Exclusive: Security enthusiasts may revive encryption tool after mystery shutdown

SAN FRANCISCO Thu May 29, 2014 3:55pm EDT

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal Langsdon

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.

Credit: Reuters/Mal Langsdon

Related Topics

SAN FRANCISCO (Reuters) - A team of security experts may seek to restore and improve a popular computer encryption system after its developers mysteriously shut it down, claiming "unfixed security issues," a leader of the effort told Reuters on Thursday.

TrueCrypt, one of a number of programs that encrypt all of a user’s hard drive, had gained popularity after fugitive former National Security Agency contractor Edward Snowden praised it and law enforcement officials complained of their inability to crack it.

The software’s code has been publicly available for years, but its developers have not spoken publicly and their true identities are unclear. After Snowden’s revelations, supporters contributed some $70,000 to an effort to verify the security of the code.

TrueCrypt had passed the earliest testing, so it shocked many technologists Wednesday when the TrueCrypt website announced it would discontinue encryption support and urged users to move to rival software.

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” the notice said.“You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images.”

Speculation has mounted over the cause of the reversal, with some suggesting that the developers had tired of the decade-long project and others guessing that U.S. authorities had demanded a back-door key from the programmers, as happened with anonymous email provider Lavabit.

As that debate raged Thursday, an audit team funded by the $70,000 was preparing to announce that it would continue its quest to determine the security of TrueCrypt and would seek to fix legal issues with the license to the code, said Matthew Green, a Johns Hopkins University cryptography professor helping lead the effort.

If the license issues are resolved, the group could continue to develop and improve the software, though Green said “we’re not going to commit to a `fork’ yet.” A fork is a split in development, where code can be steered in a new direction.

(Reporting by Joseph Menn; Editing by Steve Orlofsky)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (4)
Neurochuck wrote:
Reading a few technical forums indicates a lot of speculation and fragments of information as to what is going down. Some forums which have identity protection techniques which I don’t use are referenced.
My comment is that it is not a matter for “security enthusiasts”, rather it is clear that organizations like law firms have a legitimate, legally mandated, responsibility for client confidentiality and should use computer software and hardware free of backdoors and spyware. But this conflicts with government assertions and practice of a “need to know” to “protect the public”.
And compromised security can be further exploited by “foreign adversaries”, “rogue contractors”, “bent cops” etc.

May 30, 2014 8:20am EDT  --  Report as abuse
Fractalist wrote:
The government does not need to know what we are doing. We need to know what the government is doing.

Somehow, we have flipped the basic ethic of America into its fascist opposite. Fascists believe that citizens should serve the State. Americans believe that the State should serve the citizens. Fascists believe that the State is more important than replaceable citizens. Americans believe that our citizens are more important than the State, and we can replace the State whenever it stops serving the needs of the citizens.

The current US govt is a fascist regime operating under a thin veil of ‘popular consent’. It all starts with the attitude of who is master and who is servant.

Terrorism danger? The only real danger is ourselves.

May 30, 2014 1:11pm EDT  --  Report as abuse
CupertinoJay wrote:
> “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”

translation: “TrueCrypt is Not Secure As” says “TrueCrypt is NSA”

May 31, 2014 9:50pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.