TrueCrypt is open source. The source is freely available and has been examined by the community. KeePass is also open source, and has also been examined. The same goes for Linux and dm-crypt/LUKS. While nothing is 100%, and he is correct in that, Scott's comments came across as "well, the gov can probably do it". I don't buy it. We know of two, national level attacks against encryption, that failed. One was the Nicodemo Scarfo case, where the FBI had to resort to a keylogger called 'Magic Lantern' to get his PGP passphrase. (Interestingly, in that case, Symantec went on record as stating that they *wouldn't* detect Magic Lantern...nice huh?) The other is a recent case of Brazilian banker Daniel Dantas. The FBI had his hard drives for close to two years and could not get in. So I really wish Scott would have said something like "Unless you've examined the source yourself, you're relying on the community to indicate that there is no back door with open source software. In the two cases we know about, there wasn't". Great show though, thanks.
I had much the same thought about his seeming to make encryption cracking 'simple'. I have heard of other cases where national security services have been unable to crack some of the better free crypto utilities. The podcast was fantastic, and Scott knows an amazing amount about hard drive technology, but even he said he's not a crypto expert.