TrueCrypt audit shows no evidence of NSA backdoors

But there's no lifeline in sight for the now defunct open-source encryption project, which barred developers from taking the remains and forging something from its ashes.

TrueCrypt encrypted disks and flash drives. (Image: CNET/CBS Interactive)

Good news and bad news for TrueCrypt fans.

After a thorough public audit, the open-source full disk encryption software found no backdoors or unfixable vulnerabilities that could kill the project flat.

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, these privacy-enhancing apps, extensions, and services can protect you both online and offline.

Read More

The bad news is that it's still likely not coming back any time soon.

TrueCrypt called it quits last year unexpectedly, saying that it "may contain unfixed security issues" and that the software "is not secure." Its developers directed users to more readily available alternatives like Microsoft's BitLocker (which was later found to have been cracked by the CIA).

The software had glowing recommendations from security experts, as well as whistleblower Edward Snowden. But the mystery surrounding the project's death remains much of a mystery.

The news marks a crucial milestone in the project's post-mortem. Although for now there's no evidence that the government successfully forced a backdoor into the software, it doesn't rule out that there was an attempt made.

In any case, the software is open-source and would've been easy to spot to the trained eye.

The report also said there were two high severity issues, as well as one low severity issue. (Another was considered "undetermined" in its severity level.)

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All