TrueCrypt Has Been Potentially Compromised
The TrueCrypt open-source disk encryption software has been potentially compromised and users are now told to avoid the software.
An update posted to the TrueCrypt web-site reads:
Their web-site, hosted on SourceForge, also encourages users to switch over to Microsoft's BitLocker encryption software as an alternative. A modified TrueCrypt 7.2 was also published for users needing it to switch away from the software.
Right now it's not clear if this message is intentional or if the TrueCrypt web-site was simply compromised and defaced, etc, but the modified TrueCrypt 7.2 release appears to have been signed by the actual developers.
More information when it becomes available.
An update posted to the TrueCrypt web-site reads:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Their web-site, hosted on SourceForge, also encourages users to switch over to Microsoft's BitLocker encryption software as an alternative. A modified TrueCrypt 7.2 was also published for users needing it to switch away from the software.
Right now it's not clear if this message is intentional or if the TrueCrypt web-site was simply compromised and defaced, etc, but the modified TrueCrypt 7.2 release appears to have been signed by the actual developers.
More information when it becomes available.
44 Comments