Earlier this week, the website for free encryption software TrueCrypt was updated with mysterious information saying the program might not be secure and to use Microsoft's BitLocker instead. It was abrupt and disconcerning, but here's what really happened.
The anonymous developers of TrueCrypt decided, for reasons still unknown, to kill off the app and created a version 7.2 that could no longer create new encrypted volumes but could only view them. Security firm Gibson Research Corporation sums it up like this:
For reasons that are still unclear three days after the event, TrueCrypt's developers chose not to graciously turn their beloved creation over to a wider Internet development community, but rather to attempt to kill it off by creating a dramatically neutered 7.2 version that can only be used to view, but no longer to create new, TrueCrypt volumes. Then, leveraging the perverse and wrongheaded belief that unsupported software inherently renders it untrustworthy, they attempted to foreclose on TrueCrypt's current and continued use by warning the industry that future problems would go unrepaired.
But that's not the way the Internet works. Having created something of such enduring value, which inherently requires significant trust and buy-in, they are rightly unable to now take it back. They might be done with it, but the rest of us are not.
The independent audit of TrueCrypt will continue (the program passed the first phase), and there's talk and interest of forking the software and keeping it alive.
In the meantime, GRC has posted the files for all of TrueCrypt's final (fully working) version, 7.1a here, so you can download it and continue on your merry encryption way.