My guess is that the TrueCrypt self-takedown
is going to turn out to be legitimate.
We know NOTHING about the developers behind TrueCrypt.
Research Professor Matthew Green, Johns Hopkins Cryptographer who recently helped to launch the TrueCrypt Audit, is currently as clueless as anyone. But his recent tweets indicate that he has come to the same conclusion that I have:
I checked out the cryptographic (Authenticode) certificate used to sign the last known authentic version (v7.1a) of TrueCrypt, signed on Feb. 7th, 2012:
You’ll notice that nine months after being used to sign the v7.1a Windows executable the signing certificate expired (on November 9th of 2012.)
The just-created Windows executable version of TrueCrypt, v7.2, was signed on May 27th, 2014 with THIS certificate:
You’ll notice that the certificate which signed it was minted on August 24th of 2012, a few months before the previous certificate was due to expire, just like we’d expect, and also by the same CA (GlobalSign), though having a longer public key (4096 bits). This all exactly passes the smell test.
In a comment below, Taylor Hornby of Defuse Security noted that “The GPG signatures of the files also check out. The key used to sign them is the same as the one that was used to sign the 7.1a files I downloaded months ago.” So, again, this speaks of either a willful and deliberate act by the developers, or a rather stunning compromise of their own security. While, yes, the latter is possible, it seems much more likely, if also much less welcome, that TrueCrypt has been completely abandoned by its creators.
So, given the scant evidence, I think it’s much more likely that the TrueCrypt team – whomever they are – legitimately created this updated Windows executable and other files which would imply that they also took down their long-running TrueCrypt site.
Which, of course, leaves us asking why? We don’t know because we don’t know anything about them or their motives. They might be in Russia or China where Windows XP is still a big deal (with a more than 50% share) and personally annoyed with Microsoft for cutting off support for Windows XP. Or anything else.
What’s creepy is that we may never know.