Originally Posted by
Loren Pechtel
Deniability is basically useless as the decision matrix always says to use it and thus whoever is trying to get the information will always assume it's in use.
You just have to convince them you're not smart enough to do that.
Originally Posted by
Loren Pechtel
But where would there be a master key that could be compromised?
It's possible they learned that there's an NSA plant involved or something.
Certainly a possibility. Even when there is no "master" key to be compromised, the software can always be rewritten to capture the keys of users or otherwise introduce a backdoor. The published source code would theoretically prevent this if you compile it yourself, but realistically very few people do that... and it is difficult to prove the published source code is actually what is used to produce the binaries available for download.
It's also interesting to me that the TrueCrypt crowdfunded audit said earlier this week that they would have "big" news to announce. I think it's particularly important that audit be finished now.