- I am sorry, but I think what you're asking for here is impossible. I don't feel that forking truecrypt would be a good idea, a complete rewrite was something we wanted to do for a while. I believe that starting from scratch wouldn't require much more work than actually learning and understanding all of truecrypts current codebase.
- I have no problem with the source code being used as reference.
- Original message:
- I hope you’re well. I understand from seeing some previous emails that you were one of the Truecrypt developers, and that you’re no longer interested in continuing work on the project. I understand and can sympathize with that.
- For the past several months we’ve been (very slowly) auditing the TC code. Now that you’re no longer maintaining it, there seems to be a great deal of interest in forking it. I think this interest has reached the point where a fork is virtually inevitable. This makes me somewhat worried.
- We think Truecrypt is an important project — no proprietary disk encryption system offers cross-platform support and the same feature set. Moreover, Truecrypt is unlikely to ‘go away’ just because the developers have abandoned the project. In fact, it may become significantly less secure if it goes forward as samizdat or as part of some unauthorized fork.
- We’d like the project to continue, but in a responsible way. That means fully auditing all of the crypto/container and bootloader code and (likely) replacing much of it with fresh implementations. Even though this will require some substantial re-development it still seems more practical than starting from scratch. The current plan is being led by a group of people who have a great deal of experience with cryptography and the expertise to identify flaws, but would prefer not to engineer from scratch.
- The main concern we have right now is with the license structure and trademarks associated with Truecrypt. Of course some will fork the reject regardless of the legal issues, but this doesn’t seem appropriate without clear guidance. What we would like is permission to take at least portions of the current codebase and fork it under a standard open source license (e.g., GPL/MIT/BSD). We would also like permission to use the Truecrypt trademark as part of this effort. If that’s not possible, we would accept a clear statement that you would prefer the software not be renamed.
- I realize this is a great deal to ask, but I would ask you to consider the alternative. Without expert attention there’s a high likelihood that TC 7.1a or some future insecure fork will occupy the niche that a secure version of TC could occupy. Giving your permission to undertake a responsible process of forking and redevelopment would ensure that your work can go on, and that nobody is at risk from using older software.
- I appreciate any consideration you could give this note. Thank you,