Re: What gives?
> You'd have to wonder if the code-quality inspection didn't force something unseen out of the woodwork.
Nail on the head!... 'though not in the manner you're attempting to imply.
It's ***SO*** obviously CIA/NSA wot done it it's not even funny. For YEARS said TLAs have been waging an open war of FUD against Truecrypt. Pretending it's over-complicated and botched, a toy mistrusted by real cryptographers, etc... etc... Then lately that's all gone horribly wrong for them... Renowned and respected experts like BS have publicly endorsed it, implosions within their own house have made it BLINDINGLY OBVIOUS to Joe Public that he needs to at least think about it, and to cap it all the source of those "revelations" has recommended it! Talk about great publicity. Then, as if all that wasn't enough, right in the midst of all this free advertising, a publicly sponsored code audit is due to publish its findings that TC is sound as a pound*. As we all knew* already. Poof go the last vestiges of that FUD campaign.
All this must raise a rather pressing problem. What can a cryptography suppressing/subverting government agency do now? Skulk back into the shadows and observe a surge in ciphertext which they cannot break? Hell no! Turn the FUD up to eleven!!!!!!one! Hack the website! Discredit the project NOW! Emergency! Emergency! ...an to that end the supposed endorsement of, of all things, Bitlocker! How could you possibly better discredit a security team than have them appear to recommend NSA™ Windows® as a security suite? Awesome stuff boys!
So YES, it would appear that "the code-quality inspection [certainly has] force[d] something unseen out of the woodwork" as you put it.
*Yes, we do KNOW that the FUD is just FUD. The Truecrypt implementation has already been subjected to what's about as perfect scrutiny as you could hope for: Multiple, independent, concurrent reimplementations. Several such projects have successfully used independent code to recreate Truecrypt's cryptographic functions and their success has already proven that TC does what it says on the tin. A notable example of such projects which immediately springs to mind is, of course, TC-Play which uses Linux's internal DMCrypt code to deliver a compatible reimplementation. The project's author has even been kind enough to thoroughly document all the descrepencies he discovered between Truecrypt's documented functioning and its actual functioning. So we already ***KNOW*** the Truecrypt format is pukka... but that still leaves the possibility of covert-channel "backdoors" in the application. Stashing keys in some obscure PCI EEPROM or secretly signaling them out via the network or somesuch... Of course code to achieve such mischief would be well outside Truecrypt's advertised functioning and therefore correspondingly conspicuous if any kind of code audit was to be performed. So that'll be a fear/uncertainty/doubt that's about to be thoroughly lain to rest. Hence the panic-stricken last minute attack.
Of course, it might simply be the Ukrainian equivalent of April fools' day or something. Or a bit of a publicity drive before the announcement of Truecrypt 8? Whatever it is 'though, it certainly isn'tsome (conspicuously undisclosed) failure, so grave that we'd all be better off switching to Windows!
It all seems like far too much effort to be anything like publicity/joke though. Malicious binaries, cryptographic signatures, etc... Nope, it's CIA/NSA wot done it. Surpress and subvert. CIA/NSA I tell you. Perhaps one day Snowden II will prove it...