The community has collected more than $ 60,000 for an open, independent audit of TrueCrypt

According to statistics from the official site, the program for working with encrypted partitions and TrueCrypt files was downloaded almost thirty million times. It is one of the most, if not the most massive cryptographic tool available to the mere mortal and at the same time possessing rich and deep capabilities.

Next year, TrueCrypt will be ten years old. Despite such a considerable age, during all this time there has not been a formal independent audit of the program code. Like many other Open Source projects, developers are constantly working on new features and fixing bugs, but they don’t find the time, money, or opportunities for such events. There are other problems with TrueCrypt - the license is not completely clear and understandable, there is no official code repository on GitHub or another similar platform, the compilation and assembly process is not formalized, which makes it impossible to guarantee the identity of the program on different platforms.

All this, as well as Edward Snowden's revelations about total surveillance and NSA bookmarks in the cryptographic software, which cast a shadow on TrueCrypt, was inspired by Kenneth White, a programmer and biotechnology specialist, and Matthew Green, a professor at John Hopkins University and a cryptologist, and John Hopkins, a cryptographer and biotechnology specialist, a professor at John Hopkins University and a cryptologist, and John Hopkins University professor and cryptologist start a crowdfunding campaign, the purpose of which is to conduct a full audit of the TrueCrypt code, put its license in order, develop and document a standard binary build algorithm on all platforms and create a public code repository. The idea was also supported by the TrueCrypt development team.

Fundraising is carried out on two crowdfunding platforms - FundFill and IndieGoGo , and FundFill accepts not only payment cards, but also bitcoins. At the time of writing, $ 62,953 dollars were raised at both sites. In addition, a project site was created with a detailed description of the objectives, audit methods and current campaign news.
')
The preliminary plan for bringing TrueCrypt in order consists of four points:

1. License revision. TrueCrypt is published under an old, non-standard, and perhaps not entirely free and open license. Professional lawyers will analyze and edit it.
2. Standardization of binaries. Most users download TrueCrypt in compiled form. It is necessary to develop a standard build procedure on all platforms, which guarantees TrueCrypt to work correctly in any environment, similar to the one used by Tor .
3. Premiums for found bugs. If sufficient funds are raised, a fund will be created from which rewards for the found vulnerabilities will be paid.
4. Professional audit. All the code will be examined by experts from one of the reputable companies with experience in cryptographic software security audit.

TrueCrypt contains more than 70,000 lines of code in Assembler, C and C ++. The IndieGoGo campaign ends December 13th. If everything goes according to plan, the code audit will be completed in February next year.