Open source drive encryption tool Truecrypt announced that the product is discontinued on its main website today, and the official website has been replaced with directions for getting any encrypted data moved to Bitlocker-protected drives. The website says that “Using TrueCrypt is not secure as it may contain unfixed security issues”
Story from Ars Technica: http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/
Directions for Getting Data Out: http://truecrypt.sourceforge.net/
Coming on the heels of the OpenSSL vulnerability, this may shake the confidence which businesses have in the reliability of open source software. Although the purchase price seems right for open source (free), the cost of unexpected announcements like this, the lack of professional management, and other issues with the practical maintenance and implementation of such products makes commercial software look better all of the time.
If you are using TrueCrypt as your hard disk encryption tool, we recommend that you transition to Windows Bitlocker, PGP Whole Disk Encryption, or another solution ASAP.
A group of developers has set up a website for a new “branch” of TrueCrypt development. While this new group may do a great job, disk encryption is not a place where you should cut corners. I’d stay away from TrueCrypt and go with commercial solutions – we need some answers on why the first group shut the project down and what the code audit has discovered before it gets back onto my “safe” list. (I’m using Bitlocker in W81 Pro).
A branch off of the TrueCrypt code has been launched called VeraCrypt. You can learn more about it at their website, https://www.veracrypt.fr/en/Home.html