The news broke last night that TrueCrypt, the encryption tool endorsed by Edward Snowden, was shut down. The official website for the TrueCrypt encryption software, which allows users to encrypt hard drives and sensitive files, was updated to say that it is no longer safe to use. Please see below for some comments on this news from top security experts:
Brendan Rizzo, technical director at Voltage Security - world leader's in encryption says:
"TrueCrypt has long been seen by its users as a good open source technical option for encrypting data - especially for personal use. The apparent move by the TrueCrypt team to completely abandon the project without any warning highlights a very real risk companies face when choosing solutions to meet their requirements: even if TrueCrypt was found to still be technically sound, a technical solution alone is not enough. While some start-up companies may choose a more risky approach in order to try and save money, larger companies know that attempting this approach at scale is a fool's errand. Especially when it comes to something as critical to their business' success as encrypting their most sensitive information. It is imperative for companies to choose a solution provider who offers both an openly validated technical solution as well as the reliability offered by a commercial company who will stand behind a product and provide support and updates for years to come."
Amichai Shulman, CTO at Imperva writes:
"There is a place for a disk encryption solution independent of operating system type and operating system provider in general. Whether TrueCrypt is the right solution, given the anonymous nature of its developers, I’m not sure. Whether this is a trend for other businesses? I don’t think so. TrueCrypt was never a “business”. Most businesses should have moved on from XP software a long time ago. TrueCrypt was created in order to provide disk encryption for operating systems that does not have built-in support for it. Currently the only one is Windows XP and since it is “no longer safe” to use it there’s no point in maintaining an encryption solution for it.”