What Happened to Truecrypt?


Today, something odd happened.

The official website for the Trucrypt cross-platform open source encryption program was forwarded to a warning that due to Windows XP being sunsetted, Truecrypt is no longer being maintained, is unsafe to use, and that users should switch to Microsoft’s Bitlocker instead. Additionally, the program was “updated”, such that it only decrypts data, and warns you every step of the way that it’s unsafe to use.

This has caused a minor panic across the Internet. Obviously something strange has happened to Truecrypt and its developers. Was the software really unsafe? Was their website compromised? Is this a hoax or the doing of a three-letter agency?

I’d like to offer some analysis and my possible theories. 

 So what happened?

Update 30 May: Security researcher Steve Gibson claims to have emails from the original Truecrypt developers saying that they’ve decided to no longer work on the project, for no particular reason other than that the project has run its course. The dire warnings in regards to Truecrypt’s security are purportedly only to remind users that should any vulnerabilities be discovered, the original team won’t fix them.

Truecrypt’s website, truecrypt.org, is normally a place to download Truecrypt binaries, source code, PGP keys, and view documentation and best practices. As of 28 May, it immediately forwards to a SourceForge page warning users that Truecrypt development has stopped, may contain unfixed security issues, and gives instructions on how to, on Windows, migrate a Truecrypt volume to Mirosoft’s Bitlocker.

It also offers a new version of Truecrypt, which only exists to decrypt volumes for the purpose of migrating them to other encryption suites. A comparison between the two versions of source code shows that most if not all of the changes either disable an encryption function, or give the user a warning not to use the software. It’s not immediately apparent that these changes either introduce or activate a backdoor in the software.

Why it looks fishy

  1. The End-of-Life of Windows XP is not a good reason to discontinue development of software that targets it, among other operating systems
  2. Windows XP, despite being no longer support by Microsoft, is still used by 26% of Internet users, according to Netmarketshare.
  3. Truecrypt now recommends Bitlocker, which is only available on Windows 7 Professional and up, and Windows 8 Pro. Most people don’t have access to it, so it’s not an option for them.
  4. Truecrypt serves more than one OS. In fact, a big draw to it over Bitlocker or LUKS is that created volumes are usable across platforms
  5. Instead of fixing a security vulnerability (See blow for reasons not to, though), just cut the software? That’s a tad irresponsible!
  6. Plenty of unmaintained software is still in use today, even after years of neglect. And why not let the community take over?

Possible Explainations

dcb63924c261e292466f5b27557bf9b5Lavabit. All over again. – After it received an order to turn over SSL keys to the US government, email provider Lavabit decided to discontinue services and shut down. Lavabit’s owners essentially sacrificed their service to protect the privacy of its users. The same thing may have happened to Truecrypt. Under pressure to add some sort of backdoor to the software, the developers decided to get ahead of the curve by shouting far and wide that the software is unsafe, in a way that doesn’t violate any gag order they may be under.

Three-letter agency. – The suggestion to move to Microsoft’s Bitlocker is of particular interest. Bitlocker has been attacked by the security community for a multitude of reasons. It’s closed source software, there’s no way to see what’s going on behind the scenes, and Microsoft has a history of voluntarily cooperating with the NSA in regards to their Outlook, SkyDirve, and Skype products. It’s hard to put faith in Bitlocker. If Bitlocker does indeed contain a backdoor, or is vulnerable to third-parties, suddenly there’s a motivation to strongarm Truecrypt’s developers into recommending it.

Actual vunlerability. – It’s entirely possible that the previously-current version of Truecrypt contained a very serious vulnerability. The immediate reaction is to patch it, but Truecrypt didn’t contain any sort of auto-updater or a function to phone home to check for new versions. Joe Everyman who doesn’t follow the security scene wouldn’t have any warning to update his software to a newer version. Since Truecrypt is open source, patching a vulnerability gives some pretty big pointers as to what it was, and how it could have been exploited. The practical upshot of this is that is a vulnerability is bad enough, it may have made more sense to scare users into fleeing from Truecrypt and shredding their volumes, before they can be compromised.

However, it’s very important to point out that a crowdfunded audit of Truecrypt was performed by iSec, the results have been published, and no serious vulnerabilities were found. Any huge, glaring problem with Truecrypt itself would have been revealed in this audit. What wasn’t checked, however, is the actual cryptography that Truecrypt uses, but it’s also important to point out that the algorithms that Truecrypt uses are used in many other programs and protocols, including SSL.

Pranks and hoaxes. – We already know what can happen with with a phone call to a registrar. The Truecrypt website is used to serve the binary and the PGP key that signs it. I’m willing to bet it was very well secured from attack. All an attacker would need to do is social engineer the registrar of record for truecrypt.org into giving him access, and then use that as a jumping point to reset the password for the Sourceforge and Github accounts, and he has a platform to pull off a pretty scary prank.

Did I do that?

Did I do that?

As of this post, Truecrypt.org has IP address, which serves a 301 redirect to the Sourceforge page. This theory could still be valid if an attacker did compromise the server, the question just becomes why not deface that server directly? It would be helpful if somebody could grab a “history” of IPs for that domain.

Update: According to Netcraft, the IP address for truecrypt.org last changed in 2009. Additionally, it’s been enough time since the change that a compromise of the server is very unlikely. Thanks to Clarke in the comments for the link!

