It’s time for you to abandon TrueCrypt

A series of aftermath of WindowXP end of support is gradually revealing. Currently open source TrueCrypt warn users of the tool’s security vulnerability on SourceForge official site; meanwhile, TrueCrypt also announced the termination of TrueCrypt development.

TrueCrypt warned on the official page with striking red font:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

TrueCrypt’s warning and development suspension caused uproar on social media, since in the past decade, TrueCrypt had always been a very popular cross-platform open-source encryption program, so it’d been first choice for users who had needs of data encryption.

For a long time, TrueCrypt are famous for excellent encryption performance and good safety record, TrueCrypt could create a virtual disk on your hard drive without needing to generate any file, the user can access in accordance with the drive, all files on virtual disk are automatically encrypted, which need password to be accessed. TrueCrypt offers a variety of encryption algorithms, including: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish, other features support FAT32 and NTFS partitions, hide labels, hot start and so on.

In 2009, the Brazilian Federal Police confiscated five hard drives in banker Daniel Dantas’s Rio de Janeiro apartment in the Satyagraha action launched in July 2008. These drives used two types of encryption programs, one of which is TrueCrypt, the other is unknown 256 AES encryption software. After the expert failed to crack the password, the Brazilian government asked the U.S. for help in the beginning of 2009, however, the United States federal police also failed to crack the encryption after one-year attempt, and returned the hard drive. This incident makes TrueCrypt famous.

In 2013, Snowden exposure NSA can decrypt most Internet encryption technology; TrueCrypt supporters raised a lot of money to audit TrueCrypt security. From the first phase of audit results, there has not been found security backdoors.

Johns Hopkins University professor Matthew Green participated in the TrueCrypt security audit, he said TrueCrypt official warning looks really, unlike the hacker’s prank, and he also contacted the TrueCrypt secret private developers, trying to get more details.

Whatever the truth, TrueCrypt users should enhance viligance, TrueCrypt is no longer the indestructible who should begin vigilant, TrueCrypt encryption is no longer the indestructible encryption software. And it’s time for you to consider using other file encryption software as an alternative. There’re many file encryption solutions on Google, you can try and choose most suitable one. If you need file/folder encryption solution for Windows computer, you can try Folder Protector.