CipherShed: A replacement for TrueCrypt

Ever since TrueCrypt developers terminated the development of the popular encryption utility and announced that it was not safe to use, users who need such a tool have been looking for an alternative, safe solution.

While the Open Crypt Audit Project, headed by cryptographer Matthew Green and Kenneth White, Principal Scientist at Social & Scientific Systems, has been considering whether to take over the development of TrueCrypt and is working on the second phase of the audit process (a thorough analysis of the code responsable for the actual encryption process), one of TrueCrypt’s developers has expressed his disapproval of a project that would fork the software.

“I don’t feel that forking TrueCrypt would be a good idea, a complete rewrite was something we wanted to do for a while,” he said. “I believe that starting from scratch wouldn’t require much more work than actually learning and understanding all of TrueCrypt’s current codebase. I have no problem with the source code being used as reference.”

But, as the need for a secure alternative to TrueCrypt is great, there have been attempts to fork the software. One of these projects, initially found on Truecrypt.ch, will definitely be forking TrueCrypt.

The developers, who in this case are publicly known, have renamed the fork into CipherShed. According to the TrueCrypt open source license, the forking of the code is permitted if all references to TrueCrypt are removed from it, and if the final software hasn’t got “TrueCrypt” in its name.

“CipherShed is cross-platform; it will be available for Windows, Mac OS and GNU/Linux,” the developers say. It will also be open source and free of charge.

They are now auditing the TrueCrypt code for security issues and are cleaning up the code, and according to project initiator Jos Doekbrijder, an alpha release of CipherShed will be made available for download soon.

This release will be based on the latest full version of TrueCrypt (v7.1a), but eventually the group is aiming to create an entirely new product that will contain none of TrueCrypt’s code.

They want to create a simple tool that will do a few things well, will be able to work with old TrueCrypt containers, and will work on newer systems. The developers also mean to implement new crypto algorithms as they come along, Doekbrijder commented for eSecurity Planet.