We’re not really any closer to finding out the real reason why the TrueCrypt project was abruptly shut down last week, but at least some on the internet aren’t prepared to see the open source encryption tool disappear without a fight.
A team of developers led by Thomas Bruderer and Joseph Doekbrijder are hoping to rescue TrueCrypt, or - at the very least - develop a new product based upon its code.
To that end they have set up a website - www.truecrypt.ch - where they are offering downloads of TrueCrypt 7.1a.
If you recall, the anonymous developers behind the umm.. “true” TrueCrypt withdrew version 7.1a, claiming it was “not secure as it may contain unfixed security issues” and replaced it with a decrypt-only version 7.2 edition.
That announcement surprised everybody. TrueCrypt is a respected piece of security software, used by many to encrypt their sensitive files and entire hard drives. Earlier this year, independent auditors found “no evidence of backdoors or intentional flaws” when examining its code.
Nonetheless, the anonymous coders behind TrueCrypt have shut the door and pulled down the shades.
The TrueCrypt.ch team are clearly frustrated by the abrupt cessation of the software, and say that they will do things differently.
Anonymous development on a security relevant Project is no longer an option. The TrueCrypt.ch team will stand with their name!
We are looking for an interactive communication with the users and a bigger community effort.
Currently the news is still in flux, and we will support any efforts in reviving TrueCrypt. If other Initiatives arise we will try to support them. At the moment we want to make sure everyone who wants can continue to use TrueCrypt.
We put together the whole TrueCrypt Source into a github repo: feel free to clone.
What I find interesting about Bruderer’s and Doekbrijder’s move is that TrueCrypt is different from most other “open source” software, in so much as although the source code can be examined by anyone who might want to explore if there are any vulnerabilities or backdoors, you are explicitly *prohibited* from modifying the code, or using it as the basis for your own products.
It’s clear that TrueCrypt’s anonymous developers have never wanted others to build upon their code.
And yet, that appears to be precisely what the truecrypt.ch project is planning to do.
This, it appears, is one of the reasons why truecrypt.ch is being run from a web server based in Switzerland. As the site explains:
Located in Switzerland
If there have been legal problems with the US, the independent hosting in Switzerland will guarantee no interruption due to legal threats.
In short: we don’t care if the original developers don’t want us to mess around with their code, we’re too far away for them to have any control over what we do.
Hmm… I’m not sure I feel too positive about that approach, and I hope they will have a good think about it.
Of course, such a geographic location may also be beneficial if some of the conspiracy theorists are correct and TrueCrypt was shut down after pressure was placed upon it by law enforcement agencies.