Beyond auditing the source code, the project also wants to review the program's licensing and verify that the executables on TrueCrypt's site are built straight from the software's source code.
"Many of our concerns with TrueCrypt could go away if we knew the binaries were compiled from source," the TrueCrypt audit site says. "Unfortunately it's not realistic to ask every Windows user to compile TrueCrypt themselves. Our proposal is to adapt the deterministic build process that Tor is now using, so we can know the binaries are safe and untampered."
Raising dollars to make sense of TrueCrypt
Now for the good news: IsTrueCryptAuditedYet hit and then surpassed its $25,000 funding goal on the Indiegogo crowdfunding site just four days after launching the project in October. In fact, as of Wednesday morning, the TrueCrypt audit has raised more than $56,000 between the Indiegogo effort and a second effort on the FundFill crowd funding site, according to White.
Auditing TrueCrypt will be a big job, but the project is well on its way to getting ready for action once the funding period is over. "So far we've received two proposals from major security evaluation firms and we're working with other experts who are volunteering their time to get the whole project audited," Green said.
Sign up for CIO Asia eNewsletters.