The TrueCrypt Audit - How It Happened and What We Found

Explore the TrueCrypt audit process, its findings, and implications in this comprehensive conference talk from Circle City Con 2014. Delve into the background of the audit, including NIST's involvement, crowdfunding efforts, and the formation of a nonprofit organization. Examine the technical aspects of the audit, including bug discovery, security assessments, and overall findings. Discuss the unexpected shutdown of TrueCrypt and its peculiarities. Analyze the broader implications for cryptography, including export controls, usability challenges, and trust issues. Address questions about TrueCrypt's current status, documentation, and formal verification. Gain insights into the complexities of conducting security audits and the importance of transparent, community-driven efforts in maintaining trust in encryption software.

Intro
About me
Classics
Background
NIST
Truecrypt
Windows matters
Bugs are shallow
Expertise
Twitter conversation
Registering the domain
Crowdfunding
Signed DVDs
Indiego
Bitcoin
Big crunches
Mainstream media
Setting up a nonprofit
Logo
Technical Advisory Board
Board Meeting
The work order
The team
Final security assessment
Overall findings
Report
Truecrypt goes dark
Weird things about Truecrypt
The conclusion
Where are we now
Recap
Why are we auditing
audits in general
export controls
Magnus Carlsen
Heartbleed
usable crypto is really hard
Ive got advanced degree
Trust is complicated
Trusting cert
Favorite beer
Truecrypt team
Is Truecrypt dead
Is Truecrypt well documented
Formal verification
The strange part
Jurisdiction
Audit