Friday, July 11, 2014

Should you continue using TrueCrypt?

It was the last days of May when TrueCrypt website suddenly was took down and replaced with a page suggesting a migration to Microsoft Bitlocker.
No one really knows what happened, I personally believe that the NSA asked the devs to do something they didn't want to, so they decided to completely stop the project, similar to what happened to Lavabit some time ago.

You can find a lot of theories and even declarations of some guys claiming to be the developers, I don't trust much in those claims, as the TrueCrypt developers were anonymous and even if they were the real devs, probably are legally obliged to deny everything and say nothing strange happened.

But the real question is, should I continue using the latest version of TrueCrypt? Is there any other software that I could use to replace it?

If you run Linux is highly recommended you migrate your encrypted volumes to dm-crypt LUKS. Linux Mint 17 Qiana installation wizard includes an option to encrypt your system partition using it, so if you don't know much about Linux, that's an easy way to start.

If you need support in multiple platforms the response is simple, there is no other option than using TrueCrypt.

But is TrueCrypt safe to use?

A group know as OCAP ( Open Crypto Audit Project ) was crowdfounded to do an audit to TrueCrypt source code, on April 14th they released the Phase I Audit report that didn't found anything disastrous on it, they mentioned they had a big announcement coming, but then TrueCrypt project was halted.

So it seems its relatively safe to use TrueCrypt, for sure is way better than no encryption at all and is better than Microsoft's Bitlocker.

Another option if you are on Windows but don't want to use TrueCrypt anymore could be to run Linux inside a virtual machine and that way using dm-crypt LUKS.

But it really depends on how important is the info you are storing, if is your business documents, your porn stash or you live in a country other than US and the NSA wouldn't be asked to decrypt your disk even if they could, just continue using TrueCrypt until we have news about the fork, now called Ciphershed officially.

No comments:

hit counter script