Several people have been asking for an update on our public audit of the Truecrypt disk encryption software. I’m happy to say that the project is on track and proceeding apace. Here I wanted to give a few quick updates:

Thanks to the amazingly generous donations of 1,434 individual donors from over 90 countries, as of today, we’ve collected $62,104 USD and 32.6 BTC* towards this effort. This is an unbelievable response and I can’t thank our donors enough. I’m blown away that this is happening. We’ve assembled a stellar technical advisory board to make sure we spend this money properly and generally to keep us honest. More details shortly. In order to make best use of the donated funds and manage on-going governance of the project, we’ve incorporated as a non-profit corporation in North Carolina—the Open Crypto Audit Project (OCAP)—and are currently seeking 501c(3) tax-exempt designation. Board members include myself, Kenn White (who has been doing most of the heavy organizational lifting) and the amazing Marcia Hoffman. We have high hopes that OCAP will find a purpose beyond this Truecrypt audit. The Open Technology Fund has generously agreed to donate a substantial amount of contracted evaluation time to our effort And finally, the most exciting news: we’ve signed a first contract with iSEC partners to evaluate large portions of the Windows software and bootloader code. This review will begin in January.

Despite the progress above, there’s still a lot of work to do. The iSEC review will cover a lot of the thorniest bits of the code, but we are still working to audit the core cryptographic routines of Truecrypt and move the project onto a secure (deterministic) build footing. We hope to have further announcements in the next few weeks.

Let me add one more personal note.

I usually take a pretty skeptical attitude on this blog when it comes to Internet security. For the most part we do things wrong, and I used to think most people didn’t care. The fact is that I was wrong. If the response to our audit call is any evidence, you do care. You care a lot.

Donations (click to enlarge) I can’t tell you how amazed I am that any of this is happening. As far as I know, this is the first time that the Internet has come together in this way for the purposes of making us all a bit safer. I hope it’s the beginning of a trend. More updates to come.

* Incidentally, determining the dollar value of BTC is fun, fun fun. We’ve been trying to responsibly sell these at the ‘best’ price. But, ugh.