SAN FRANCISCO (Reuters) - A team of security experts may seek to restore and improve a popular computer encryption system after its developers mysteriously shut it down, claiming “unfixed security issues,” a leader of the effort told Reuters on Thursday.
TrueCrypt, one of a number of programs that encrypt all of a user’s hard drive, had gained popularity after fugitive former National Security Agency contractor Edward Snowden praised it and law enforcement officials complained of their inability to crack it.
The software’s code has been publicly available for years, but its developers have not spoken publicly and their true identities are unclear. After Snowden’s revelations, supporters contributed some $70,000 to an effort to verify the security of the code.
TrueCrypt had passed the earliest testing, so it shocked many technologists Wednesday when the TrueCrypt website announced it would discontinue encryption support and urged users to move to rival software.
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” the notice said.“You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images.”
Speculation has mounted over the cause of the reversal, with some suggesting that the developers had tired of the decade-long project and others guessing that U.S. authorities had demanded a back-door key from the programmers, as happened with anonymous email provider Lavabit.
As that debate raged Thursday, an audit team funded by the $70,000 was preparing to announce that it would continue its quest to determine the security of TrueCrypt and would seek to fix legal issues with the license to the code, said Matthew Green, a Johns Hopkins University cryptography professor helping lead the effort.
If the license issues are resolved, the group could continue to develop and improve the software, though Green said “we’re not going to commit to a `fork’ yet.” A fork is a split in development, where code can be steered in a new direction.
Reporting by Joseph Menn; Editing by Steve Orlofsky
Our Standards: The Thomson Reuters Trust Principles.