This is good news for all of us as we need experts to look closely at the underlying cryptographic primitives used by TrueCrypt and inherited by VeraCrypt.
From what I see in the code, TrueCrypt was using well known public domain implementations of all cryptographic primitives so I don't expect any issue from this side. The use of these primitives can bring vulnerabilities and bugs like the Serpent bug that was
corrected in VeraCrypt (description is here:
, code change is here:
The random generator is the part for which I'm waiting to see their analysis. Its design follows well proven patterns but maybe there are new attacks that requires some adjustments. In VeraCrypt, a change was made to force the seeding of the generator using
mouse movements before every sensitive operation whereas in TrueCrypt it was done only once per application run, so I expect this to be part of their finding.
The first report was interesting although it missed many issues and problems. I hope this time the audit will be conducted more thoroughly and deeply.