Editing TrueCrypt (section)

== History ==
{{see also|TrueCrypt release history}}
TrueCrypt was initially released as version 1.0 in February 2004, based on [[E4M]] (Encryption for the Masses). Several versions and many additional minor releases have been made since then, with the most current version being 7.1a.<ref name="version-history"/>

=== E4M and SecurStar dispute ===
Original release of TrueCrypt was made by anonymous developers called "the TrueCrypt Team".<ref>{{cite web | title =Version Information | work =TrueCrypt User's Guide, version 1.0 | publisher =TrueCrypt Team | date =2 February 2004 | url =http://www.truecrypt.org/usersguide | access-date = 28 May 2014 }}{{dead link|date=July 2020|bot=medic}}{{cbignore|bot=medic}} [http://alt.security.scramdisk.narkive.com/0PPFbtws/copy-of-truecrypt-user-manual Alt URL]</ref> Shortly after version 1.0 was released in 2004, the TrueCrypt Team reported receiving email from Wilfried Hafner, manager of SecurStar, a computer security company.<ref name=emails/> According to the TrueCrypt Team, Hafner claimed in the email that the acknowledged author of E4M, developer [[Paul Le Roux]], had stolen the [[source code]] from SecurStar as an employee.<ref name=emails/> It was further stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on the code and distribute it freely. Hafner alleges all versions of E4M always belonged only to SecurStar, and Le Roux did not have any right to release it under such a license.<ref name=emails/><ref  name=truecrypt-isis >{{cite magazine | url=https://www.newyorker.com/news/news-desk/the-strange-origins-of-truecrypt-isiss-favored-encryption-tool | title=The Strange Origins of TrueCrypt, ISIS's Favored Encryption Tool | magazine=The New Yorker | date=30 March 2016 | last1=Ratliff | first1=Evan }}</ref>

This led the TrueCrypt Team to immediately stop developing and distributing TrueCrypt, which they announced online through [[usenet]].<ref name=emails>{{cite newsgroup | title =P. Le Roux (author of E4M) accused by W.Hafner (SecurStar) | author =TrueCrypt Team | date =3 February 2004 | newsgroup =alt.security.scramdisk |message-id=a7b8b26d77f67aa7c5cc3f55b84c3975@news.teranews.com | url =https://groups.google.com/forum/#!topic/alt.security.scramdisk/HYa8Wb_4acs | access-date = 28 May 2014}}</ref> TrueCrypt Team member David Tesařík stated that Le Roux informed the team that there was a legal dispute between himself and SecurStar, and that he received legal advisement not to comment on any issues of the case. Tesařík concluded that should the TrueCrypt Team continue distributing TrueCrypt, Le Roux may ultimately be held liable and be forced to pay consequent damages to SecurStar. To continue in good faith, he said, the team would need to verify the validity of the E4M license. However, because of Le Roux's need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.<ref name=emails/><ref name=summary>{{cite newsgroup | title =Summary of current TrueCrypt situation...? | author =David T. | date =7 February 2004 | newsgroup =alt.security.scramdisk |message-id=30e9930aece70b0f63435ecd85a67736@news.teranews.com | url =https://groups.google.com/d/msg/alt.security.scramdisk/I4F5-_MmBGg/U6kATrKKMLoJ | access-date = 28 May 2014}}</ref>

Thereafter, would-be visitors reported trouble accessing the TrueCrypt website, and third-party mirrors appeared online making the source code and installer continually available, outside of official sanction by the TrueCrypt Team.<ref>{{cite newsgroup | title =Truecrypt for David T. from Truecrypt-Team | author =Carsten Krueger | date =7 February 2004 | newsgroup =alt.security.scramdisk |message-id=76va20di0jami8nspk743kuddgj6etabhh@4ax.com | url =https://groups.google.com/forum/#!topic/alt.security.scramdisk/rptNbr00X_k | access-date = 28 May 2014}}</ref><ref>{{cite newsgroup | title =Unofficial TrueCrypt Site | author =Andraia Matrix | date =6 February 2004 | newsgroup =alt.security.scramdisk |message-id=76va20di0jami8nspk743kuddgj6etabhh@4ax.com | url =https://groups.google.com/forum/#!topic/alt.security.scramdisk/UvYU3tXboDE/2CYWE9TQvDsJ | access-date = 28 May 2014}}</ref>

In the FAQ section of its website, SecurStar maintains its claims of ownership over both E4M and [[Scramdisk]], another free encryption program. The company states that with those products, SecurStar "had a long tradition of open source<!-- AutoEd: rm unicode ctrl char w/no win-1252 mapping, intent unknown --> software", but that "competitors had nothing better to do but to steal<!-- AutoEd: rm unicode ctrl char w/no win-1252 mapping, intent unknown --> our source code", causing the company to make its products [[Proprietary software|closed-source]], forcing potential customers to place a substantial order and sign a [[non-disclosure agreement]] before being allowed to review the code for security.<ref>{{cite web |title=Is the source code of your software available? |work=Drivecrypt FAQ |publisher=SecurStar |url=http://www.securstar.com/faq_drivecrypt.php |access-date=28 May 2014 |archive-url=https://web.archive.org/web/20140605052751/http://www.securstar.com/faq_drivecrypt.php |archive-date=5 June 2014 |url-status=dead |df=dmy }}</ref>

