TrueCrypt may live on after all as CipherShed

Martin Brinkmann
Sep 19, 2014
Encryption, Security

The developers of TrueCrypt made the decision to retire the encryption software a couple of months ago. The reason given by them was that TrueCrypt was no longer secure and that users should move to other encryption products instead.

No further information were given at that point in time and rumors began to spread. This included forced cooperation with America's NSA, severe security bugs that the developers found in the software and rumors that the security audit of it was going less than well.

It is several months later now and things have not changed since. The second part of the audit, the crypto-analysis is currently underway and results will be published to the public once it completes.

TrueCrypt development has stopped however and while there is still a chance that one or multiple of the original developers will start to work on the project again at a later point in time, it seems unlikely that this is going to happen anytime soon.

A project that gained some traction recently is CipherShed. It is a fork of the discontinued TrueCrypt project which means that it is based on the same code.

According to project information, the TrueCrypt license allows the forking of the program if it is not named TrueCrypt or referencing it.

That's why the fork is called Ciphershed and not TrueCrypt2 or TrueCrypt++ or something like that.

Downloads are not provided currently but a first screenshot shows how similar the interface looks to the original TrueCrypt interface.

The first version will be re-branded version of TrueCrypt 7.1a, the most recent version of the software. Binaries for Windows, Linux and Mac will be provided, and signed and verifiable binaries and compiled source code will be provided.

It is interesting to note that the project goals go beyond a mere fork. The project goals include efforts to secure the code "through audits, simplification and a secure architecture", and to cooperate with existing efforts such as the Open Crypto Audit Project. The developers plan to fix the vulnerabilities found by the security audit of TrueCrypt in the next release.

Additional information about the roadmap and the team can be found on the official project wiki.

Closing Words

While some users may not want to go back to TrueCrypt or any fork of the software, others may appreciate that the software will live on albeit with a different name and maintained by a different team.

That's not necessarily a bad thing though considering that the Ciphershed team is not anonymous like the TrueCrypt team was.

What's your take on this?


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Cave said on March 9, 2012 at 9:38 pm

    Well, considering that the NSA and various other US-Agencies don’t need your key, you should really use this…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.