![]() ![]() The TrueCrypt project was apparently abruptly shut down on and provides a farewell edition (v7.2) that is stripped of any code that enables the creation of new encrypted volumes and adds a feature to decrypt existing non-system encrypted drives in-place to facilitate the transition to other encryption tools. I am also able to explain the small remaining differences and then prove that the official binaries indeed come from the public sources. In this article, I present how I compiled TrueCrypt 7.1a for Windows and reached a very close match with the official binaries. However, it is still at an early stage (as of October 2013) and tries to raise funds first. Recently, the IsTrueCryptAuditedYet project was launched and aims at reviewing TrueCrypt's security and, among other things, providing deterministic build so as to enable everyone to compare her version to the official one. Since we haven't done such a reverse engineering we can't preclude that there is a back door hidden within those binary packages." This concern has also been raised in this analysis, saying: " Without a very expensive “reverse engineering” it can't be proved that they are compiled from the published source code. ![]() Hence, anyone compiling the sources will get different binaries, as pointed by this article on Privacy Lover, saying that " it is exceedingly difficult to generate binaries from source that match the binaries provided by Truecrypt." This has led some speculations regarding the possibility of having backdoors in the official binaries that cannot be found easily. TrueCrypt is a project that doesn't provide deterministic builds. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |