In late May of 2014 the developers of Truecrypt posted version 7.2 with some issues that caused a flurry of concern and activity ultimately resulting in the developers attempting to shut down the product.  It appears as of now that there may be some shenanigans going on in the code, but nobody knows for sure at this point.  All we know is that 7.2 was compromised and should be avoided.

However, if you are considering abandoning TC altogether, you might want to delay a bit until more is known.  First off, the program has not been abandoned by the community and is hastily reforming in what is hoped will ultimately be a clean version thoroughly examined by the open source community.  Second, many clients have a tremendous investment in the program, and change will be expensive.  Third, it still works as far as anyone knows.  There has been no “skeleton key” disclosure, and as of now it seems at worst that a large government agency can read the files, but they are not a threat to most people’s use.

Digital Trust’s guidance on the software at this time is: if you are traveling with highly sensitive material and relying on Truecrypt to avoid compromise by another agency, (you’re a fool and) change those travelling devices to another form of encryption.  If however, you are in a relatively safe security environment and relying on Truecrypt to protect basic privacy and legal confidence, take no action at this time, unless you are using version 7.2, in which case we advise immediate downgrading and cleanup.

The cost of converting existing business assets to a new program should be weighed against the likelihood that all of this ends benignly.  For the majority of our clients we are advising you to remain with Truecrypt and simply not upgrade to 7.2.  Should the situation change, we will recommend further action at that time, but for now, just keep working with what you have.

To be as clear as possible: those clients currently relying on 7.1a or lower should continue to do so and not upgrade past 7.1a.

“Keep calm and don’t upgrade.”