Yeah I LOLed Exactly this. The scary thing is he probably actually thinks he is an expert. Triple encryption is probably pointless no matter how you look at it, none of the algorithms Truecrypt supports have ever been directly broken. Twofish uses a different sort of math than either AES or Serpent though, and will likely be immune to many attacks that effect them. For this reason it makes sense to combine it with AES or Serpent, but I wouldn't say it is required by any means. Yes [quote[If only a script was released here, it could be easily inspected and trusted. It would be relatively small and uncomplicated. It might also be too complicated for some people to set up themselves, so the final product of the script could be released alongside it. Since the final product can be created by anyone with the same script, anyone can verify that the final product that is being released is exactly as it should be, with no binaries with incorrect checksums or anything like that. In fact there could be a second script just to verify someone else's installer based on the one that you created yourself, something more experienced users could do to increase the trust in a released version. There would be no single person saying "Hey, run these binaries on your computer, you can trust me, I work for ____ and can benchpress ____ tons while cracking AES."[/quote] Yes Yes. What really annoys me the most is he releases a shit product that is totally insecure and then acts like he is the person who invented Truecrypt.