Auditors Release Verified Repositories of TrueCrypt 146
Trailrunner7 writes: As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development.
The message that the TrueCrypt posted about the security of the software also was included in the release of version 7.2a. The OCAP team decided to focus on version 7.1a and created the verified repository by comparing the SHA2 hashes with files found in other TrueCrypt repositories. So the files are the same as the ones that were distributed as 7.1a. "These files were obtained last November in preparation for our audit, and match the hash reported by iSec in their official report from phase I of the audit," said Kenn White, part of the team involved in the TrueCrypt audit.
The message that the TrueCrypt posted about the security of the software also was included in the release of version 7.2a. The OCAP team decided to focus on version 7.1a and created the verified repository by comparing the SHA2 hashes with files found in other TrueCrypt repositories. So the files are the same as the ones that were distributed as 7.1a. "These files were obtained last November in preparation for our audit, and match the hash reported by iSec in their official report from phase I of the audit," said Kenn White, part of the team involved in the TrueCrypt audit.
What's the difference between the US and China? (Score:5, Funny)
From my perspective, it appears that both China and the US are willing to bend to their control any IT organization that they can.
I'm happy that a verified source have been made, but sad to think that it has now come to this - the US, China, Russia, ..... so many countries that it is no longer safe to host security projects.
If only I could get a CISCO router build in China, packages in the US and sold through a reseller in Russia.... it could be marketed are the ultimate freedom router*.
(* Note: freedom is not for the end user)
Re:Truecrypt authors-WARNING: TrueCrypt is not sec (Score:5, Funny)
I learned a long time ago that if you go on a date with a woman and she says "I'm crazy", BELIEVE HER. She IS crazy. Even if she's hot, she's probably telling the truth when she says she's crazy. I think the same principle may apply here.
Suddenly I am less interested in my privacy and more interested in your anecdotal story!