It would be understandable to learn about the closure of a software application that is old enough to retire along with the recently shuttered Windows XP. But to hear the anonymous managers of an encryption project say they are shutting down the whole program because of Microsoft’s implacable end-of-life-support for its twelve-year old operating system just does not make sense.
But you heard it right, the TrueCrypt open-source encryption initiative has been shuttered for no other reason than the retirement of Windows XP. If you happened to visit its website, you will be greeted with a warning message that says using TrueCrypt is no longer secure due to some unfixed errors with regard to the security infrastructure.
The message goes on this way:
“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images.”
If you think the message over, you would not arrive at a conclusion, because there is just none that derives from the alert.
TrueCrypt advises visitors and users to transition to the commercial encryption tool BitLocker, and there’s even a detailed scroll of instruction on how to do just that. It is even odd, because all Windows line of products ship with BitLocker, so there is no point for TrueCrypt to reach its terminus at the closure of Windows XP while BitLocker manages to stay in place.
But even the migration to BitLocker is quite problematic for some operating systems other than Windows.
The mysterious termination of the popular encryption project only sparked various speculations about what lies behind the sudden turn of events, especially to the IT community for whom the shutdown is hard to grasp.
It might be that the growing skepticism about the capacity of most encryption systems following the Edward Snowden revelation has forced TrueCrypt developers to close the program. Last fall, there was a mandatory audit undertaken by TrueCrypt to determine how far it can secure and protect the networks of companies, law firms and other professional services worldwide that have been using the encryption tool.
A few months ago, a persistent demand from the FBI for private Secure Sockets Layer keys prompted Lavabit, another encryption project, to shut down the whole thing out of spite with regulatory forces.
Any of these incidents could be the same valid reason for the TrueCrypt shutdown, but only time can tell. Any conjecture about the site being defaced in the face of hackers is farfetched.