Thoughts on TrueCrypt

On Wednesday night I tweeted this:

I started getting retweets and replies like this on Friday from people I respect (and a bunch from people I don’t know):

https://twitter.com/averagesecguy/status/674768017864134657

So people REALLY like TrueCrypt or I didn’t make my point articulately enough.  In case I didnt make my point well enough I will try to lay it out here.

3 Reasons Why I Think You Should Stop Using TrueCrypt:

The developer stopped maintaining it, took down the webpage and replaced it with this.
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues“.
Screen Shot 2015-12-12 at 2.51.13 PM

I think that this reason should be more than enough to get 99% of people to stop using it.

The latest version of HashCat includes support for TrueCrypt volumes.
If you are using good passphrases (most people don’t) it really isnt a big deal but it does lower the level of complexity for hacking a TrueCrypt volume with a weak password from a medium-high skill level (Think Security Professional) to downloading kali and following instructions (Think Help Desk Analyst).

The developer stopped maintaining it, took down the webpage and replaced it with this.
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues“.
Screen Shot 2015-12-12 at 2.51.13 PM

There are many other open source and paid alternatives that you can evaluate and pick the best one for you.  So unless you have an amazingly valid reason to not move off of TrueCrypt you should move off it as soon as possible. 

 

Site Footer