When the developers of TrueCrypt delivered the bombshell that they were abandoning their popular open source encryption program, it left many organizations in a hugely difficult position. Should they continue to use it, or heed the developers’ advice that it was no longer secure and switch to another encryption product?

On the face of it, the decision should be an easy one: If the developers of something as security sensitive as an encryption program say that their program is no longer secure, surely it would be rash not to heed the warning.

But with TrueCrypt, nothing is quite as simple as it seems.

The developers are anonymous, and one of the reasons given for abandoning TrueCrypt was the apparent non-sequitur that Microsoft has stopped supporting Windows XP. The product’s website bears the text: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues” But any product may contain unfixed security issues.

Conspiracy theories abound: Was this a thinly veiled warning from the developers that the code has been compromised in some way by the NSA? Or that the developers had spotted a fundamental flaw in their code and wanted the world to quietly walk away from the product? Or had they simply had enough of the project and the work involved in maintaining it?

Read the Full Article: Source – eSecurity Planet
http://www.esecurityplanet.com/open-source-security/truecrypt-getting-a-new-life.html

source not found