The 'may be flaws' can just be a caution saying that since they are not coding anymore they won't find any if there are some. Hopefully the community will pick it back up and re-start or start a new project.

It just let me see that I have a single point of failure in my preps. If LibreOffice were to stop development today I can use Apache OpenOffice or KDEOffice. If Firefox or Thunderbird stops today I can use Chromium or Konqueror and Kmail. If Slackware stops today I can use Unbuntu or Deadrat or whatever. But if Truecrypt dies I realized I haven't installed or tested any other programs. I suppose I could still decrypt on my tablet and have them unencrypted but I could just do that today with TrueCrypt, it doesn't future proof me.

I'm not sure that there's any way to future-proof yourself short of printing information on archival-quality paper and then securing the paper somehow.

My concerns with TrueCrypt are twofold. It hasn't been meaningfully updated since February 2012. If any vulnerabilities have been discovered since then, they haven't been patched.

Secondly, there is speculation that the withdrawal of the product may have been due to pressure to introduce vulnerabilities deliberately. That's speculation, rather than based on hard fact, but it is very troubling. Historically, whenever vulnerabilities are deliberately introduced they are discovered by the people that you don't want to have them.

Many "oldies" that are no longer supported are still good. Think about Tiny/Kerio, Proxomitron, SuperJPG, Skyglobe, etc. If I still ran Windows I would not rule these out, even though they are ancient and no longer developed/supported. I've still got copies of all of them (not they they are useful to me on Linux now).

This is not really the case with security software, unfortunately.

If the NSA want's your stuff, the NSA will get your stuff. I harbor no illusions about keeping anything from them that isn't handwritten on a piece of paper.

What I am trying to protect my stuff against is a semipro civilian hacker. Think about the breaches at Target, Ebay, Citigroup, GE Money, Countywide Mortgages, etc. These were not amateurs.

Also consider data mining viruses like 'Flame'.

And lastly, what happens if your computer is stolen? The tweaker who stole it may not be able to remember his own SS#, but he knows a hacker who will buy it. The hacker can then sell your identity for a nice chunk of change, clear out anything tracable from the computer, and sell it for another couple of hundred. You're out the cost of a new computer and $$$ to fix the damage done when your identity went on the market.

Future proofing is not too hard, as I mentioned if LirbeOffice dies then I use (Apache) OpenOffice, as long as I have more than one app that can read my files then I'm good.
This is nearly a single point of failure for me so I need to find an alternate.

They aren't magic. Strong encryption can't be broken without magic. That's one of the things confirmed by Snowdon's revelations. What the NSA can try to do is acquire your passwords somehow: by covertly installing keyloggers or legal coercion or whatever. They are surprisingly good at doing that.

Some people think this is happening because the NSA couldn't crack TrueCrypt. The NSA figured out who the TrueCrypt developers were and pressured them to install a backdoor. If they're Americans, the developers couldn't legally refuse, so they did the moral thing, shut down the project, and made the best public announcement they could (given they were surely under draconian gag orders). Similar things have happened before, to Lavabit, an encrypted email service that shutdown suddenly under gag orders.

TrueCrypt has a "plausible deniability" feature, where-by an archive has a decoy password in addition to the real password. I could believe that feature was a real concern to law enforcement, and could be enough to single TrueCrypt out for special attention (as opposed to, say, 7zip, which offers strong encryption without plausible deniability).

As it happens, TrueCrypt is in the middle of an independent security audit. That is paid for and will continue. The preliminary check found no significant issues, but further analysis is on-going. It's possible that it has found an issue, one which can't be fixed, and so the announcement is to give people time to move off TrueCrypt before they go public with the weakness. Alternatively, it may complete with no real weaknesses found, which would strength the NSA meddling hypothesis above.

(I don't use TrueCrypt myself. I've installed it a couple of times and each time concluded it wasn't what I needed. I use 7zip instead. If I was using it, I'd probably continue using it but make sure the version I was using predated any likely shenanigans. I don't consider myself a big target so I could accept a level of risk while all this shakes out.)

I haven't tried encryption in 7zip, what does it use and can its archives be opened on a mobile device (Android) like Truecrypt?

I'd also like to know about 7zip. Can you explain the differences and why Truecrypt was not the best for you? For all I know, Truecrypt may not be the best for me either.

7zip is open source, but effectively Windows only. Other apps claim to read the same file format on other platforms, but I've not tried them.

Mostly I didn't feel there was anything wrong with TrueCrypt, I just didn't need its extra features. 7zip felt lighter weight. It doesn't need a device driver or need to mount a disk. It also does compression and makes files as big as they need to be, and TrueCrypt seems geared towards fixed-sized volumes which, without compression, tend to be very large. I tried using the Windows O/S compression within a TrueCrypt volume, but it wasn't enough. I could have used 7zip for compression and TrueCrypt for encryption, but that would be more complex.

One benefit of TrueCrypt is the plausible deniability. I don't need that. Another is that it encrypts a whole volume, including things like temp files, which is good for security but again not something I need because my files are in clear on the disk anyway. I am just encrypting backups so I can store them in DropBox.