TrueCrypt shutdown and its implications

It was announced today in SearchSecurity.com that encryption tool True Crypt had shut down  Open source software, the implication is far-reaching for multiple reasons:

  • While TrueCrypt developers won’t confirm or deny that their open source software had been hacked, TrueCrypt’s demise means that more users who want to employ open source software as a less-expensive means of providing encryption/security solutions may have to look to more expensive proprietary software.  This will make any user skeptical of using any open source software in the future.
  • The article hints that the one of the issues with TrueCrypt, over time, has been that the authors of the software have remained anonymous.  This is indeed a concern – the user community is entitled to know who is writing the software in order to verify its authenticity and reliability.  If the authors won’t identify themselves, how reliable can their work be?
  • True Crypt purported itself to be secure, so much so that its use is promoted in Information Security textbooks, and as a professor who teaches IT and IS, I have taught it to my students.  Now I will have to switch over, almost certainly to the proprietary BitLocker, installed on Microsoft operating systems.  The instructions on how to migrate to BitLocker are here, on, of all places, TrueCrypt’s own site (what’s left of it).
  • Some hardware devices actually use TrueCrypt to provide encryption services.  I own a LaCie USB key that contains an encrypted drive, it’s encrypted by TrueCrypt.  I’ll keep using it, but now I’m suspicious.  In the meantime, manufacturers such as LaCie that use it are going to have to migrate to another encryption tool.
  • While I don’t use TrueCrypt to encrypt an entire system drive on my home PC, I do use it to encrypt a file container of secure personal documents and files, and so I’ll have to migrate those files to BitLocker, which probably won’t be that difficult.  TrueCrypt’s instructions seem easy to follow.

The biggest blow from TC’s announcement is to the open source community, TC’s community of users, and instructors like myself.  It will be interesting to see how textbooks and instructional material are updated in the future.