TrueCrypt is a free security program that provides strong encryption for files, volumes, or full disks. If a strong password is used, the encryption is essentially unbreakable. It is also deniable: given an unknown chunk of random-looking data, there is literally no way to tell whether it is or is not a TrueCrypt file.
In the OTP22 context, TrueCrypt software was found on the CD from the Blue Hill phone booth drop, and investigators have considered TrueCrypt volumes as a possible explanation for two chunks of random-looking data:
- The file "data.bin", found on the same CD as the TrueCrypt executable.
- A 100-megabyte portion of the Ubuntu CD found at the El Paso drop.
This doesn't prove they aren't TrueCrypt files, and there is literally no way anyone could prove that. You certainly could use a TrueCrypt file as a one time pad. Or the TrueCrypt software could just as easily be a red herring, or possibly a hint that TrueCrypt will be used later on in the game.
If we are expected to decrypt a TrueCrypt file, we can probably hope to get some hints about the password. It would be unrealistically difficult otherwise. So if you see something that looks like it might be a password, it will certainly be worth trying it. You can try out passwords on "data.bin" here: