Re: smoke and mirrors
"it’s clear that no security-conscious users are going to feel comfortable trusting the software after this debacle"
No, your position is not naive, it's the opposite of the stupidity in the previous quote driven by the "stupid herd" and "cover thy but" mindsets.
Let's look at it logically. Either 7.1a (and previous) was safe or it wasn't. To believe either way needs "faith" as the first audit is still in the making. If you assume that it was safe, then it was safe before this and will be safe after this. If it isn't safe, it was unsafe before this and will be unsafe after this.
So, by sticking to your chosen horse, be it using TC or not, you are now no better or worse than before. Because you have no idea where you actually stand until the audit comes through.
And it goes on and on. Bruce Schneier is gonna switch to PGPDisk? Nice, and who's gonna say "that one isn't tainted"? Bitlocker? Diskcryptor? Pick your poison, you'll always be "on faith". Because... you didn't write it. And this holds true for any software. If you didn't write it (and that includes the compiler/assembler/toolchain) you have NO IDEA if it's safe. You ASSUME it is. FWIW, i'm going with you on this. Until it's proven unsafe, i'll keep assuming it's safe.
@Chris155 : Using TrueCrypt requires you to take a leap of faith that you can trust those anonymous individuals to be creating a quality product."
As opposed to trusting a (almost always) US based vendor to protect you instead of cooperating with 3 letter agencies. Yep, i see the logic in that line of thinking... wait... no i don't.
p.s. for the truly paranoid, think boxes inside boxes inside boxes. The more the more chances you have one will be secure, and "normal" data is usually quite small so the performance hit isn't that bad.