[tptacek]

Regarding the NSA, "who knows", it's not worth any time to speculate. I tend to think the answer here is "no", but not because of any fundamental problem with the algorithms TC uses; rather, I assume there's a small battery of implementation errors NSA can exploit that private industry hasn't yet independently discovered.

Fortunately for our collective sanity, if it is the case that NSA has (several times over) the moral equivalent of the "stack overflow" for cryptosystems, there is nothing we can do about it, and there's no point wanking over alternatives that might foil them.

Regarding the FBI, "almost certainly yes", assuming you use it properly (in particular, by using strong secrets). Consider that any vulnerability in the crypto stack Truecrypt uses would have far too much value to be wasted on conventional domestic law enforcement. Consider also that unlike state secrets, domestic law enforcement uses a crypto stack that is the same or strictly weaker than Truecrypt.

[ams6110]

Regarding the FBI, "almost certainly yes"

You need to add "assuming you are willing to go to jail" because a warrant can compel you to disclose your password, and if you refuse you'll be jailed for contempt of court.

[jackolas]

That'd be thrown out of courts as a violation of your 5th Amend. rights. At least here in the states, in the UK crypto keys can be requisitioned with the penalty of jail time if refused.

[gojomo]

I believe some rulings support that view, but others have disagreed. It might depend on the judge/district and I don't think it's ever been considered by the Supreme Court.