[xarball]

This really doesn't sound legit. I suspect they might be thinking of backdooring the truecrypt client, which, really wouldn't make it much of a feat.

The container format itself is really just a giant mathematical mess -- there really isn't anything to backdoor there.

And then the client doesn't exactly dial-out to anything when you mount an encrypted volume. Therefore I would suggest that this is probably a matter of using alternative means of access to the machine in order to patch the client itself.

That wouldn't exactly be worthy of the attention of the NSA, given that truecrypt is open-source.

[Ergomane]

> The container format itself is really just a giant mathematical mess -- there really isn't anything to backdoor there.

The container itself can actually be 'backdoored' by a malicious client by eg saving a duplicate of the master key, or generating a master key using a deliberately weak RNG.

[unimpressive]

user: xarball created: 2 minutes ago

Any reason you're using a throwaway?

[_bfhp]

Israel hires pro-government internet commenters, it'll come out that the US does as well soon, just like everything Israel does "first"

[unimpressive]

The current downvotes on your comment are why I didn't say "This really doesn't sound legit." instead of what I did (that and there is a genuine possibility for the commenter to have a real reason for using a throwaway).