Security Corner

Jun 5 2014   8:32PM GMT

Yes, Virginia, TrueCrypt is still safe to use

Ken Harthun Ken Harthun Profile: Ken Harthun


TrueCrypt_LogoDespite the ominous warning on the redirected TrueCrypt page at SourceForge, the venerable encryption software is still safe to use. Noted security expert Steve Gibson of SpinRite and Security Now! fame recently posted an in-depth article on the website here. To those pundits (including me, unfortunately) who have advised us to look elsewhere for encryption software, he says: “Those who believe that there is something suddenly ‘wrong’ with TrueCrypt because its creators have decided they no longer have so much to give are misguided.”

I do believe the way the TrueCrypt developers bowed out definitely tended to lower confidence in their creation, but when a developer of Gibson’s caliber says “And have YOU looked at their code? OMG, it’s truly a work of art. Whomever and wherever these guys are, SOMEONE is paying them some serious coin to create code of that caliber,” I tend to listen. I further will heed this level-headed advice:

Time to panic?

No. The TrueCrypt development team’s deliberately alarming and unexpected “goodbye and you’d better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we’re on our own.

But that’s okay, since we now know that TrueCrypt is regarded as important enough (see tweets above from the Open Crypto Audit and Linux Foundation projects) to be kept alive by the Internet community as a whole.

So, thanks guys . . . we’ll take it from here.

I plan to continue to use TrueCrypt and be relaxed about it. We’ll see what develops, but already there is interest in picking up where the original developers left off: A just launched, Swiss-based, possible new home for TrueCrypt. Follow these folks on Twitter: @TrueCryptNext. Given the deliberate continuing licensing encumbrance of the registered TrueCrypt trademark, it seems more likely that the current TrueCrypt code will be forked and subsequently renamed. In other words . . . for legal reasons it appears that what TrueCrypt becomes will not be called “TrueCrypt.”

Bottom line: Continue using TrueCrypt without concerns and watch for what happens as it forks off.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: