It is difficult to imagine a time without TrueCrypt. I do not even remember how I first got to know of TrueCrypt. I remember, however, moving the mouse randomly to create a new container. Young and foolish at that time, I thought it was a gimmick – not knowing that random number generation can be such a big pain. However, the software itself was great to use. Ever dependable. It had an element of mystery as well – the password for ‘duress’ where you could dump dummy data. It made you feel like a bit of a spy.
Since then, TrueCrypt had become an integral part of my systems. I kept different TrueCrypt containers for different types of data – personal data, work data, etc. I manually backed up these containers because my backup software could not recognise that the file had changed – TrueCrypt did not change the time stamp. I told everyone who cared to listen (and some who did not) about the benefits of TrueCrypt.
Then, last month, TrueCrypt was mysteriously taken off. There was no reason provided. Nor was the source code handed over to the developer community at large to maintain. It was effectively killed off, with a rather strong message.
Then, the conspiracy theories started. (U)sing (T)ruecrypt (I)s (N)ot (S)ecure (A)s (I)t (M)ay (C)ontain (U)nfixed (S)ecurity (I)ssues. Different people interpreted this differently. BoingBoing said “Uti NSA im cu si” is Latin for something bad that NSA wanted to do! Others interpreted it as “Under The Influence (of) NSA”.
While all this drama has unfolded, the key question that remains unanswered for people like me are “Should I continue using TrueCrypt? Or drop it like a hot potato?”
My answer to this question, is similar to my answer to most questions where I do not know the context. “It depends.” You need to ask yourself these questions:
What is the criticality of the data that you encrypt?
Who would want to get it? What resources and motivation would that individual have?
Will someone invest time and money to get the data that you have encrypted?
If, like me, you think that if your laptop is stolen, it would only be for the value of the hardware and not for the content, but you still do not want the casual guy to get your passwords, then TrueCrypt is still safe for you – at least till the next major OS upgrade. However, if you think that your data is far more important than the cost of the laptop itself (it might start wars or cause an economy crisis, maybe) , then you might have to reconsider your use of TrueCrypt! Happy Encrypting!!