TrueCrypt quits? Inexplicable

Summary:Nobody has a good explanation yet for what happened to the generally respected TrueCrypt project, which yesterday announced itself insecure and sent its users to Microsoft.

truecrypt.quits
Image: ZDNet/CBS Interactive

It may rank up there with the greatest mysteries of history: What is Stonehenge? Who was Jack the Ripper? What happened to TrueCrypt?

TrueCrypt (is? was?) an open-source software project for file and full-disk encryption. It was fairly well known and respected. A major volunteer project was under way, run by legitimate crypto people, to give it a formal security audit.

And yet, some time Wednesday, the TrueCrypt project site began displaying a message of abject surrender.

All day Twitter was full of speculation about what happened. The message on the TrueCrypt page is hard to take at face value. What "unfixed security issues?" They ended the project for that? The project was always somewhat mysterious, as the developers were anonymous, so there's nobody to go to for an explanation.

Must See Gallery

10 technologies that made me more productive in 2014

Hardware. Software. Services. We live in amazing times, and the technologies we use every day would have been considered magical just a few short years ago. Here are 10 small pieces of magic that made my life easier this year.

Early on, it was possible to dismiss as a defacement of the web site, but it's lasted a good solid day now and, more significantly, a new version of the TrueCrypt executable was digitally signed with the same key as the earlier versions.

Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute, led the TrueCrypt audit project, but he has no special insight into what happened. In an interview with Brian Krebs he said, as he had tweeted earlier in the day, that he believed the TrueCrypt team did it. His guess is that they just wanted to quit and this was their way of doing so with a bang.

He's probably right that, of all the bad explanations, the best is that the TrueCrypt team did it.

There had been real accusations that TrueCrypt could be compromised. As this conversation between Green, and reporter Glenn Greenwald shows, they think Greenwald's partner's hard disk, protected with TrueCrypt, was somehow penetrated by the authorities. Green tells Greenwald "...trusting an uncertified Windows binary from a mysterious anonymous organization isn't good practice."

I don't know that there are any security problems with TrueCrypt in the sense that the TrueCrypt site implies, and I suspect that the claim is phony. The idea that they would pack it in and tell everyone to use BitLocker just doesn't pass the laugh test.

This would all be a lot clearer if only it were April 1.

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.