[Discuss] TrueCrypt EOL, what's next?

[Richard Pieri]

Tom Metro wrote:
> But seriously, the warning on the site/code was good practice, however,
> they should have announced the discontinuation in advance, and offered
> to transition the project to a new team, if they no longer wanted to
> continue development.

No, I disagree, and not just for the sake of being disagreeable. I point
at Oracle's assumption of ownership of MySQL and OpenOffice as most
egregious examples of what can go wrong when a project is handed over to
a new team or new owners. At the very least there is a distinct lack of
trust towards Oracle over its stewardship of these two projects. Such a
lack of trust is a kiss of death for a security-related project like
TrueCrypt. No, this is a clear and absolute announcement that the
developers are burying TrueCrypt and moving on. This is the best case.

The worst case? There's a flaw in the on-disk structures, a fundamental
weakness that can't be fixed with a software patch. Something like this
can ONLY be remedied by decrypting the entire volume and re-encrypting
it with something else.


As for what to replace it with? I don't know. TrueCrypt is unique. It's
the only free-ish, source-visible disk encryption tool that is portable
across Macintosh, Windows and Linux. Disk Cryptor is GPL but is
Windows-only. FreeOTFE is open source, Windows and sort-of Linux but is
no longer maintained and no Macintosh.

There are a number of cross-platform commercial tools. They're all
expensive. Few support dual- and multi-boot systems. Most require Active
Directory infrastructure.

-- 
Rich P.