-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With exquisite timing, I bought a new external HDD yesterday (28.05.14) and set about encrypting it with TrueCrypt. I installed via the terminal as I'm on Linux, ie: wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz I extracted it, and encrypted my drive. The TrueCrypt website was looking it's normal self at that point: I referred to it a few times during the encryption. However, no sooner had it finished at about 4pm UK time yesterday, I received the first email from someone on the list about Truecrypt pulling the plug. Their site had been changed to the one we see today, recommending we switch to an alternative like, ahem, something as fabulously secure as Bitlocker. Ironic timing, huh? So, I have what was possibly the last download of a version 7.1a tarball before everything went titsup, and if you read what The Register said about Truecrypt's V.7.2 being corrupted/infected/backdoored here: http://www.theregister.co.uk/2014/05/28/truecrypt_hack/ Then theoretically I have something to wonder about. However, it would appear that the date, checksum and verification are ok on what I downloaded. It *seems* clean. It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige. Let me know if I can be of assistance. Best, NullDev -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTh5c/AAoJELavgB137JPDHEsIAI2Dt4qVnWZb4FUxUOZBN4cs WfXXofFRodZ0e1yK/IxmrwShp/d9eNJdBx/aGuERoAQ1jlLjRNsyfmzpF7zJMYsb PD/uS2ZiXXP8UjbWNAEBOhrBV1dPGSj86twpsVXMFuBrzbKZHMmWKHxp9cNpwMLQ WbPIqVaDGVb4V5d/yyFPk9/uELReIQKobML6hzGgxlWRc5XH/9403YcSc0iMe0bp oSpOd69hRddvLssX76TUxbyS1k+hc2+zXxsaxqd8lS3J7F6YRzZHTRD/BEqTva8Y OseOVwYGBX+kEUeXEh13yzsHao9RR6DFEhZL7yVAJb88GQvMgT6f+4IO6TJcJ8A= =P4+W -----END PGP SIGNATURE-----