^^ +1 for what @Vurbal said:
Spot-on. Some food for thought.
Yes, an audit could help to "prove" things, but then you'd need to audit the other crypto-g schemes (MS, Norton/Symantec, etc.), as a basis of comparison, to establish a level playing field.Why? ...
My comment was kinda tongue-in-cheek, as I couldn't see a particularly compelling and valid reason for selecting TrueCrypt out of the stack, almost at random, and it could arguably be a complete waste of time, mostly for the reasons you pointed out.
I only said it could
help, I didn't say it would
necessarily prove anything. Audits of anything always have potential value.
audits can be a damaging thing. Suggesting out of the blue that something "needs to be independently audited" carries with it an unfounded and implicit suggestion that scrutiny is required as there is or may be or could be something dubious about it - it's a bit like casting aspersions. Anyway, that's when my BS alert went off and I suspected FUD. I guess I've seen it too often before not to be wary of it.
Some people (not me, you understand), not knowing much about TrueCrypt and after reading the audit suggestion, might prefer caution and could well decide to hold off using TrueCrypt for the first time until much
later, after it has been thoroughly audited, if ever. Especially after the SnowdenGate NSA revelations. They might say "How could we know but that the NSA haven't already compromised the code for their own illegal/nefarious purposes, or that some other criminal organisation hasn't already done so for that matter?" (And here they would presumably define "criminal" as "deliberately acting outside of and against international laws and/or the laws of a nation state".) However, I couldn't possibly comment.
On the other hand, some people (not me, you understand) might say that, for all we know, the NSA or other criminal organisation has already found TrueCrypt to be one amongst several of the most frustratingly impenetrable encryption methods out there in the public domain, and would like to dissuade people from using it for that very reason, but again, I couldn't possibly comment.