For nearly a decade, TrueCrypt has been one of the trusty tools in a security-minded user’s toolkit. There’s just one problem: no one knows who created the software. Worse still, no one has ever conducted a full security audit on it—until now.
Since last month, a handful of cryptographers have discussed new problems and alternatives to the popular application. On Monday, this culminated in a public call to perform a full security audit on TrueCrypt. As of Tuesday afternoon, that fundraiser reached more than $16,000, making a proper check more likely. Much of those funds came from a single $10,000 donation from an Atlanta-based security firm.
“We’re now in a place where we have nearly, but not quite enough to get a serious audit done,” wrote Matthew Green, a well-known cryptography professor at Johns Hopkins University. How much would “enough” be? “That depends on how many favors we can get from the security evaluation companies,” Green continued on Twitter. “I’m trying to answer that this week.”