TrueCrypt audit shows no evidence of NSA backdoors

Good news and bad news for TrueCrypt fans.

After a thorough public audit, the open-source full disk encryption software found no backdoors or unfixable vulnerabilities that could kill the project flat.

See also

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, these privacy-enhancing apps, extensions, and services can protect you both online and offline.

Read now

The bad news is that it's still likely not coming back any time soon.

TrueCrypt called it quits last year unexpectedly, saying that it "may contain unfixed security issues" and that the software "is not secure." Its developers directed users to more readily available alternatives like Microsoft's BitLocker (which was later found to have been cracked by the CIA).

The software had glowing recommendations from security experts, as well as whistleblower Edward Snowden. But the mystery surrounding the project's death remains much of a mystery.

The news marks a crucial milestone in the project's post-mortem. Although for now there's no evidence that the government successfully forced a backdoor into the software, it doesn't rule out that there was an attempt made.

In any case, the software is open-source and would've been easy to spot to the trained eye.

The report also said there were two high severity issues, as well as one low severity issue. (Another was considered "undetermined" in its severity level.)