The Veracrypt sourcecode can be reviewed and compared to the truecrypt source by everyone. The enhancements that were made in France are very good because they are practically a pain in the ass for every possible attacker and most important... there IS work done. Real enhancements, real versions and downloads. Mounir seems to be capable not only with words but with a proven sourcecode history.
The truecrypt related references were obviously removed long time ago and quite possibly within a few hours. It DID not take them the best part of a year to discuss and talk. They're developers with a real job in the business who contributed more to solving the TC problem than anyone else.
I will gladly support him the moment Mounir opens a kickstarter campaign to fund more enhancements.
Their version is stable and proven. Several people here are using Veracrypt on a daily basis. It works. I do not have to verify if it's working, because it does. Right now even if a ciphershed version is released I would prefer veracrypt over this simply because I don't want to loose data because of an unknown bug or flaw in a new and revised system I don't know anymore.
In my opinion, the next audit(s) should be made in france and germany by multiple independed tech companies who voluntarily contribute. I'm pretty sure with a good project spokesman this could be well managed.
btw. How can anyone force you to implement a backdoor into an open source code when there are literally thousands of IT professionals in france and germany who can detect and review any change in the sourcecode? How should that work? How would you keep this undetected?
Just mentioning that the latest Part II of the "Independend audit" suggests to remove the cascading encryption..... hello? WTF.
Am I the only one who's alarm bells are ringing here?