The web security scene is thoroughly weirded out following the abrupt and inexplicable closure of the TrueCrypt project.
TrueCrypt was an anonymously authored piece of disk encryption software that came well-recommended — even Edward Snowden was keen on teaching people how to use it. It allowed users to create hidden volumes whose very existence would only be revealed with a secret password. This “plausible deniability” aspect was designed to protect users facing physical or legal attackers, who would remain ignorant of the secret compartment’s existence and would therefore not start breaking kneecaps or threatening jail terms in order to find the password.
Any excuse for an XKCD comic:
Sometime on Wednesday, a message went up on the TrueCrypt web page, announcing that the software was “not secure as it may contain unfixed security issues,” before going on to state:
“This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft(s msft) terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
The page now includes a link to a new, smaller version of TrueCrypt that can only decrypt — further encryption is no longer possible. As security researcher Runa Sandvik noted on Forbes, this executable was “certified with the official TrueCrypt signing key, proving that whoever updated the website is also in a position to release and certify new versions of the encryption software.”
If the TrueCrypt people were hacked, therefore, the hackers did a thorough job of impersonating them. It’s hard to tell what happened. Cryptographer Matthew Green of Johns Hopkins has unsuccessfully tried to contact the anonymous developers, though he reckons the warning notice is the genuine article:
I think it unlikely that an unknown hacker (a) identified the Truecrypt devs, (b) stole their signing key, (c) hacked their site.
— Matthew Green (@matthew_d_green) May 28, 2014
Green and Sandvik are both involved with the Open Crypto Audit project, which pretty much does what it says on the tin. Funded on Indiegogo and FundFill late last year, the project’s first task was to audit TrueCrypt. The first phase of this mission was completed around a month ago, finding a handful of relatively minor vulnerabilities in the TrueCrypt bootloader and Windows kernel driver. The second phase — formal cryptanalysis of the software — was underway, but Green tweeted on Wednesday that the auditors hadn’t found anything noteworthy yet.
So, assuming that this isn’t all an intricate hoax, what happened? A good few Redditors reckon the TrueCrypt developers were trying to warn users that the authorities had gotten to them, without saying so explicitly due to some kind of secret subpoena. That said, TrueCrypt didn’t hold user information the way, for example, Lavabit did.
What struck many as particularly odd was the developers’ apparent recommendation of Microsoft’s BitLocker as the preferred alternative, not so much because BitLocker is untrustworthy — as Sophos researcher James Lyne noted on Forbes, it’s “been the subject of numerous audits and standard checks” — but because BitLocker only comes with pro and enterprise versions of post-XP versions of Windows.
If, as the warning post appears to suggest, the death of XP renders TrueCrypt unnecessary, what are consumer-grade Windows users supposed to do now? For other platforms, there are alternatives — Mac(s aapl) users have FileVault and Linux users can turn to a few alternative implementations of the TrueCrypt encrypted container format — but TrueCrypt’s cross-platform nature will be missed by many.
Can TrueCrypt now be forked? Green indicated that he hoped so, but he also told security expert Brian Krebs that TrueCrypt’s peculiar, not-really-open-source licensing may be a blocker. He also expressed worries over the timing of the closure, what with that audit going on:
“There are a lot of things they could have done to make it easier for people to take over this code, including fixing the licensing situation. But maybe what they did today makes that impossible. They set the whole thing on fire, and now maybe nobody is going to trust it because they’ll think there’s some big evil vulnerability in the code…
“Today’s events notwithstanding, I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there. But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact we were doing an audit of the crypto might have made them decide to call it quits.”
Hopefully, the truth will out.