So a vulnerability might not be detectable, even if a dozen experts are looking right at it.

• June 15, 2015 AM I suspect that True Crypt was always an NSA program.

Make a secure encryption program, and give it away free to millions of persons.

Encrypting your Windows hard drives is trivially easy; choosing which program to use is annoyingly difficult. But the anonymous developers weirdly abdicated in 2014 when Microsoft released Windows 8.

I still use Windows -- yes, I know, don't even start -- and have intimate experience with this issue. I used it because I knew and trusted the designers. But big companies are always suspect, because there are a lot of ways for governments to manipulate them. I stuck with the program for a while, saying: But soon after that, despite the public audit of True Crypt, I bailed for Bit Locker.

Currently, there are two possible headers in the total volume. Would it not be possible to put the (encrypted) header of the hidden volume at the end of the encrypted Volume? After decryption of the hidden volume, the end of decrypted hidden volume could then be another, nested hidden volume in the current hidden Volume.

Such nested hidden volume(s) could only be opened by supplying the passwords for all the outer hidden volumes.[There is no way that volunteers could make a program with such extensive capabilities in windows, mac, and linux.The number of person-hours of work is too high.] Then have intelligence operatives and assets use it.Or maybe they can be iterated as a list at the end of the encrypted outer Volume? It seems too obvious to have been missed by the creators if it were possible.• June 15, 2015 AM Suppose a company is run by your best friend, who would never lie to you.(Here I am in March speculating about an NSA back door in Bit Locker.) Specifically, Microsoft made a bunch of changes in Bit Locker for Windows 8, including removing something Niels designed called the "Elephant Diffuser." The Intercept's Micah Lee recently recommended Bit Locker and got a lot of pushback from the security community.