This is an audit from 2010, companies Sirrix and Escrypt performed a
very detailed audit of TrueCrypt on behalf of the BSI (Federal Office for Information Security), a more than decade old audit report that was never made public until web project called “Frag den Staat” that
allows users to send request according to the German freedom of information law (Informationsfreiheitsgesetz).
The German freedom of information law says everyone can request documents from government entities without any justification and they have to provide them (with a number of exceptions).
A user on “Frag den Staat” sent a generic request to the BSI asking for investigations on TrueCrypt and whether they knew about a backdoor… The slides attached gives a great insight into the history of TrueCrypt and its audits…
I found bugs that were never fixed in TrueCrypt or
VeraCrypt
(BSI gave the 0days to their friends at BKA/VS/BND and
that is why they did not publish them)
Does anyone know if VeraCrypt patched these 0days?