Sabu did it. trmj on Slashdot (jokingly) suggests that Hector “Sabu” Monsegur no longer has any obligation to keep Truecrypt going (assuming he’s behind it), and so he took down a tool the FBI is supposedly using to lull users into a false sense of security. Again, this theory was designed to be a joke.

Engineer Apathy – The Truecrypt project has been ongoing for some time. The developers may have made an executive decision to discontinue support for the product. In theory, this means that any security vulnerabilities found in the software would go unfixed, making it unsafe. If this is the case, though, it’s a bit… rude… to just abruptly say the software’s full of holes and you should switch to something else. Any project that’s been discontinued in the past has had some letter from the developers explaining the circumstances behind the discontinuation. We obviously haven’t seen any such letter from the Truecrypt developers, but security researcher Steve Gibson has given us a rendition of what such a letter might look like.

Finally, rgaloppini on Y Combinator is claiming to have some information from Sourceforge, but it’s most likely fake. Sourceforge probably wouldn’t give out information like that, and the recent buzz surrounding Truecrypt would more than certainly cause a noticeable spike in traffic. Added to that, now everybody who visits what used to be a separate site now leads to the Sourceforge page; it didn’t used to do that.

Is it safe to use Truecrypt?

Depending on your adversary, there may be no crypto suite that can help you

Depending on who your adversary is, there may not ever be an encryption suite that can truly help you.

The current version of Truecrypt is functionally useless. However, I had Linux 64 bit and Windows binaries of Truecrypt 7.1a (the last “good” version) lying around, which I’ve uploaded to this site. Other versions and PGP signatures for them are available at this Github repo.

Depending on why this happened, it’s unclear whether or not the old version of Truecrypt is safe to use, or if it’s vulnerable. What I can tell you is that this version’s source code has been vetted by a third-party security firm, and that other research has shown that this source code does reliably compile to the same binary that truecrypt.org was handing out.

Whether you should use Truecrypt at this point largely becomes a question of what you’re using it for. If you’re trying to keep your personal information out of the hands of potential thieves, it’s more than enough. If you’re trying to keep your information away from a nosy roommate, it’s more than enough. If you’re trying to hide secrets from a police state, encryption probably won’t help you anyway.

Barring a successful attack in AES, Truecrypt 7.1a is probably safe. Probably.

Have any additional theories? Any alternatives to Truecrypt we should try? Shout out in the comments!

20 comments on “What Happened to Truecrypt?

  1. Interesting thoughts. We know the developers, although anonymous, where in communication with those behind the audit. Yet the latter do not seem aware that this has happened. I think best to wait for word from them before we can establish anything with confidence.

    • I also provide Win32 and Linux x64 binaries in the post. The Win32 binary matches FileHippo’s and also matches the checksums taken by the person who compiled it himself and matched the official binaries.

      • On HDD I have:
        TrueCrypt Setup 7.1a.exe (Windows Installer)
        TrueCrypt 7.1a Source (Windows Source Code)
        TrueCrypt 7.1a Source.tar.gz (Linux Source)
        All files was download from official site i first day of may. If someone wants I can upload it to Google Drive and Dropbox

  2. A little more “out there” hypothesis: recommending a known-bad piece of software may be plausibly deniable code for saying a three letter or other nefarious agency is involved.

  3. Something else is fishy. I just checked archive.org:

    It says: “Blocked Site Error” and that does not mean that the developers blocked it I think. The usual error you get if a webmaster does not whish you to view his site on archive.org is: “Page cannot be crawled or displayed due to robots.txt” as that’s the way to tell archive.org that they are out.

    “Blocked Site Error” to me says someone MADE them block it and that has to be someone who can…

    • Interesting. Their robots.txt leads to the same 410 Gone error that all other pages lead to.

      Internet Archive gives instructions to remove a site from their archive. You can also request a site be removed by emailing them, and as long as the maintainers believed whoever sent that email, it could in theory be sent by anybody.

  4. Forcibly redirecting users to Bitlocker is a red herring, isn’t it? It makes absolutely no sense from a security standpoint.

  5. My simple logical theory for TrueCrypt developers choosing this route:

    A. Windows 8.1 is being widely distributed in which the Operating System’s forced hiberfile useage creates an Operating System sourced back door that catches the TrueCrypt password / volume mounting process. This allows Truecrypt volumes to be pried open with forensic software, such as Passware Kit Forensic v.12.5 which claim to be capable of doing exactly this.

    B. Possible gag order.

    C. TrueCrypt developers not wanting to figure out how to resolve this backdoor built into newer M$ Operating Systems, while also not wanting users to have a false sense of security, have opted to turn users away from it’s software, alleviating their conscience sense of responsibility toward the software’s users.

    I would think it more secure on Windows XP, but that leaves a lot of users vulnerable. If the hiberfile is used on Windows 7 the same security flaw may exist as on Windows 8. In short, the program may be giving a false sense of security, when it is not actually secure on newer operating systems.

  6. DiskCryptor is the only available match { which i know } for True crypt. It is an open encryption solution that offers encryption of all disk partitions, including the system partition. it is also recommeded by prism-break.org .
    you can download it from https://diskcryptor.net/wiki/Main_Page .

    DiskCryptor supports AES-256, Twofish and Serpent encryption algorithms. Extra cautions users can also choose to use a combination of cascaded algorithms, which would keep data safe even in case if one of the algorithms would be broken.

    it is something you can trust.

Leave a Reply

Your email address will not be published. Required fields are marked *