Regarding the NSA, "who knows", it's not worth any time to speculate. I tend to think the answer here is "no", but not because of any fundamental problem with the algorithms TC uses; rather, I assume there's a small battery of implementation errors NSA can exploit that private industry hasn't yet independently discovered.
Fortunately for our collective sanity, if it is the case that NSA has (several times over) the moral equivalent of the "stack overflow" for cryptosystems, there is nothing we can do about it, and there's no point wanking over alternatives that might foil them.
Regarding the FBI, "almost certainly yes", assuming you use it properly (in particular, by using strong secrets). Consider that any vulnerability in the crypto stack Truecrypt uses would have far too much value to be wasted on conventional domestic law enforcement. Consider also that unlike state secrets, domestic law enforcement uses a crypto stack that is the same or strictly weaker than Truecrypt.
You need to add "assuming you are willing to go to jail" because a warrant can compel you to disclose your password, and if you refuse you'll be jailed for contempt of court.
That'd be thrown out of courts as a violation of your 5th Amend. rights. At least here in the states, in the UK crypto keys can be requisitioned with the penalty of jail time if refused.
I believe some rulings support that view, but others have disagreed. It might depend on the judge/district and I don't think it's ever been considered by the Supreme Court.
Probably. As far as anybody knows, the FBI and NSA are on the same level of cryptography technology as the rest of the world is. AES and SHA-1 are currently the national standards for encryption and secure hashing. AES is what TrueCrypt uses (as do most SSL connections and WPA/WPA2 connections).
There are some things to keep in mind though:
Fine print: As others have pointed out elsewhere in the thread, it's possible to extract encryption keys from RAM even if the computer has been (very... within several minutes) recently shut down.
More fine print: Pick a weak passphrase, and you may be shit-outta-luck. Also, brute forcing for passphrases up to a certain complexity is viable.
Tin foil hat: A conspiracy theorist may assert that the feds are far ahead of academia when it comes to cryptography, as was likely the case several decades ago (see the history of DES). I'm not sure that I believe that, because cryptography has a huge place in academia now, worldwide. It's possible, but I doubt they've broken AES.
The FBI and NSA are two very, very different organizations. NSA is a feeder for software security talent in private industry. I have never even heard of someone coming out of the FBI knowing how to break into a computer. NSA people want to leave the agency to write a string of journal articles or to make a couple million bucks. FBI people want to leave the bureau to become Assistant District Attorneys. Infosec literacy in the FBI boils down to knowing how to use EnCase.
I responded to this same comment with more details that I won't repeat, but, with respect, I'd suggest not taking seriously the crypto insights of someone who equates these two agencies.
The fact that only one organization in the US Government is likely to be able to break your disk encryption isn't a moot point, because that one organization is extremely unlikely to harass a US citizen; forget the law, the simple incentives are all wrong.
Earlier this summer, there was news that the FBI was trying to help the Brazilian government access data related to a financial crime of some sort. TrueCrypt was the method used and it (supposedly) thwarted the FBI's efforts. Just google "fbi truecrypt" for the sources.
But here's the thing... I'm not paranoid in the style of "The Lone Gunmen," but this news never quite passed the sniff test. I find it difficult to believe that if the FBI was unable to crack a TrueCrypt volume that they'd let that particular cat out of the bag.
I conclude two possible motives: 1) Subterfuge to get people feeling "safe" with a method that can be broken; or 2) Demonization of strong crypto in the media as a prelude to criminalizing its use (or at least the refusal to hand over keys, as in the UK).
Fortunately for our collective sanity, if it is the case that NSA has (several times over) the moral equivalent of the "stack overflow" for cryptosystems, there is nothing we can do about it, and there's no point wanking over alternatives that might foil them.
Regarding the FBI, "almost certainly yes", assuming you use it properly (in particular, by using strong secrets). Consider that any vulnerability in the crypto stack Truecrypt uses would have far too much value to be wasted on conventional domestic law enforcement. Consider also that unlike state secrets, domestic law enforcement uses a crypto stack that is the same or strictly weaker than Truecrypt.