TrueCrypt shuts down abruptly, leaves cryptic warning message

TrueCrypt, a free open source encryption suite, was abruptly shuttered sometime on May 28. Any attempt to visit the official page, www.truecrypt.org, now forwards to a page on Source Forge.

The page warned that it is no longer secure after Microsoft stopped supporting Windows XP, and suggests that users migrate to BitLocker instead if they are on Windows, and providing help for Mac and Linux users as well. The Source Forge page carries this warning:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues 

This page exists only to help migrate existing data encrypted by TrueCrypt. 

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

The page also announces a new software version, 7.2, which only allows decryption, whereas previous versions would also have allowed encryption. Version 7.1a, still available on CNet at the time of writing, was termed “ultimate freeware encryption program” by CNet writer Seth Rosenblatt in 2010.

The open source community has reacted with surprise at the uncharacteristic “end of life” announcement. Some have speculated that the announcement and the software are not authentic, but Brian Krebs of KrebsonSecurity has said that it is likely genuine, and James Lyne, writing in Forbes has agreed. Both also mentioned that an audit of the code may have spooked the anonymous developers.

The audit was sparked by suspicions that the NSA can break existing encryption methods, according to Ars Technica, which also noted that phase one of the audit had found no evidence of back doors.