Re: really?
And to disagree with steve gibson once again (why break a good habit), using a security package that isn't being maintained any more is not the most clever move.
Why? TrueCrypt 7.1a is one of the most heavily vetted lumps of code one could choose to run. It's weaknesses are known and in the opinion of those who understand crypto deeply not significant.
Let's look at 4 scenarios and think what would happen in each:
1) A new vuln in TrueCrypt 7.1a is found by a whitehat; It would be publicised widely immediately, it would be headline news absolutely everywhere. Sensible folk then stop using TC.
2) A new vuln in TrueCrypt 7.1a is found by a blackhat or TLA; they keep it quiet and use it.
3) A new vuln in <something else> is found by a whitehat; It would be reported to the devs, some time later a new version would likely appear, there would then be full disclosure one hopes and some press coverage.
4) A new vuln in <something else> is found by a blackhat or TLA; they keep it quiet and use it.
2 and 4 are identical so lets discount blackhat attacks. I would know I was vulnerable far quicker in 1 than in 3 so I choose 1. It also put's the onus on me to do something should I become vulnerable rather than relying on the author of <something else> which is the way I like it.
YMMV.
Biting the hand that feeds IT
