@Resonance, @Merlin, @compul
I applaud what you guys are doing -- it is noble and useful. As far as I know TrueCrypt is the only OPEN-SOURCE cross-platform WDE available -- anyway, it is certainly the most venerable. It's worth preserving and its massive user base will be grateful.
I recently worked in proximity to a team making local feature changes to TC. While I have no direct knowledge of the code, I have spent numerous hours discussing issues with those developers.
Let me offer some observations:
I generally agree with @Resonance's set of stated "Principles". However I have observations about some of the other "Goals/ideas", and concur with most comments by Merlin and compul.
1) You are discussing cutting down the number of algorithms.
I suggest this is not necessarily a useful notion.
The bulk of complexity you'll need to deal with is not in the crypto or the algorithms. You will find the system interfaces to be many binary orders of magnitude more complex than the crypto algorithms -- which are pretty simple, stable, self-contained and cut-and-dried.
Handling a variety of them should be, if it is not already the case (as I believe it is), done with tables. So if you can handle more than one -- have a way of handling options -- then dealing with an indefinite number should be easy (even with cascaded suites -- where a cascaded suite is really just an interface wrapper for a compound set). And building the table of active algorithm objects is a rather minor piece of code.
So eliminating algorithms is not really going to meaningfully reduce the complexity, or make a software audit significantly easier.
However, what is does do is make your new version pretty much incompatible with every existing user's TrueCrypt'ed disks, media, and file containers.
This is pointlessly painful and will be, or at least seem to be, almost punitive. Not user friendly at all. Much of the appeal of preserving T/C is operational continuity and consistency. The world is not begging for yet another incompatible WDE product.
2) It is suggested
-Invite people like Schneier/Green to give his opinion. "If you had to do this from scratch with only two schemes (weak, and ridiculously strong), how would you do it?" This could be part of removing any intellectual property TC concerns.
a) I don't understand your artificial dichotomy of "weak" and "ridiculously strong". Who in the world would possibly desire "weak"?
If there is any dichotomy, it would be "faster" vs "stronger". But even these are relative to a user's needs, perceptions, and opinions. Some judge Serpent or Twofish stronger or swifter than AES; others want or need AES because it is officially blessed. Some may be required by policy to use AES, yet harbor doubts, and want to layer another algorithm as belt-and-suspenders. I actually think the TrueCrypt designers did a pretty good job: allowing so many layered different options of strength vs speed (any non-trivial subset of AES, TwoFish, and Serpent). It is brilliant, effective, meaningful.
If you feel algorithm selection is confusing for users with less crypto expertise, you might suggest a suite optimized for speed, and one optimized for strength. But I urge you not to discard customized specification.
b) What TrueCrypt Intellectual Property concerns are referring to? As I understand the license, especially as apparently recently amended, the main issue is with using the name, Anyway, not sure how changing algorithms is particularly meaningful when you are subsuming thousands of lines of code.
3) Allowing for longer passwords is fine. But for the reasons already given -- compatibility -- existing length passwords should still function seamlessly. It is unclear why having explicitly three password lengths (or even just two) is useful. Confusing at best. Just allow the single password field to be longer. However long the password is, will be its length. Simple. While you might offer advice as to why longer is better, I think is a mistake to meddle too much in a user's choice.
However, a password maximum of 64 is probably fine for now; there must be higher priority issues to worry about at the moment.
4) The comment about
warning splash screens for windows/mac users, that the OS itself might render encr. meaningless in some cases
applies to ALL operating systems.
I believe Snowden's revelations indicate penetration of many Linux servers running Apache and other product. Weren't Linux servers were also affected by the Heartbleed bug.
5) The gratuitous comment about
apes and older people
comes across as rather arrogant and demeaning. I think the process should be streamlined so that *anyone* -- whether they be elderly corporate executives, young housewives, or grad students; computer savvy or otherwise -- could install and use the product easily.
6) I firmly concur with compul and Merlin: the bulk of users are probably on Windows, or use at least one Windows system to access their data -- and they probably constitute the bulk of your audience.
7) I am alarmed about WaywardGeeks' suggestion that older (data) formats become unsupported. Changing the format of a sitting volume is an arduous and risky proposition for anyone, especially those who are ordinary users and not IT professionals. Many people in the real world do not have enough time, inclination, or expertise to copy over entire hard disks except in dire circumstances,and then they often turn to someone else. It may seem straightforward to you, but I guarantee for most people it is not.
Once you have a large infrastructure of existing users locked into a hard-to-change format, the software should make every effort to maintain compatibility. Consideration of this eventuality should be built-in to the thought process and software design at the outset. This is one thing that separates user-friendly software from "geeky" developer-centric product.
If you must deprecate a format or algorithm because it is has become notoriously broken, then you should, at worst, inhibit that format or algorithm being further used to create *fresh* instances -- but do not invalidate existing instances.
My knowledge of Linux history is incomplete, so I hope I get this analogy correct: However I do not think Linus forced users to upgrade all their "ext3" formatted file systems to "ext4" when that new file system was introduced, nor to convert FAT32 file systems to a Linux preferred file system in order to access them (even though ext4 is no doubt a more robust format).
The goal of "Simplicity" for is laudable. Simplicity for users is even more important.