Several people have been asking for an update on our public audit of the Truecrypt disk encryption software. I’m happy to say that the project is on track and proceeding apace. Here I wanted to give a few quick updates:
- Thanks to the amazingly generous donations of 1,434 individual donors from over 90 countries, as of today, we’ve collected $62,104 USD and 32.6 BTC* towards this effort. This is an unbelievable response and I can’t thank our donors enough. I’m blown away that this is happening.
- We’ve assembled a stellar technical advisory board to make sure we spend this money properly and generally to keep us honest. More details shortly.
- In order to make best use of the donated funds and manage on-going governance of the project, we’ve incorporated as a non-profit corporation in North Carolina—the Open Crypto Audit Project (OCAP)—and are currently seeking 501c(3) tax-exempt designation. Board members include myself, Kenn White (who has been doing most of the heavy organizational lifting) and the amazing Marcia Hoffman. We have high hopes that OCAP will find a purpose beyond this Truecrypt audit.
- The Open Technology Fund has generously agreed to donate a substantial amount of contracted evaluation time to our effort
- And finally, the most exciting news: we’ve signed a first contract with iSEC partners to evaluate large portions of the Windows software and bootloader code. This review will begin in January.
Let me add one more personal note.
I usually take a pretty skeptical attitude on this blog when it comes to Internet security. For the most part we do things wrong, and I used to think most people didn’t care. The fact is that I was wrong. If the response to our audit call is any evidence, you do care. You care a lot.