Some users have tried to find evidence of misdeeds. But 'uti nsa im cu si' is meaningless in Latin – except to Google translate

This article is more than 6 years old

This article is more than 6 years old

When popular security software TrueCrypt closed its doors, many users simply couldn't believe that the stated reason – that the developers had decided to stop work because Microsoft had rendered their software obsolete – was true.

The most widely held interpretation, two weeks on, is that the developers decided to stop working because the task of maintaining a widely used cryptography program just became too much work. Other users claim that the program contains "duress canaries", small signals designed to indicate that the work is being released under duress. One user, Alyssa Rowan, cites three minor changes to the formatting of the code which she had been told in 2004 were such signals:

Alyssa Rowan (@AlyssaRowan) @0xabad1dea 2. Release date format: mmmm d yyyy -> m/yyyy;

Alyssa Rowan (@AlyssaRowan) @0xabad1dea 3. Format/InPlace.c #12, delete "(likely an MS bug)" from comment, rather than changing wording to "maybe", etc

But whether or not Rowan's canary is intentionally tripped, some users have gone a bit far in trying to find evidence of misdeeds. This post, by Wikipedian Badon, has been making the rounds:

There is a hidden message on the new sourceforge TrueCrypt site. The first line of the site is this: "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" If you take just the first letter of each word, except the word "WARNING": "Using TrueCrypt is not secure as it may contain unfixed security issues" you get this: "uti nsa im cu si" It's Latin that roughly means: "Unless I want to use the NSA" So, the full message seems to be this: "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues, unless I want to use the NSA" Which is English that roughly means: "Don't use TrueCrypt because it is under the control of the NSA"

In fact, "uti nsa im cu si" is meaningless in Latin – except to Google translate, (mis)translates it to the message Badon discovered.

Neither "im" nor "cu" are Latin words at all, and while si and uti are, they don't mean the words that Google claims they do: instead, "si" translates to "if", and "uti" to "in order to". What seems to have happened is that Google recognised enough Latin words to think it was translating a real sentence, and then made its best effort to cram the rest of the words into a vaguely grammatical sentence. A more accurate translation, going the other way, would be "volo nisi ut NSA".

It may still be that the NSA were involved in the closure of TrueCrypt. But it isn't the case that the developers are leaving hidden cod-Latin messages peppered throughout their notes.



• For what other reasons could TrueCrypt have closed?

