Story of Truecrypt

If you remember last decade, you probably remember an enigmatic disk encryption utility Truecrypt. Some strange design choices, an eventual Linux port, a wealth of unheard of features and rather paranoid design features, as well as an unusual license that didn't play nice with Free software norms.

Its developers remained pseudonymous, something not so unusual back then, and didn't interact much except developing Truecrypt.

And then one day the music stopped. A warning noting that the program had flaws, to updated to the latest decrypt only, and migrate data was given that immediately threw off red flags. It was a very obvious sign to do something else with data.

Truecrypt was survived by its volume container format TCRYPT. The program was forked into a few other viable projects including the even more paranoid Veracrypt. Entirely Free software implementations such as tcplay sprung up for operating TCRYPT partitions.

Eventually, after many years, cryptsetup, the mainstream linux encrypted volume support added support for TCRYPT volumes. Truecrypt might be dead and buried, but its container format, with all its features live on.

So why was Truecrypt? As we later came to know, the creator of Truecrypt was unmasked as a mid-level drug trafficker. No better inspiration for writing decent security as if your data is actually at risk. Did the hidden volume actually work? We don't know. But we do know he flipped states witness.

We also know after he flipped, as soon as he was released from prison, he updated Truecrypt telling everyone to abandon the project. He might have given up drug dealers, but he didn't sell out the FOSS community.(also now, cannabis is legal)

Follow

@GI_Jack
What's the status of VeraCryp nowadays? It still has interesting features (plausible deniability in particular)

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!