Yup it's done. The general feeling is the release before the final is the most secure

The last one is secure for how long though? What are the chances that someone finds a way to break through? Once that's done, it's all over with since there won't be any updates with security patches.

Well. Ya. But that doesn't mean anything on the market is secure. In fact, almost everything besides truecrypt is confirmed as having an nsa backdoor.

Hmmm. Well, there's lots of talk going on and speculation that the project may continue. Hopefully it does. Whether it'll be as secure as it was before, who knows.

support and updates for TrueCrypt were dropped in 2008, I believe.

VeraCrypt is based on TrueCrypt, handles exactly the same, sort of "product improvement" on the last version of TrueCrypt, last updated a few days ago.

I've been using it for a few months, no complaints.

That's interesting, but even still, when was the last time somebody had their truecrypt volume cracked? If you use a super strong password, the chances of somebody brute forcing your volume successfully is practically zero. It is nice to see that a truecrypt fork lives on...

Yup. It's dead, and we don't know why. It could be they just got tired of developing it (their story) or it's another LavaBit and the FisaCourt/NSA is demanding their private keys.

In any event, I unfortunately would recommend you find another solution.

I agree. We do not know the reasons for project closing.

As for protection reliability, everything is really OK. We studied the code when we were developing password recovery software for TrueCrypt and our opinion fit with the opinion of independent auditors - TrueCrypt code is high-quality and the algorithms are strong.

Here is a link to the audit that was carried out in April 2014: https://opencryptoaudit.org/

Switch to another open source program. On Linux there's LUKS/cryptsetup for volume encryption. If you're really concerned about backdoors, you should only be running open source software.

I doubt that it's another LavaBit. If it was, then why did they lie about the reason instead of posting a cryptic message like LavaBit did? There may be some something fishy going on, but I don't think it's that.

I didn't know about the audit. Thanks!


Security updates for crypto software might not help as much as people think. Once your data has been encrypted, either it was encrypted strongly, or it wasn't. Updating the software won't fix your poorly encrypted files.

For example, a while back a problem was found with the public key generator in Debian. If you were using a key generated with the broken generator, it wasn't enough to install the update to the generator. You also had to generate new keys to replace your old ones, and then make sure that others knew not to trust the old ones anymore.

If, for example, TrueCrypt was generating bad volume keys, fixing that would require re-encrypting the entire volume. Not all problems would require solutions that drastic. Some might only require generating a new header.

It's also possible to have the same kinds of problems that other software can have. (Data leaks, code execution, etc.) For those, the updates will be about as useful as updates to any other software, which usually means you're fine unless they already attacked you.

Truecrypt was compromised by NSA so developers dropped the project. They were liked served with a NSL but managed to alert users via warrant canary.

As on the website.

"Using TrueCrypt is not secure as it may contain unfixed security issues"

isolate the first letter of each word: (U)sing (T)rueCrypt (i)s (n)ot (s)ecure (a)s (i)t (m)ay (c)ontain (u)nfixed (s)ecurity (i)ssues

utinsaimcusi = uti nsa im cu si
That is latin for "if im with the use of the NSA"

Stay away from future Truecrypt releases. This is clearly a warning from the developers.

Conjecture.

Funny!

Open source is a honeypot for the NSA as it's the best way to innocently introduce vulnerabilities.

Most modern security hacks aren't done using brute force, they are done using side channel attacks - think Heartbleed.