(no title)

Oh I'd forgotten about this part:

> Le Roux was arrested on 26 September 2012 for conspiracy to import narcotics into the United States, and agreed to cooperate with authorities in exchange for a lesser sentence and immunity to any crimes he might admit to later. He subsequently admitted to arranging or participating in seven murders, carried out as part of an extensive illegal business empire.

https://en.m.wikipedia.org/wiki/Paul_Le_Roux

Didn't he consistently deny being involved in TrueCrypt? E4M is closely related, but is there any evidence showing that Paul == TrueCrypt? Just curious if there was.

That is wild. How did he have time to maintain TrueCrypt while doing all of that crime?

He denies involvement with TrueCrypt. Is there any actual proof?

> The district court's decision that immediate video sentencing was in defendant's best interest was reasonable because defendant was asking for a time-served sentence …

Time served was 25 years!?!

The the article may have something interesting to say, but it seems to spend paragraphs upon paragraphs on the amateur sleuthing that the article authour did, rather than come to the point quickly.

I had no idea, that explains a lot. Thanks.

Absolutely wild. Thank you for contributing this!

The way it was announced was suspicious. Purging the website rather than just posting an "unmaintained" notice is weird for any FOSS project, but recommending people just use Bitlocker sounded like a clear "canary". Like the authors were being coerced and decided to burn their reputation on purpose rather than comply

The "Not Secure Anymore" message likely refers to the weak password based key derivation function and verification steps. I suspect the NSA and other advanced computing groups had means to brute force it and it took the rest of us years to figure out the parameters weren't strong enough.