Freaky. Crypto darling TrueCrypt’s website was updated with big red message saying “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”. Users were encouraged to migrate to Microsoft’s Bitlocker, all previous binaries were removed, and the latest version removes all encryption capabilities.
So: National Security Letter? Devs got bored of it? Or maybe Bitlocker really is just that good?
The conspiracy theorists are going to have a field day with this one.
Assuming the announcement is legit (and there are hints that it is), maybe they simply obtained proof that TrueCrypt really was easily cracked (Snowden document about the NSA, or just a bunch of scripts on some cracker site), and they decided to scuttle rather than give people false security.
It doesn’t necessarily mean that BitLocker is all that good, just that it provides equivalent protection (or lack thereof) and that Microsoft has more resources to upgrade it in the future than the TrueCrypt developers have.
Or maybe the TrueCrypt developers have found a job in encryption with a broad no-competition clause.
What what what, I just found this out from the TC site. I thought TC was unbreakable! Didn’t some government agency try and fail to decrypt someone’s files? Why isn’t this bigger news? Is TC really insecure? Drat, now I have to find encryption software AGAIN.
And now I can’t find one of my posts recommending TC. Are they wiping all references to it as well 
? </conspiracytheory>
The explanation seems to be that the developers didn’t want to maintain it any longer, and thus any subsequent issues found would not be fixed, and not that there was any issue actually found.
So don’t panic. Stick with version 7.1a for now, don’t upgrade to 7.2.
Or if you would believe somebody called Alyssa Rowan (I don’t know who she is), maybe it was a NSA letter: http://meta.ath0.com/2014/05/30/truecrypt-warrant-canary-confirmed/
A duress canary in this context is a way for somebody to say “We’ve been compromised by the government” without really saying it, because saying it directly would result in, oh, Gitmo or such.
It’s big news in the tech world. TrueCrypt is probably beyond most local/small law enforcement agencies’ ability to break. We have no idea if the three-letter agencies can work around it.
The last version before this incident is probably still fine to use, casually, if you’re not harboring treacherous state secrets. If you are, man, you better find a better security forum than the Dope.
FWIW - Snowden used and recommended TrueCrypt - it was certainly his impression that the NSA could not break it as of relatively recently.
The opinion seems to be split between over paranoid developers saying that “well if we no longer have control of it - we aren’t making any promises” to they got a national security letter. I don’t think it is the second one - and true crypt seems more NSA / fed proof than any other solution out there - so what are the alternatives. There are at least three cases on record where the government has basically admitted in court they couldn’t break TrueCrypt. There is always the possibility the NSA can, but someone raised $25,000 for an audit of their software - and found nothing suspicious (audit wasn’t finished though- but this was taken as a good sign).
So in other words - people accused of Child Porn level offenses have basically gotten off cause of True Crypt. Unless you think the government hates you more than a child molestor - you are probably safe (but I’d double check those hashes if I were you!).
ETA: on rereading - basically what Reply said 
I don’t follow your reasoning. Surely TrueCrypt would be more, not less, likely to attract government interference if it’s strong enough to resist TLA cracking.