https://opencryptoaudit.org/reports/...OCAP_final.pdf

You can try to make of that what you can.

Nowadays it seems that almost no one knows for sure what is not compromised.

One thing that we do know for sure is that encryption doesn't do a whole lot if you have weak passwords. For an idea on how to have strong passwords that are practical to remember without physical record of the password, look at the following:
https://firstlook.org/theintercept/2...rs-cant-guess/

TrueCrypt is deprecated.

Superseded by Veracrypt.

Yes, but it doesn't mean people aren't still using it.

I'm sure plenty are.

You're right:

http://www.newyorker.com/news/news-d...ncryption-tool

And the above article has some other interesting stuff too.

Veracrypt is based on TC code, and can open old TC volumes:

https://en.wikipedia.org/wiki/VeraCrypt

VeraCrypt has some critical vulnerabilities. It will be interesting to see how quickly all of those identified (at this point) get fixed.

http://www.zdnet.com/article/veracry...ritical-flaws/

Note that some flaws in TrueCrypt were actually fixed with/by/for VeraCrypt.

That article is very badly written. VeraCrypt had actually released an update addressing the audit two day prior to that article going live. And unlike what that article hints at, the remaining issues are not high-priority, but rather low risk bugs that require significant work to correct. Also, I don't believe anything the audit found would meet the industry-accepted definition of "Critical"; again another issues I have with that piece.

If anything, the fact that VeraCrypt is being audited is a good thing. TrueCrypt went years without an audit. Having critical crypto projects regularly audited is the only way to have any confidence in its security.