TrueCrypt is free, open source software that can be used to encrypt just about anything. I and my colleagues have recommended it to people for years. Recently, however, it appears that the project is in jeopardy and users of TrueCrypt probably need to transition to different software. It does not appear that users of TrueCrypt need to transition immediately. The software should work just fine for the near future. We recommend all users of TrueCrypt start planning to transition to new encryption software as soon as you can make the time, however.
As usual: no need to panic. Luckily, it is now 2014 and encrypting your computer has become a low-cost, easy task. For Macintosh users, it is as easy as clicking. For Windows users, you probably need to get BitLocker from Microsoft. After that, it is as easy as clicking.
if you’re wondering what disk encryption is, see our article on the subject.
What Happened to TrueCrypt?
TrueCrypt is and was a volunteer-driven software project. It appears that the volunteer team has decided to end the project. Strangely, they have decided to do so very dramatically, claiming that the software is now unsecure. All indications, however, are that the software up to version 7.1 is still perfectly fine. It was even audited recently by an independent group and found to work adequately. The Gibson Research Corporation explains which versions still work and provides a place to download them:
- “Yes, TrueCrypt is still safe to use” (Gibson Research Corporation)
Do not download and use the version of TrueCrypt that is available at the TrueCrypt website right now. For some reason, the development team has decided to put a broken version of TrueCrypt there.
Do use the link above if you need to download a working version of TrueCrypt.
Do I Need to Switch Now?
If you are using a working version of TrueCrypt (that would be any version up until the broken one that was recently posted on the TrueCrypt website), then you do not have an emergent need to change your encryption software. However, the software will eventually become outdated over time and will likely become less secure in the process.
Thus, we recommend that you make a switch to different encryption software as soon as you have the time and free energy to do so.
Switching to “Native” Software
Both Macintosh and Windows now have “native” software packages that perform the disk encryption that people have been using TrueCrypt to accomplish.
For Mac: use FileVault 2. Note that you need Mac OS Lion or newer to get FileVault 2. We recommend that you simply make sure you get the most recent version of Mac OS that your computer can handle. if you need to upgrade Mac OS, it often costs much less than buying it new. The following article explains how to use FileVault 2 (Make sure you have and are using version 2!) Technically, it is as simple as clicking. You can also use it to encrypt your backup external hard drive, USB thumb drive, etc.
For Windows: use BitLocker. Most consumer versions of Windows do not come with BitLocker by default. You may need to upgrade your version of Windows in order to get BitLocker. Once you do, it is as simple as clicking. You can also use it to encrypt your backup external hard drive, USB thumb drive, etc.
If you do not feel confident messing with the encryption on your computer (which is many folks), we recommend getting technical support in making the transition. Macintosh users can get support at any Apple Store. Windows users can get support from a large variety of professional geek shops that provide technical support. A tech-savvy friend, colleague, or family member may also be able to help you.
The TrueCrypt website has been replaced with information on transitioning from TrueCrypt to FileVault 2 or BitLocker. Here is a link to the website (do not download and use the version of TrueCrypt found there — only use the instructions for switching away from TrueCrypt):
What If I Use Third-Party Encryption Software?
If your encryption software does full-disk encryption that is certified as “FIPS 140-2 compliant,” then it is just fine. No need to switch. You can ask your software provider if it meets these criteria.
I Have a Question, or I Want To Follow What Is Going On
Clinton Campbell, LMHC CISSP has started a discussion in our LinkedIn group, where a lively discussion of the issue has been happening. I recommend following that discussion to keep updated. Rob Reinhardt, LPCS NCC has also published a post on the issue:
- Get up-to-date info from our LinkedIn group discussion
- Read Rob Reinhardt’s article: “TrueCrypt No More?”
I Don’t Actually Know What Disk Encryption Is. Can You Tell Me?
I’m glad you asked! Please see our article about the importance of disk encryption for your computer(s):