The developers of TrueCrypt made the decision to retire the encryption software a couple of months ago. The reason given by them was that TrueCrypt was no longer secure and that users should move to other encryption products instead.

No further information were given at that point in time and rumors began to spread. This included forced cooperation with America's NSA, severe security bugs that the developers found in the software and rumors that the security audit of it was going less than well.

It is several months later now and things have not changed since. The second part of the audit, the crypto-analysis is currently underway and results will be published to the public once it completes.

TrueCrypt development has stopped however and while there is still a chance that one or multiple of the original developers will start to work on the project again at a later point in time, it seems unlikely that this is going to happen anytime soon.

A project that gained some traction recently is CipherShed. It is a fork of the discontinued TrueCrypt project which means that it is based on the same code.

According to project information, the TrueCrypt license allows the forking of the program if it is not named TrueCrypt or referencing it.

That's why the fork is called Ciphershed and not TrueCrypt2 or TrueCrypt++ or something like that.

Downloads are not provided currently but a first screenshot shows how similar the interface looks to the original TrueCrypt interface.

The first version will be re-branded version of TrueCrypt 7.1a, the most recent version of the software. Binaries for Windows, Linux and Mac will be provided, and signed and verifiable binaries and compiled source code will be provided.

It is interesting to note that the project goals go beyond a mere fork. The project goals include efforts to secure the code "through audits, simplification and a secure architecture", and to cooperate with existing efforts such as the Open Crypto Audit Project. The developers plan to fix the vulnerabilities found by the security audit of TrueCrypt in the next release.

Additional information about the roadmap and the team can be found on the official project wiki.

Closing Words

While some users may not want to go back to TrueCrypt or any fork of the software, others may appreciate that the software will live on albeit with a different name and maintained by a different team.

That's not necessarily a bad thing though considering that the Ciphershed team is not anonymous like the TrueCrypt team was.

What's your take on this?

Advertisement