Hi, just for info, TrueCrypt is being audited, and phase 1 report is quite good. Phase 2 is being conducted right now, and it is on the formal cryptanalysis, which is actually more easy to check than phase 1. Please see: - http://istruecryptauditedyet.com/ - https://opencryptoaudit.org/reports/ Summary: During this engagement, the iSEC team identified eleven (11) issues in the assessed areas. Most issues were of severity Medium (four (4) found) or Low (four (4) found), with an additional three (3) issues having severity Informational (pertaining to Defense in Depth). Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth. ... The team also found a potential weakness in the Volume Header integrity checks. Currently, integrity is provided using a string (“TRUE”) and two (2) CRC32s. The current version of True-Crypt utilizes XTS2 as the block cipher mode of operation, which lacks protection against modification; however, it is insufficiently malleable to be reliably attacked. The integrity protection can be bypassed, but XTS prevents a reliable attack, so it does not currently appear to be an issue. ... Finally, iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas. The vulnerabilities described later in this document all appear to be unintentional, introduced as the result of bugs rather than malice. So I bet their website was hacked. Anyway, I would be very careful downloading any binary from their website and would not trust the signatures. Regards, Matej