from the questions-still-left-to-be-answered dept
The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.However, as Green notes, the problem with the way its implemented in TrueCrypt would only be a problem in "extremely" rare circumstances that wouldn't impact most users. But it's still something that could be fixed.
That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.
For example: the most significant issue in the Truecrypt report is a finding related to the Windows version of Truecrypt's random number generator (RNG), which is responsible for generating the keys that encrypt Truecrypt volumes. This is an important piece of code, since a predictable RNG can spell disaster for the security of everything else in the system.
But that's where the problem lies. As you may recall, in the midst of all of this, the still anonymous developers behind TrueCrypt suddenly announced that it wasn't secure and that all development had ceased. There have been some efforts to fork and rescue TrueCrypt, but that's come with some skepticism as people feared what might be hidden in the code (and also some concerns about the TrueCrypt license.
Hopefully this new audit puts at least some of those concerns to rest (though it's always good to be paranoid when building security software) and people do really put an effort developing an updated version of TrueCrypt. For what it's worth, I've seen a bunch of articles claiming the audit shows that TrueCrypt is safe. That's not quite true. It's just saying they didn't find anything -- which should be very re-assuring, but you can never say with 100% certainty that the code is safe. Either way, what's needed now is more development moving forward.