I am not a crypto coder so my requests may not be possible, or at least very difficult incorporate from a coding perspective. I am certain everyone will understand the security enhancements, so in an effort to keep things brief, I will omit any long winded explanations.
Obviously follow the audits recommendations first and preferably prepare the code and tool chain to facilitate simpler development of TC in the future.
If you are interested in future requests, once things have been stabilised, then the following is my personal wish list.
Boot Loader
Protection from Evil Maid, Hardware Keylogger, Brute Force of a Stolen Drive, Plausible Deniablity, and Easy Header Backup can be greatly improved with one change in operation.
Entire boot loader, supporting a keyfile option, on a USB Flash drive similar to Diskcryptor. ntldr has demonstrated incredible possibilities with a standalone boot loader.
Panic Button
Many users request a panic button, which wipes headers and backup headers from TrueCrypt WDE, encrypted volumes or containers.
The panic button would not be required if a standalone boot loader was on a separate USB flash drive, as there would be no headers on the hard drive itself. In this case, the standalone boot loader solves an additional problem and answers many requests.
Hashing.
User defined number of hashing rounds when creating a WDE disk or container. This allows users to choose an acceptable time delay themselves, on an individual basis.
When trying to decrypt a container or WDE TC will just keep hashing a given password until it works. There must be a "Stop" button provided in case a user inputs the wrong password.
The benefit of this is that it almost defeats the attackers brute force option altogether, should an adversary obtain the standalone loader. An attacker will never know if the password is wrong or if it has just not been hashed enough times.
GPT Large drive Support.
I believe this will become increasingly important and frequently requested.
Plausible Deniablity Enhancement
There is still a realistic need for a plausible excuse to explain cryptographic random data on a given hard drive.
The most likely acceptable possibility, is a wiped drive, however few if any wipe programs provide a cryptographically random output and even fewer leave random data without zero'ing it out on a final pass.
I suggest a separate, but linked, development of a hard drive wiping tool which "coincidently" overwrites drives with cryptographically random data