TrueCrypt, one of our favorite file encryption tools, has abruptly changed its homepage to a warning that the tool may not secure, and a detailed guide on how to migrate your encrypted data to BitLocker instead.
The update appeared earlier today, and while we haven't been able to confirm that it's authentic, it has set off a storm in security circles, on Hacker News, and over at Ars Technica. Even though the encryption tool hasn't seen a major uplift in ages, TrueCrypt had recently just passed the first stage of a comprehensive security audit without issue. The sudden warning came as a surprise—one that a number of commenters around the web have assumed must be the work of a compromised SourceForge account or a rogue site admin. If the warning is legitimate, it might be time to migrate your encrypted files to another service or tool.
Either way, do not download the version of TrueCrypt listed on the site right now . It was compiled yesterday, according to security researcher Runa Sadvik, using a questionable DSA key. It may be compromised along with the TrueCrypt Sourceforge page.
As more information comes to light, we'll update this post with additional details.
0 comments:
Post a Comment