So it seems that every year a thread comes along linking to a particular blog post posing the question of TrueCrypt being a honeypot, and outlining the (at best) circumstantial evidence. Here it is in 2010. Here it is again in 2011, and here in 2012. (There may be even more). Given recent developments, (and the fact that even in all those threads, aside from this post, no one fully addressed the points made directly), I'd like to revisit this piece. First, in his recent "guide to staying secure" piece for The Guardian, Bruce Schneier admitted to using TrueCrypt. On his blog, he elaborated, explaining that he is just playing the odds...and TC "is less likely to be backdoored than either PGP Disk (what I was previously using) or BitLocker". This kept discussion of the program alive and well in the comments of the blog. One commenter in particular has posted multiple times (on multiple blog entries) a listing of "suspicious" aspects of the background surrounding TC (much like the one mentioned above that keeps popping up here in the forum). Given this continued debate, I figure this is worthy of another visit. In the original thread, the blogger actually came and listed his points here in the forum, so we can easily address each one: So what? As one commenter pointed out on Schneier's blog, the same people who point that out are also happy to ask: "Would the US-government leave a US-company like Truecrypt in peace and do nothing while they develop 'uncrackable' encryption?" Answer: maybe not. Which is why such developers would have an interest in being anonymous, no? (Ever read the history of PGP and how Zimmerman was targeted? Why wouldn't developers want to avoid that?) You can't have it both ways. Either they should be happy to have the world know who they are and that they are designing encryption that is confounding governments, which then makes their secrecy is suspicious, or it makes perfect sense, and they're smart enough to realize that not everyone would take kindly to the work they're doing. a) I'm sorry, have we never heard of freeware before? Granted, in the blog post, he claims it's just two developers doing everything on TC. This is hard to believe...but I've never heard this anywhere else, nor do I know how it would be confirmed, especially given point #1 (again, you can't have it both ways). b) There's been a huge donation banner on every page of the TC site for as long as I can remember. With a ranking in the top 30k sites on the entire www, I imagine traffic is enough to garner a decent payout (particularly when you consider typical donation behavior, with random large donations from people who have the money and interest in backing projects/causes they support.) c) Have you looked at the release history? It's not exactly like new versions are coming out every 90 or even 180 days. I'm not sure what this is supposed to prove. If he just means more pieces or steps are needed over the years as development takes place, I don't see how this is out of the ordinary. The program is nearly a decade old. And as he admits, it's complex. Is there some reason it should get easier to compile? He also states: "it is exceedingly difficult to generate binaries from source that match the binaries provided by Truecrypt". I'm not sure where this comes from. TC binaries are digitally signed. It is basically impossible to generate binaries that would match those provided on the site. This is not news, and is openly stated in the TC documentation. Obviously, the binaries have to be signed to be installable on Windows systems, and obviously if they're signed, any hash generated by the binaries is not going to match a hash from a binary you compile yourself, even if the source is the same. a) Even though the blog post was published in late 2010, this is an argument even older than that, and one which at least some have argued was made moot, even as early as 2009. b) Even supposing the license is restrictive...what does this prove again, exactly? This is simply not true, and I don't know if the author is simply ignorant of any of the reviews that have taken place, or is simply being disingenuous just to help his article. As I mentioned here, the Ubuntu Privacy Remix team, for example, has been analyzing the source code since version 4.2a. As far as I know, they're the ones who exposed the behavior difference of the way the program fills the last 65024 bytes of the header in Linux vs. Windows. Here's their latest writeup. Here's a 2008 technical analysis from a French organization. And f-ing Bruce Schneier published a paper actually breaking the deniable encryption feature of version 5.1a. Again, that was in 2008...a full two years before this guy posted his article. No excuses. Those are just notable ones I know of off the top of my head. I'm sure if one were properly motivated (say, I don't know, doing research for a blog article), one could likely find more. Not only that, but even if you couldn't, I really don't see how someone could claim it's "never been reviewed", just because you didn't happen to find one. And finally, as has been brought up many times, (and as the author himself offers an example of in the article) there are multiple cases of government agencies at virtually every level being unable to crack TC volumes. If they have some backdoor, or some practical cryptanalysis...they sure are letting a bunch of decently significant cases out the door in the name of keeping it a secret. (And really...if keeping a backdoor a secret was really a priority, do you honestly believe the federal government couldn't hide how they got the data?) We already know agencies have covered up and lied about their methods and sources before. They could easily say the encryption wasn't implemented properly, or that they were given the keys or that the suspect accidentally revealed information that allowed them to guess, or that they were simply weak keys...or that the encryption was some different cipher, known to be much easier to break...or even that there was no encryption of the files at all. (Who's going to even hear the criminal call them liars, let alone believe him, a convicted felon?) And what's more, how exactly is this backdoor kept a secret when it actually is used? Why can't they just hide it that way, and use it all the time? The only reason I see for saying they couldn't break the encryption of a suspected child pornographer...is that it is the truth (and they need permission from the court to use other methods to gain the intel/evidence needed against him). I'll grant this is a bit odd, but not totally unheard off. Look at the censorship in these forums. Posts are edited and content removed and threads deleted without warning all the time. And not because it's blatant spam or malicious behavior...but because it's simply "off topic"...or because it touches on a subject that doesn't jive with the set "rules". Does that mean Wilders is a CIA front? I'm all for finding a reason to not use TrueCrypt (or any other security software for that matter). Truth be told I hope you can't, but if one does exist, I'd surely like to know about it so I can stop using it sooner rather than later. So if there is one, please give it to me. But extremely-circumstantial evidence (at best) and outright falsehoods at worst, aren't going to suffice.