Today, a new version of TrueCrypt (7.2) was pushed to SourceForge, and the TrueCrypt.org website was replaced with an incredibly suspicious page recommending users cease all use of TrueCrypt and use tools such as Bitlocker. The TrueCrypt maintainers have not officially (as of the time of this writing) commented yet on whether the site is compromised, or whether they are (more unlikely) scuttling the project for reasons unknown.
There have been a number of conspiracy theories ranging from a warrant canary (someone tipping off the TrueCrypt team that a secret warrant was issued for information about them) to a massive website compromise, and finally to a terribly sloppy and unprofessional true exit from TrueCrypt.
My take? I don’t know, but most agree it is very suspicious that the TrueCrypt team would lead anyone to use private, proprietary software like BitLocker, when there are plenty of FOSS implementations out there that work well. Usually when someone is lying under duress (or even trolling), one natural way to tip everyone else off to that fact is to state something completely unbelievable that other people would see is completely unbelievable. The TC team recommending BitLocker fits that bill, and I think leaves a hint to the public to disregard everything they’re saying about TC. The whole thing smells suspicious, and at the very least, should be approached with caution.
One thing is for certain: You should not download or trust anything from TrueCrypt until this is all sorted out. That doesn’t mean, however, that you should stop using TrueCrypt if you already are.
Here are a few steps on what you should do, however, to protect your content:
I recently gave an interview with Forbes discussing the technical implications of a case recently heard by the Supreme Court about warrantless mobile phone searches. The technical reasons for not allowing this to go on are many, including the most severe penalty of potentially destroying evidence that you would otherwise need to prosecute a case (should the suspect be found to have committed a crime). There is a far more important dimension to this SCOTUS case, however; the ruling to come could potentially change the face of our constitutional rights as it pertains to data.