It's a bit strange to make a website with the hash sums for only one program and only one version of it.Īpril 12, 2014: Site is set to read-only mode. Is has only 1 blog record from August 15, 2013, only for TrueCrypt and only for 7.1a. Why I think so: there is a website which contains all the hash sums for TrueCrypt 7.1a. Sad but true.Īssumption #3 7.1a is backdoored and the developer wants all users to stop using it. As many suppose, this could be the sort of warrant canaryĪssumption #2 is more likely true than assumption #1. It looks like a clear sign that the developer can't say he's in danger so he did this. Although I find TPM to be a great solution in some cases (like embedded systems where you can't return to OS from fullscreen application) and used it a lot as a developer, I can't imagine why would TrueCrypt developers suggest such a thing and not other open-source alternatives. Why is it ridiculous for TrueCrypt developers to suggest moving to BitLocker? Well, TrueCrypt was strictly against of using TPM because it may contain extra key chains which allow agencies like NSA to extract your private key.
#Truecrypt 7.1.a portable license
License text is changed too (see the diff below).
#Truecrypt 7.1.a portable Pc
Why I think so: all files are with valid signatures, all the releases are available (Windows Linux x86, x86_64, console versions, Mac OS, sources), the binaries seems like was built on the usual developer PC (there are some paths like c:\truecrypt-7.2\driver\obj_driver_release\i386\truecrypt.pdb, which were the same for 7.1a). found the worst vulnerability ever) which made them do such a thing. take down or death) or to TrueCrypt itself (i.e. Why I think so: strange key change, why bitlocker?Īssumption #2 Something bad happened to TrueCrypt developers (i.e. On the SourceForge, the keys were changed before any TrueCrypt files uploaded, but now they are deleted and the old keys got reverted back. All old versions are wiped, the repository is wiped too.Īssumption #1 The website is presumed hacked, the keys are presumed compromised. The binary is signed with the valid (usual) key. The binary on the website is capable only to decode encrypted data, not encode, and may contain trojan (seems like it doesn't, but don't believe me). Quoting TrueCrypt Developer David: “There is no longer interest.”
#Truecrypt 7.1.a portable windows
TrueCrypt Developer “David”: Said “Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’ ” Steven Barnhart: “Also said no government contact except one time inquiring about a ‘support contract.’ ” Steven Barnhart: “I asked and it was clear from the reply that "he" believes forking's harmful because only they are really familiar w/code.” Steven Barnhart: (Paraphrasing) Developer “personally” feels that fork is harmful: “The source is still available as a reference though.” We worked hard on this for 10 years, nothing lasts forever.” Steven Barnhart wrote to an eMail address he had used before and received several replies from “David.” The following snippets were taken from a twitter conversation which then took place between Steven Barnhart and Matthew Green Developer “David”: “We were happy with the audit, it didn't spark anything.
0 kommentar(er)
