[8] Shortly after version 1.0 was released in 2004, the TrueCrypt Team reported receiving email from Wilfried Hafner, manager of SecurStar, a computer security company.
[9] According to the TrueCrypt Team, Hafner claimed in the email that the acknowledged author of E4M, developer Paul Le Roux, had stolen the source code from SecurStar as an employee.
However, because of Le Roux's need to remain silent on the matter, he was unable to confirm or deny its legitimacy, keeping TrueCrypt development in limbo.
The company states that with those products, SecurStar "had a long tradition of open source software", but that "competitors had nothing better to do but to steal our source code", causing the company to make its products closed-source, forcing potential customers to place a substantial order and sign a non-disclosure agreement before being allowed to review the code for security.
The SourceForge project page for the software at sourceforge.net/truecrypt was updated to display the same initial message, and the status was changed to "inactive".
[33] Early versions of TrueCrypt until 2007 also supported the block ciphers Blowfish, CAST-128, TDEA and IDEA; but these were deprecated due to having relatively lower 64-bit security and patent licensing issues.
[38] In addition, the Windows versions of TrueCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.
[40] In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability.
[41] There was a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.
[44] Forensics tools may use these properties of file size, apparent lack of a header, and randomness tests to attempt to identify TrueCrypt volumes.
[50] In another article the performance cost was found to be unnoticeable when working with "popular desktop applications in a reasonable manner", but it was noted that "power users will complain".
[52] This is caused by the inappropriate design of FlexNet Publisher writing to the first drive track and overwriting whatever non-Windows bootloader exists there.
TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered).
[58] The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[59][60] has been shown capable of tampering TrueCrypt's MBR, effectively bypassing TrueCrypt's full volume encryption.
The first type of attack can be prevented as usual by good security practices, e.g. avoid running non-trusted executables with administrative privileges.
[67] In 2013 a graduate student at Concordia University published a detailed online report, in which he states that he has confirmed the integrity of the distributed Windows binaries of version 7.1a.
This audit "found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances".
[79] According to Gibson Research Corporation, Steven Barnhart wrote to an email address for a TrueCrypt Foundation member he had used in the past and received several replies from "David".
According to Barnhart, the main points of the email messages were that the TrueCrypt Foundation was "happy with the audit, it didn't spark anything", and that the reason for the announcement was that "there is no longer interest [in maintaining the project].
In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes.
[83][84] In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives.
[85][86] The court's ruling noted that FBI forensic examiners were unable to get past TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe's Fifth Amendment right to remain silent legally prevented the Government from making them do so.
[87][88] On 18 August 2013 David Miranda, partner of journalist Glenn Greenwald, was detained at London's Heathrow Airport by Metropolitan Police while en route to Rio de Janeiro from Berlin.
He was carrying with him an external hard drive said to be containing sensitive documents pertaining to the 2013 global surveillance disclosures sparked by Edward Snowden.
[89] Detective Superintendent Caroline Goode stated the hard drive contained around 60 gigabytes of data, "of which only 20 have been accessed to date."
"[89] Guardian contributor Naomi Colvin concluded the statements were misleading, stating that it was possible Goode was not even referring to any actual encrypted material, but rather deleted files reconstructed from unencrypted, unallocated space on the hard drive, or even plaintext documents from Miranda's personal effects.
[90] Greenwald supported this assessment in an interview with Democracy Now!, mentioning that the UK government filed an affidavit asking the court to allow them to retain possession of Miranda's belongings.
The grounds for the request were that they could not break the encryption, and were only able to access 75 of the documents that he was carrying, which Greenwald said "most of which were probably ones related to his school work and personal use".
On 10 May 2016 a District Judge (Magistrate's Court) rejected a request by the NCA that Love be forced to turn over his encryption keys or passwords to TrueCrypt files on an SD card and hard drives that were among the confiscated property.
He decrypted some of encrypted files by trying words and phrases the druking group had used elsewhere as parts of the passphrase in order to make educated guesses.