Everyone knows encryption is important, and TrueCrypt has long been a great free tool to help keep your important files from prying eyes. The Open Source tool has been available for over a decade, allowing users the ability to encrypt files, whole disks, and even create "hidden volumes." Today a major announcement from the TrueCrypt team has rocked the security world.
According to the SourceForge page for TrueCrypt, the tool is now considered insecure as it "may contain unfixed security issues." The page then goes on to explain that users should use BitLocker to encrypt their volumes and gives step-by-step instructions on how to do that. Based on the notice on the page, development ceased after support for Windows XP expired. They also state that users should decrypt their data and migrate to another encryption platform. From the website:
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Theres a lot of uncertainty about this, especially considering that TrueCrypt has recently been going through a security audit to see if there are any currently unknown backdoors. The first phase of the audit was completed last month, with Bruce Schneier saying, "Quick summary: Im still using it." This has led many to believe that the TrueCrypt.org domain was simply hijacked and the binary on the site replaced with a Trojan. Neowin users are discussing this in the forums, and neufuse has noted some unusual network traffic from the 7.2 release of TrueCrypt, something he hasnt seen in the past.
For now, we recommend that you do not download the latest version of TrueCrypt from the website until we hear definitively what the status of the tool is as its possible its malicious and will send your data to an unknown location.