[Quarrelsome]

What happened to Truecrypt? Isn't that the one with the fundamental flaw that means everything it encrypted is trivial to unlock today?

EDIT: this is a genuine question, I thought it had been unmaintained for ages and vulnerabilities had been found. My memory betrays me?

[ColanR]

The (real) reasons for it shutting down were never given.

However, at the time it was theorized that in the event the maintainers had found a fundamental flaw, disclosing that flaw by issuing a patch would immediately jeopardize all preexisting truecrypt containers by revealing a method for breaking them. That would be untenable, and so the only alternative would be to shut down the entire project and recommend no further use of the software - as was done.

A subsequent audit did not identify any such security flaw, so the prevailing theory is now that the maintainers were forced to stop work by a governmental agency. It's considered safe and now known as veracrypt.

However, the question I have is whether a single crowdsourced security audit would be capable of finding a flaw that it took the developers themselves years (decades?) to identify.

[doc_gunthrop]

As others have mentioned, there is speculation about coercion from a certain 3 letter agency. Some have even suggested that the maintainers of TC left an encoded message to users:

> Using TrueCrypt is not secure as it may contain unfixed security issues.

Not Secure As. Whether this holds any weight, only the maintainers would know.

More info: https://grahamcluley.com/truecrypt-hidden-message/

[dtech]

It disappeared from the net suddenly and under very suspect circumstances. The general consensus it that it was forced off-line by some US agency.

[rapsey]

Since Truecrypt is mentioned, I am going to use this place to highly recommend the book Mastermind. The that Truecrypt was based on named E4M was written by a man with quite an insane life story. He created a massive criminal enterprise.

[skylanh]

For someone that wants to quickly get to the action:

https://en.wikipedia.org/wiki/Paul_Le_Roux

> In 2019, Evan Ratliff—who wrote a series of articles about Le Roux for The Atavist Magazine—published The Mastermind, a 446-page account of Le Roux's ventures.

https://www.penguinrandomhouse.com/books/549566/the-mastermi...

[gruez]

>Isn't that the one with the fundamental flaw that means everything it encrypted is trivial to unlock today?

Has this been substantiated?

[Quarrelsome]

Sorry I thought it was canon. I remember seeing something suggesting it _years_ back. Truecrypt is unmaintained now, isn't it?

[Koliakis]

Truecrypt was mysteriously shutdown out of nowhere. Rumours abound that it was because of a national security letter or some other governmental interference. TC was never proven to be fundamentally insecure, but the original developers abandoned the project with the incident and the project was forked by others as VeraCrypt, which is now the recommended solution for local encryption (on Windows at least).

audit: http://istruecryptauditedyet.com/

final audit summary: https://blog.cryptographyengineering.com/2015/04/02/truecryp...

[Quarrelsome]

Thank you. This was the correction I was looking for.

[xxffgg557]

How about research it yourself before spreading false information about a really amazing tool masked as a question.

Or do you have a competing tool? Let me guess. Someone will ask for an alternative and another will suggest..

[Quarrelsome]

Uh no. I'm literally just saying the things I know about Truecrypt. Its a very old and as far as I was aware its no longer maintained and not recommended for securing things. Am I wrong?

[vorpalhex]

You are incorrect. TrueCrypt was audited and passed, and lives on in multiple forms under multiple maintainers, the most well known being VeraCrypt.

If you are unsure of a fact, you can always do some quick research using your web browser before posting incorrect information in a way that may be misunderstood.

[radlad]

> Its a very old and as far as I was aware its no longer maintained and not recommended for securing things.

This doesn't mean it has a "fundamental flaw that means everything it encrypted is trivial to unlock today."

There has been no evidence to suggest that is true. An NCC Group audit found no significant flaws: https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_O...