Discussion:
Truecrypt tinfoil hat testing
(too old to reply)
NullDev
2014-05-29 20:23:27 UTC
Permalink
With exquisite timing, I bought a new external HDD yesterday
(28.05.14) and set about encrypting it with TrueCrypt. I installed via
the terminal as I'm on Linux, ie:

wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz

I extracted it, and encrypted my drive. The TrueCrypt website was
looking it's normal self at that point: I referred to it a few times
during the encryption.

However, no sooner had it finished at about 4pm UK time yesterday, I
received the first email from someone on the list about Truecrypt
pulling the plug. Their site had been changed to the one we see today,
recommending we switch to an alternative like, ahem, something as
fabulously secure as Bitlocker.

Ironic timing, huh? So, I have what was possibly the last download of
a version 7.1a tarball before everything went titsup, and if you read
what The Register said about Truecrypt's V.7.2 being
corrupted/infected/backdoored here:

http://www.theregister.co.uk/2014/05/28/truecrypt_hack/

Then theoretically I have something to wonder about. However, it would
appear that the date, checksum and verification are ok on what I
downloaded. It *seems* clean.

It would be interesting to see if it's in anyone's scope to compare
the source code with other versions of 7.1a for Linux: it's beyond
mine, apologies. If anyone wants me to send them the tarball I'll be
happy to oblige.

Let me know if I can be of assistance.

Best, NullDev
rysiek
2014-05-29 21:22:13 UTC
Permalink
Post by NullDev
With exquisite timing, I bought a new external HDD yesterday
(28.05.14) and set about encrypting it with TrueCrypt. I installed via
wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
I extracted it, and encrypted my drive. The TrueCrypt website was
looking it's normal self at that point: I referred to it a few times
during the encryption.
However, no sooner had it finished at about 4pm UK time yesterday, I
received the first email from someone on the list about Truecrypt
pulling the plug. Their site had been changed to the one we see today,
recommending we switch to an alternative like, ahem, something as
fabulously secure as Bitlocker.
Ironic timing, huh? So, I have what was possibly the last download of
a version 7.1a tarball before everything went titsup, and if you read
what The Register said about Truecrypt's V.7.2 being
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
Then theoretically I have something to wonder about. However, it would
appear that the date, checksum and verification are ok on what I
downloaded. It *seems* clean.
It would be interesting to see if it's in anyone's scope to compare
the source code with other versions of 7.1a for Linux: it's beyond
mine, apologies. If anyone wants me to send them the tarball I'll be
happy to oblige.
Let me know if I can be of assistance.
Upload it on Github somewhere, and let's use this tool to compare different
7.1a versions publicly? If we trust GitHub, that is. ;)
--
Pozdr
rysiek
Crypto
2014-05-29 21:38:34 UTC
Permalink
Post by rysiek
Post by NullDev
With exquisite timing, I bought a new external HDD yesterday
(28.05.14) and set about encrypting it with TrueCrypt. I
wget
http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
I extracted it, and encrypted my drive. The TrueCrypt website was
Post by rysiek
Post by NullDev
looking it's normal self at that point: I referred to it a few
times during the encryption.
However, no sooner had it finished at about 4pm UK time
yesterday, I received the first email from someone on the list
about Truecrypt pulling the plug. Their site had been changed to
the one we see today, recommending we switch to an alternative
like, ahem, something as fabulously secure as Bitlocker.
Ironic timing, huh? So, I have what was possibly the last
download of a version 7.1a tarball before everything went
titsup, and if you read what The Register said about Truecrypt's
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
Then theoretically I have something to wonder about. However, it
would appear that the date, checksum and verification are ok on
what I downloaded. It *seems* clean.
It would be interesting to see if it's in anyone's scope to
it's beyond mine, apologies. If anyone wants me to send them the
tarball I'll be happy to oblige.
Let me know if I can be of assistance.
Upload it on Github somewhere, and let's use this tool to compare
different 7.1a versions publicly? If we trust GitHub, that is. ;)
I have some older Windows binaries that I'll upload to Mediahub and
publish the URLs.

- --
Crypto
Crypto
2014-05-29 21:48:42 UTC
Permalink
Post by Crypto
Post by rysiek
Post by NullDev
With exquisite timing, I bought a new external HDD yesterday
(28.05.14) and set about encrypting it with TrueCrypt. I
wget
http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
I extracted it, and encrypted my drive. The TrueCrypt website was
Post by Crypto
Post by rysiek
Post by NullDev
looking it's normal self at that point: I referred to it a few
times during the encryption.
However, no sooner had it finished at about 4pm UK time
yesterday, I received the first email from someone on the list
about Truecrypt pulling the plug. Their site had been changed
to the one we see today, recommending we switch to an
alternative like, ahem, something as fabulously secure as
Bitlocker.
Ironic timing, huh? So, I have what was possibly the last
download of a version 7.1a tarball before everything went
titsup, and if you read what The Register said about
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
Then theoretically I have something to wonder about. However,
it would appear that the date, checksum and verification are ok
on what I downloaded. It *seems* clean.
It would be interesting to see if it's in anyone's scope to
it's beyond mine, apologies. If anyone wants me to send them
the tarball I'll be happy to oblige.
Let me know if I can be of assistance.
Upload it on Github somewhere, and let's use this tool to compare
different 7.1a versions publicly? If we trust GitHub, that is. ;)
I have some older Windows binaries that I'll upload to Mediahub
and publish the URLs.
Hmm. Looking through my recent backups the only copy of Truecrypt I
have at the moment is:

http://www.mediafire.com/download/a88i4622qh6v7ku/TrueCrypt_Setup_7.1a.exe

Anyone that wants it is welcome to it.

- --
Crypto
42
2014-05-30 10:30:23 UTC
Permalink
On Thu, 29 May 2014 21:23:27 +0100
Post by NullDev
It would be interesting to see if it's in anyone's scope to compare
the source code with other versions of 7.1a for Linux: it's beyond
mine, apologies. If anyone wants me to send them the tarball I'll be
happy to oblige.
I have downloaded all the 7.1a TrueCrypt versions long before that
shutdown, and made them available here: https://enigmabox.net/truecrypt/

According to http://truecryptcheck.wordpress.com/, my versions seem
sane.

- --
42 <42-***@public.gmane.org>
Crypto
2014-05-30 10:44:19 UTC
Permalink
Post by 42
Post by NullDev
It would be interesting to see if it's in anyone's scope to
it's beyond mine, apologies. If anyone wants me to send them the
tarball I'll be happy to oblige.
I have downloaded all the 7.1a TrueCrypt versions long before that
https://enigmabox.net/truecrypt/
According to http://truecryptcheck.wordpress.com/, my versions
seem sane.
I've also found a repository of TrueCrypt versions. It seems to be
fairly complete. I've put it up for download. Please feel free to share.

http://www.mediafire.com/download/aw640r58904ohb3/truecrypt-archive-master.zip

- --
Crypto
The Doctor
2014-05-30 23:31:45 UTC
Permalink
Post by Crypto
I've also found a repository of TrueCrypt versions. It seems to be
fairly complete. I've put it up for download. Please feel free to share.
Here's another one:

https://github.com/DrWhax/truecrypt-archive

Thanks, DrWhax.

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

FizerPharm: Trust. Profit. Deniability.

Continue reading on narkive:
Loading...