TrueCrypt: What Happened, What It Means, and What Happens Now
Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over. …