Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

The Death of TrueCrypt: The Mystery Deepens

June 23, 2014

Everyone in the cybersecurity world would love to know definitively what happened to cause the demise of TrueCrypt but a Naked Security post suggests we are no closer to truly understanding that than we were before.

TrueCrypt is, or was, a long-running software project that claimed to provide strong encryption software that you could use for free on Windows, Linux and OS X. It became popular for many reasons, notably that it was free, cross-platform and apparently untainted by association with governments or commercialism. Reporters loved it.

You could even get the source code for TrueCrypt, as a sort of implicit guarantee that there were no secrets or backdoors hidden in there. But it wasn't truly open source, since you couldn't then do what you liked with that source code. You could not, for example, "fork" the code. Read the post if that is mysterious to you.

So why did TrueCrypt programmers shut the software down? The leading conspiracy theories are these:

The NSA made them shut it down, because the product was too secure

Hackers got into their website and stole their code signing key, then set about destroying the product to push users onto tainted alternatives
Malicious actors forced them to introduce covert backdoors, and this was the way of telling us without actually saying that this was true
It was all a hoax to raise awareness of encryption

We know it is a "game over" scenario and that permission to fork the code has been refused.

The coders have called "game over" on the project, and they've decided to take their ball and go home, by refusing permission for a fork. But are any of the conspiracy theories correct? No one has said. I find theories #2 and #4 improbable but any of the other three seem perfectly plausible in the current political environment. #1 and #3 are possibly related since the NSA is considered in many quarters "a malicious actor."

As Naked Security asks, "What's your theory?"

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

The Death of TrueCrypt: The Mystery Deepens

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer