Reconsider TrueCrypt

[yuvadm]

In light of recent events, we should reconsider endorsement of TrueCrypt:

• http://truecrypt.sourceforge.net
• http://www.theregister.co.uk/2014/05/28/truecrypt_hack
• http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure

Please update this thread with any new information on the matter.

[samthetechie]

It did not become insecure overnight / expiry date explosion of mold on the stroke of midnight :) Lets review: http://istruecryptauditedyet.com/ and decide, on balance, if the tool is still useful and also I am quite certain the tool will have a life after this milestone in its history.

[samthetechie]

Direct link to first partial audit/report: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

[leesheppard]

TrueCrypt has been audited as of 2 April 2015.

http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html

[milo-trujillo]

After the recent TrueCrypt security hole would it make sense to remove the section on TrueCrypt in Disk Encryption? Or maybe see if VeraCrypt has the same vulnerability and switch endorsements?

[vv01f]

I would second the endorsement of TrueCrypt for non-Windows-machines. And VeraCrypt for those people stuck on Windows as they fixed the 2 bugs according to changelog.
Nevertheless the problem of license and lacking repetitive review should be mentioned how useful it might be even without being free software. When pointing out problem, its obvious to have a linked solution, like donation for review or feature implementation.