grr..
Anyways, I agree.
I work in IT, specifically in systems engineering and digital forensics (CPTS) and have a background with countless operating systems over a 30 year history of systems use. I've used and trusted TrueCrypt for quite a long time due to my own research into the components that make up it's most intense cryptographic solution (AES+Serpent+twofish with Whirlpool-hashing). I've long believed that a single block-cipher implementation is 'putting all of your eggs in one basket', so to speak.
Bitlocker, while I have no proof of specific backdoors... I'll just say that the allegations in and of themselves are enough to lead me to question the wisdom of implementing it in any situation where *complete and total* cryptographic coverage is required.
Now, that said: Look back over the past few years of digital crimes news, and you'll find a case that occurred in England, where the courts essentially jailed a man as a means to compel him to release his TrueCrypt credentials because GBHQ (England's own equivalent to our NSA) could not crack his USB drives.
If memory serves, the defendant in that case was using a version prior to v7.2. I can't say for sure it was v7.1a, but as others here have observed, that particular build has been considered stable and secure by its users for 2 years +. So, until something truly superior comes along, I think I'll still keep some trust in the build of TrueCrypt that I've been using and of which I keep backups of the installation binaries for multiple platforms. I've always tended to use it in my own way, opting for a large file-type-vault on USB drives along with the TrueCrypt Traveler Disk files to make it portable, along with a few totally non-sensitive tools for quick access to things (ex: Putty portable; UltraVNC Viewer, etc). I still believe it to be a good solution because we really have no reason to trust or distrust the credibility of the published shutdown statement. The reasons given for the shutdown are dubious due to the lack of any substantiating information to back up the claims of unfixed security flaws. And like some here, a stable build like v7.1a isn't something I'm just going to throw out because of an unsubstantiated claim of a flaw. I'll await the results of the continuing audit and then base my decision on my own knowledge of the feasibility of exploit. There are many flaws in security systems that are just simply too unfeasible to attack using theorized methodology, and tend to have requirements that even the best organized technical operative would be hard pressed to achieve under the most perfect of conditions.
/www.daemon-tools.cc/products/dtultra
Facebook
Twitter