It seems that Truecrypt is too popular a tool for people to give up on it and version 7.1a is still available for download.
A website has sprung up at truecrypt.ch offering downloads of Truecrypt binaries and source code.
The download site appears to have been set up by a Swiss national and provides links to multiplatform version of Truecrypt 7.1a – as well as an archive hosting everything going back to version 1.0 of the software.
Unfortunately the site does not host a download of the source code, but it does link to a GitHub repository with it in.
This is an excellent resource, as truecrypt is a genuinely useful tool for people wishing to keep information private.
There is one important caveat here, however, in that there is no way to confirm the provenance or validity of any software you download from this site. It is not owned by the truecrypt developers and, most people, will not be able to determine if the binaries have been tampered with.
As a result, and this is always good practice, if you opt to download Truecrypt from this site make sure you also check the digital signature (a “hash” value) against something you know to be correct.
The hash values will differ depending on how you generate them but most sites will list a selection. As an example, you can use the following sites to verify the signature of a truecrypt download:
- http://truecryptcheck.wordpress.com/
- http://video2.golem.de/files/1/8/13138/truecrypt_7.1a_download_und_hashwerte.txt?start=0.00 (note: this site is provided by Truecrypt.ch)
- https://defuse.ca/truecrypt-7.1a-hashes.htm
And yes, the third site provides different hashes because it has assessed different versions of the Truecrypt 7.1a binary.
So, in summary, you can still download truecrypt but you need to put a lot more effort into make sure what you get the real thing. If this is important to you, you need to download a different encryption package.