TrueCrypt security audit presses on, despite developers jumping ship

TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago.

Phase II of the security audit was already scheduled to commence when Wednesday's bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for.

"We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday's circumstances," Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. "We don't want there to remain all sorts of questions or scenarios or what ifs in people's minds. TrueCrypt has been around for 10 years and it's never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis."

Read 5 remaining paragraphs | Comments