TrueCrypt To Go Through a Crowdfunded, Public Security Audit

An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)

Hmmm...

But who will audit the auditors?

Re:Hmmm...

[adolf]

Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."

Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."

(Oh, encryption experts are immune to subterfuge, greed, bottomless debt, double-dipping, and generally being nafarious? I thought that they were just human like the rest of us!)

(And for the record, once one "independent" party accepts money from another party with a dog in the race, they cease being "independent" about the matter at-hand.)

(See also: Whitewash.)