TrueCrypt recently announced that “Using TrueCrypt is not secure as it may contain unfixed security issues”. We have been carefully researching the situation to provide appropriate information to our customers concerning this piece of news.
An independent audit published by iSEC has not identified any security flaws in TrueCrypt. “iSEC found no evidence of backdoors or intentional flaws.” You can follow this link to learn more about the iSEC partner’s TrueCrypt audit.
The most important fact to understand is that the TrueCrypt developers are no longer developing the software. Without active development, vulnerabilities may creep into the software. What this means is that you may want to consider alternative means of encryption for your backups. While TrueCrypt may be secure now (as all available information we’ve seen has indicated), it may not remain secure in the future.
BackupAssist includes TrueCrypt as the encryption option for its File Protection backups. If you require encryption and do not want to use TrueCrypt, two alternative encryption solutions are described below:
- Firstly you could change from File Protection to BackupAssist File Archiving, which uses industry strength encryption without relying on TrueCrypt. You can read our File Archiving documentation for more information.
- Alternatively you could disable encryption in your File Protection job, and instead utilize the built-in encryption capabilities of BitLocker on Windows systems.For more information about using BitLocker with BackupAssist, please review our BitLocker blog article.
Be assured, we are also looking at other alternative encryption methods and these will be introduced within BackupAssist in the near future.