Le Roux himself has denied developing TrueCrypt in a court hearing in March 2016, in which he also confirmed he had written E4M.<ref name=ref19>{{cite web |url=https://mastermind.atavist.com/the-next-big-deal |title=The Next Big Deal |last=Ratliff |first=Evan |date=29 April 2016 |access-date=1 May 2016 |archive-date=29 April 2016 |archive-url=https://web.archive.org/web/20160429124424/https://mastermind.atavist.com/the-next-big-deal |url-status=dead }}</ref>

=== Version 2.0 ===
Months later on 7 June 2004, TrueCrypt 2.0 was released.<ref name="version-history"/> The new version contained a different [[digital signature]] from that of the original TrueCrypt Team, with the developers now being referred to as "the TrueCrypt Foundation." The [[software license]] was also changed to the [[Open-source license|open source]] [[GNU General Public License]] (GPL). However, given the wide range of components with differing licenses making up the software, and the contested nature of the legality of the program's release, a few weeks later on 21 June, version 2.1 was released under the original E4M license to avoid potential problems relating to the GPL license.<ref name="version-history"/><ref>{{cite web |title=Version History |work=TrueCrypt User's Guide, version 3.1a |publisher=TrueCrypt Foundation |date=7 February 2005 |url-status=live |url=http://docs.huihoo.com/truecrypt/truecrypt-3.1a-user-guide.pdf |access-date=2 March 2017 |archive-url=https://web.archive.org/web/20081230095719/http://docs.huihoo.com/truecrypt/truecrypt-3.1a-user-guide.pdf |archive-date=30 December 2008}}</ref>

Version 2.1a of the software was released on 1 October 2004 on <code>truecrypt.sourceforge.net</code> [[domain name|sub-domain]].<ref name="version-history"/> By May 2005, the original TrueCrypt website returned and <code>truecrypt.sourceforge.net</code> [[URL redirection|redirected]] visitors to <code>truecrypt.org</code>.

=== End of life announcement ===
On 28 May 2014, the TrueCrypt official website, <code>truecrypt.org</code>, began redirecting visitors to <code>truecrypt.sourceforge.net</code> with a [[HTTP 301|HTTP 301 "Moved Permanently" status]], which warned that the software may contain unfixed security issues, and that development of TrueCrypt was ended in May 2014, following Windows XP's end of support. The message noted that more recent versions of Windows have built-in support for disk encryption using [[BitLocker]], and that Linux and OS X had similar built-in solutions, which the message states renders TrueCrypt unnecessary. The page recommends any data encrypted by TrueCrypt be migrated to other encryption setups and offered instructions on moving to BitLocker. The SourceForge project page for the software at <code>sourceforge.net/truecrypt</code> was updated to display the same initial message, and the status was changed to "inactive".<ref name=sourceforgeproj>{{cite web |last=tc-foundation |title=TrueCrypt project page |publisher=[[SourceForge]] |date=28 May 2014 |url=http://sourceforge.net/projects/truecrypt/ |access-date=30 May 2014 |archive-url=https://web.archive.org/web/20140530161229/http://sourceforge.net/projects/truecrypt/ |archive-date=30 May 2014 |url-status=dead |df=dmy }}</ref> The page also announced a new software version, 7.2, which only allows decryption.

Initially, the authenticity of the announcement and new software was questioned.<ref>{{Citation | last =Goodin | first =Dan | title ="TrueCrypt is not secure," official SourceForge page abruptly warns | work=[[Ars Technica]] |publisher=[[Condé Nast]] | date =28 May 2014 | url =https://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/ | access-date = 28 May 2014}}</ref><ref name=DailyDotONeill>{{cite news|last=O'Neill|first=Patrick|title=TrueCrypt, encryption tool used by Snowden, shuts down due to alleged 'security issues'|url=http://www.dailydot.com/technology/truecrypt-dead-unsecure/|access-date=28 May 2014|newspaper=The Daily Dot|date=28 May 2014}}</ref><ref>{{citation|last=McAllister|first=Neil|title=TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'|publisher=The Register|date=28 May 2014|url=https://www.theregister.co.uk/2014/05/28/truecrypt_hack/|access-date=29 May 2014}}</ref> Multiple theories attempting to explain the reason behind the announcement arose throughout the tech community.<ref>{{Citation|last =Goodin | first =Dan | title =Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above? | work=[[Ars Technica]] |publisher=[[Condé Nast]]a | date =29 May 2014 | url =https://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/| access-date = 29 May 2014}}</ref><ref name=gibson>{{Citation |last =Gibson | first =Steve | title =TrueCrypt, the final release, archive | publisher=Gibson Research Corporation | date =5 June 2014 | url =https://www.grc.com/misc/truecrypt/truecrypt.htm | access-date = 1 August 2014}}</ref>

Shortly after the end of life announcement of TrueCrypt, [[Gibson Research Corporation]] posted an announcement titled "Yes... TrueCrypt is still safe to use" and a Final Release Repository to host the last official non-crippled version 7.1a of TrueCrypt.<ref name=gibson /> They no longer host the final release repository as of 2022.

Truecrypt.org has been excluded from the Internet Archive [[Wayback Machine]].<ref>{{cite web | url=http://truecrypt.org/ | title=TrueCrypt |archive-url=https://web.archive.org/web/20140101010101/http://truecrypt.org/ |archive-date=2014-01-01 }}</ref> The exclusion policy says they will exclude pages at the site owner's request.<ref>[https://help.archive.org/help/wayback-machine-general-information/ Wayback Machine General Information] Internet Archive</ref>