Can I ask whether you have a background in encryption or in disk software sufficient to make such a determination authoritatively? Because I know several people that do have that background and none of them have come to this conclusion. It would be interesting to know why your interpretation should be taken more seriously than theirs.
I put it this way --- bluntly, aggressively --- because there's a drive-by element to your comment; "critical flaw", "fundamentally broken", but absolutely no details whatsoever.
Did valarauca1 claim that anyone should defer to his crypto-expertise and detailed analysis? He basically said, "The behaviour of this developer makes me not want to trust his work." His assessment isn't definitive, but he seems to be aware of that; note the phrases "sounds like" and "makes me inclined to believe".
And I'd say he has a point. Laying aside your expertise for a moment, and without going all the way to declaring it fundamentally broken, don't you think there's something a little fishy in all this?
"There is something fishy" is true because projects don't normally shut down so suddenly. But a lot of TC has always been usual, from its license to the hidden identity of its developer[1].
For whatever reason, he[1]'s done with the project. Maybe the wife and kids are more interesting these days. Maybe he got offended at auditors being paid and not him. Maybe he feels a responsibility towards his users and since he cannot actively defend them he wants them to move inside someone else's castle. Maybe he died and his brother took over the account long enough to say "we're done" and his brother really doesn't want to talk about it no matter how weird you think it is that his brother doesn't want a bunch of people on the Internet on his lawn like they were on Satoshi's.
It's like a bunch of blind cryptographers trying to describe an elephant.
[1] Assuming a heterosexual singular male just for convention.
A person experts involved in the TC audit have reason to believe is involved in the TC project sent an email, which I read, which said (paraphrased) "We started TC to get Windows disk encryption. Windows now has better disk encryption. We're done."
I know that's shocking to OSS developers, but not everyone cares (at all) about Linux.
i hope you know that bitlocker is not available to all windows users[1]. These TrueCrypt developers seem to not be aware of this apparently and hence their reason for stopping development is flawed.
Why was this down-voted? He is right, bitlocker is available only for some versions. Plus, there is no way to know whether bitlocker is better or worst and there is no way to audit it.
I didn't downvote, but saying the developer doesn't know what he's talking about and that his reasons for deciding to stop working on a project are flawed are each likely to be downvote magnets.
I may refer to this thread the next time someone asks "why don't companies give explanations to candidates they don't hire?" The answer is that the candidates feel compelled to prove that the company's reasons are flawed. Look how they react to someone deciding to stop working on a project.
Or that people continue to bother him/her with bombarding emails, public cynical skepticism, baseless speculation, and more.
How about we stop bothering the poor developer(s) and let them be. They have already contributed more to the world than most of us here - time for them to get the well deserved rest they seek.
I'm happy to leave the dev alone. I don't really care about the dev one way or the other.
What I don't like is to have some piece of infrastructure I've come to depend on yanked out suddenly, being mislead about the reasons, and being left with only onerous alternatives (rewrite the whole thing or stick with 7.1a indefinitely). That these two options are onerous is not speculation or simply some kind of bad attitude. It is a fact.
Whether this action was deliberate or just incredibly clueless and negligent, treating TrueCrypt users this way is crappy, and I think it's OK to say so publicly. I'm grateful for the development of TrueCrypt. But that gratitude doesn't translate to a free pass for all subsequent terrible behavior afterward.
If the dev's identity was known, he/she might take a lot more heat than a few harsh words. Considering the needless trouble he's putting people through, a strongly-worded letter of protest is a pretty mild reaction.
Eh in reality any decision or assumption is no more then us putting ourselves in the developers shoes based on the few communications that have took place.
We likely won't know what happened for several years after, if we ever learn at all.
But from this response and how their website changed really makes me inclined to believe something is fundamentally broken in truecrypt.