This statement, posted on Pastebin, comes as a reply to a inquiry made by Matthew Green, cryptographer and research professor at Johns Hopkins University and one of the starters of the Open Crypto Audit Project, which aims to execute a crowdfunded, public security audit of TrueCrypt.
"For the past several months we’ve been (very slowly) auditing the TC code. Now that you’re no longer maintaining it, there seems to be a great deal of interest in forking it. I think this interest has reached the point where a fork is virtually inevitable," Green wrote in the email directed at the anonymous developer.
But he expressed his worry if random developers do an unauthorized fork of the program.
"We’d like the project to continue, but in a responsible way," he noted. "That means fully auditing all of the crypto/container and bootloader code and (likely) replacing much of it with fresh implementations."
He went on to explain that "the current plan is being led by a group of people who have a great deal of experience with cryptography and the expertise to identify flaws, but would prefer not to engineer from scratch." He probably referred to OCAP's willingness to consider supporting and getting involved in a fork under an appropriate free license.
"The main concern we have right now is with the license structure and trademarks associated with Truecrypt. Of course some will fork the reject regardless of the legal issues, but this doesn’t seem appropriate without clear guidance. What we would like is permission to take at least portions of the current codebase and fork it under a standard open source license (e.g., GPL/MIT/BSD). We would also like permission to use the Truecrypt trademark as part of this effort. If that’s not possible, we would accept a clear statement that you would prefer the software not be renamed," Green explained.
"I am sorry, but I think what you're asking for here is impossible," responded the TrueCrypt developer.
"I don't feel that forking TrueCrypt would be a good idea, a complete rewrite was something we wanted to do for a while. I believe that starting from scratch wouldn't require much more work than actually learning and understanding all of TrueCrypt's current codebase. I have no problem with the source code being used as reference."
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.