Tags

, , ,

The first line on the SourceForge page is interesting:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

Yes, it may contain unfixed security issues, or it may not. That’s always been the case anyway. Clearly the page was intended to serve as a clear warning not to use TrueCrypt. This suggests the persons behind it have knowledge of a specific vulnerability in TrueCrypt, and aren’t able to disclose anything about it because they’re under legal pressure or duress. And the wording suggests the TrueCrypt developers were forced to compromise TrueCrypt under a gag order.

Or perhaps not. An alternative scenario is TrueCrypt itself is still secure, but the site was compromised in order to get users migrating all their encrypted data to BitLocker, or some other proprietary (and potentially backdoored) encryption system.

Advertisements