hp-broken.jpg (1440×720)

Snowden has been using the program for years.

TrueCrypt, leading encryption software touted and used by no less than Edward Snowden and Glenn Greenwald, now appears to be dead, according to its recently updated website, but no one seems to know why—or if the program’s ominous warning is legitimate.

“WARNING,” the site reads in large red letters. “Using TrueCrypt is not secure as it may contain unfixed security issues.”

A 10-year-old application, TrueCrypt has long been used for encrypting hard drives and USB sticks on Windows, Linux, and Macs.

The open source program was developed by the pseudonymous TrueCrypt team, who have made no public comment since the program’s site changed drastically, leaving many to wonder if the website was hacked or if the warning is legitimate.

However, the newest version of TrueCrypt 7.2 has the same ominous warning message now showing to users, suggesting that this isn’t simply a website-related issue.

The TrueCrypt website now offers step-by-step instructions on how to transfer encrypted files to BitLocker, a competing full disk encryption program included in Microsoft Windows Vista, 7, and 8.

In a 2012 CryptoParty workshop, Snowden taught local Hawaiians how to use TrueCrypt to protect their data, saying that while no one knew who made it, it was one of the best open-source solutions available.

Bruce Schneier, a leading information security researcher, has long used TrueCrypt including to safeguard the computer he uses to work on leaked NSA files. Although he’s said he prefers TrueCrypt to BitLocker because it’s developed independently, he has pointed out multiple flaws with the program including with TrueCrypt’s hidden volume feature.

An independent partial audit of TrueCrypt’s code done as recently as last month found “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”

“[The results] don’t panic me,” Johns Hopkins cryptography professor Matthew Green, told Ars Technica last month. “I think the code quality is not as high as it should be, but on the other hand, nothing terrible is in there, so that’s reassuring.”

The second and crucial step to perform a “detailed crypto review and make sure that there’s no bug in the encryption” has not yet been released.

Despite early rumors, Green denies that the audit he led has anything to do with the shut down and is less than pleased with the new developments.

This story is developing. We will update as new information becomes available.

Photo via r.nial.bradshaw/Flickr (CC BY 2.0)

Layer 8
How to throw a CryptoParty like Edward Snowden
Ain't no party like a CryptoParty 'cause a CryptoPart don't let government snoops spy on your email.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.