Bitcoin Forum

Cliffs: The Sourceforge project page for Truecrypt updated with notice that Truecrypt should no longer be used as it is not secure. Latest binaries on site are read-only - no new encrypted volumes can be created (you may still read ones you have created in previous versions). Whole thing is a little mysterious and smells fishy.

Speculation in spades, no real answers;

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/ (http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/)
http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html (http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html)

Does anyone have any updated information?

This news is certainly bad for me as my security solution was to store my wallets inside a TrueCrypt container - of which I also have multiple backup copies in the cloud. Although it may seem like asking for trouble to store anything in the cloud - I figure even if there is a bad actor on DropBox's end, it's going to be (effectively) computationally impossible for them to get into the container contents. After which, they would have to still then break through the native encryption on the wallet, so I was reasonably happy with the solution. But given this news, it might be time I create a new wallet and transfer my coins over.

Anyone have any thoughts or good TrueCrypt alternatives? Maybe I'll try Armoury etc..

What the actual fuck?

Maybe you should look here:
"The first phase of the TrueCrypt audit found no serious problems with the Windows build of TrueCrypt."

http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

http://www.dyne.org/software/tomb/



For possibly more secure cloud storage look into wuala. They claim the files are encrypted on your computer before they are sent to their servers. Of course you still got to trust them that they uphold that promise...
www.wuala.com

There is a theory that the TrueCrypt developers were approached by a government body and forced to weaken the security of TrueCrypt, and also forced not to tell anyone about it.

And so this would be their way of them telling us about it without actually telling us.

The fact that they recommend we switch to a closed-source Microsoft solution is just laughable.  Their advice for Linux users is "search for some other package".

Something fishy is definitely going on.

That is actually very possible in my opinon. Do you think they chose to shut down for the same reason LavaBit did?

This article lists a few possibilities: http://www.coinbuzz.com/2014/06/01/truecrypt/

You can still download it here: http://truecrypt.ch/

This, it's called the canary. aka lavabit.

That would be my guess.

7.1 is still on all of my boxes. Has anyone audited the source?

it was being audited and the results are to be released soon from my understanding.
Nothing major was found. I might have read it wrong too. always check these things for yourself.

http://istruecryptauditedyet.com/

I was a couple of days late after the TrueCrypt announcement posting this to bitcointalk to begin with, and somewhat surprised no one had posted it before. I guess everyone uses paper wallets/cold storage or whatever, and not that many keep their own encrypted volumes anymore.

I'll be keeping an eye on the audit of 7.1 results, as I kind of liked TrueCrypt. But Tomb seems pretty good too looking at it now...

Yeah Tomb seems nice. The entire dyne thing is pretty awesome.

See https://www.grc.com/misc/truecrypt/truecrypt.htm too.

I think I'll continue using v7.1. I don't see why I shouldn't.

The whole 'go use bitlocker' thing is blowing my mind. How could they possibly say that?

I'm on 7.1a but I'm not too happy right now. Honestly I don't have anything really worth protecting since I don't keep btc on it, but still.

I'm not a paranoid person but after seeing that message my imagination starts going off.

Has there been any other unofficial messages from the TC people? The lack of explanation really makes me even more suspicious...like they can't legally talk about or something.

If they have been served a NSL they can't talk about it at all. Not even hint really.

Would the government consider what they said a hint though? Legally speaking?

Sure but they have to be able to prove it as well which probably isn't worth that effort alone.
We can't even prove what we "think" it might be. It might be what it is at face value..
The lack of any further information though could be a good indicator they are not at liberty to discuss anything.
I'm taking it as they have been compromised. I'm keeping my old copy and I read it's been forked already.

wow, there really is a domain for everything these days.

And we're back - http://truecrypt.ch/ (http://truecrypt.ch/)

back to scamming? don't trust this url folks..

Excuse us? What are you talking about? The URL we posted is a link to a project to revive Truecrypt which we read about here earlier - http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/

yea 3 posts and truecrypt is hosted on sourceforge. The whole new domain .ch ain't buying it..

This is our last post directly to you. Our post count is irrelevant. Feel free to follow the Forbes link. This is a new team of devs attempting to revive Truecrypt or a new product inspired by Truecrypt so why would it matter what the domain is? There is more to the internet than .com and .org.

Thank you.

Oh wow!  I hadn't noticed that!

https://i.imgur.com/8j1hINz.png

I'm all for some of these great theories, but on the other hand, humans excel at seeing patterns where there are none. If randoms on the internet can take the first letters of three words in a sentence and make NSA out of it - then so can the NSA - and any legal binding they had to non disclosure would be forfeit right?

If the developers are somewhat anonymous - do we even know they're from the USA? It would seem a no-brainer to host software like this on some Scandinavian / Caribbean data-haven server right?