“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” a note at the top of the page read. “This page exists only to help migrate existing data encrypted by TrueCrypt.”
The site continued: “The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP,” it read. “Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
The move was especially puzzling, given that TrueCrypt, a popular security choice for PCWorld users for several years, had recently passed the first round of a security audit. iSec, the firm that did the audit, found 11 flaws, but none that were immediately exploitable. Otherwise, iSec said it “found no evidence of backdoors or intentional flaws”.
Matthew Green, who teaches cryptoanalysis at Johns Hopkins and who worked on the audit, tweeted that he thought the change was a legitimate exit on the part of the developer, and not a hack. He said that he had attempted to contact the developers, and not heard back from them yet. But The Register is reporting that the most recent version of TrueCrypt appears compromised.
Last I heard from Truecrypt: “We are looking forward to results of phase 2 of your audit. Thank you very much for all your efforts again!”