, so we will update it when further information becomes available.