-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With exquisite timing, I bought a new external HDD yesterday (28.05.14) and set about encrypting it with TrueCrypt. I installed via the terminal as I'm on Linux, ie: wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz I extracted it, and encrypted my drive. The TrueCrypt website was looking it's normal self at that point: I referred to it a few times during the encryption. However, no sooner had it finished at about 4pm UK time yesterday, I received the first email from someone on the list about Truecrypt pulling the plug. Their site had been changed to the one we see today, recommending we switch to an alternative like, ahem, something as fabulously secure as Bitlocker. Ironic timing, huh? So, I have what was possibly the last download of a version 7.1a tarball before everything went titsup, and if you read what The Register said about Truecrypt's V.7.2 being corrupted/infected/backdoored here: http://www.theregister.co.uk/2014/05/28/truecrypt_hack/ Then theoretically I have something to wonder about. However, it would appear that the date, checksum and verification are ok on what I downloaded. It *seems* clean. It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige. Let me know if I can be of assistance. Best, NullDev -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTh5c/AAoJELavgB137JPDHEsIAI2Dt4qVnWZb4FUxUOZBN4cs WfXXofFRodZ0e1yK/IxmrwShp/d9eNJdBx/aGuERoAQ1jlLjRNsyfmzpF7zJMYsb PD/uS2ZiXXP8UjbWNAEBOhrBV1dPGSj86twpsVXMFuBrzbKZHMmWKHxp9cNpwMLQ WbPIqVaDGVb4V5d/yyFPk9/uELReIQKobML6hzGgxlWRc5XH/9403YcSc0iMe0bp oSpOd69hRddvLssX76TUxbyS1k+hc2+zXxsaxqd8lS3J7F6YRzZHTRD/BEqTva8Y OseOVwYGBX+kEUeXEh13yzsHao9RR6DFEhZL7yVAJb88GQvMgT6f+4IO6TJcJ8A= =P4+W -----END PGP SIGNATURE-----
Dnia czwartek, 29 maja 2014 21:23:27 NullDev pisze:
With exquisite timing, I bought a new external HDD yesterday (28.05.14) and set about encrypting it with TrueCrypt. I installed via the terminal as I'm on Linux, ie:
wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
I extracted it, and encrypted my drive. The TrueCrypt website was looking it's normal self at that point: I referred to it a few times during the encryption.
However, no sooner had it finished at about 4pm UK time yesterday, I received the first email from someone on the list about Truecrypt pulling the plug. Their site had been changed to the one we see today, recommending we switch to an alternative like, ahem, something as fabulously secure as Bitlocker.
Ironic timing, huh? So, I have what was possibly the last download of a version 7.1a tarball before everything went titsup, and if you read what The Register said about Truecrypt's V.7.2 being corrupted/infected/backdoored here:
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
Then theoretically I have something to wonder about. However, it would appear that the date, checksum and verification are ok on what I downloaded. It *seems* clean.
It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige.
Let me know if I can be of assistance.
Upload it on Github somewhere, and let's use this tool to compare different 7.1a versions publicly? If we trust GitHub, that is. ;) -- Pozdr rysiek
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/29/2014 4:22 PM, rysiek wrote:
Dnia czwartek, 29 maja 2014 21:23:27 NullDev pisze:
With exquisite timing, I bought a new external HDD yesterday (28.05.14) and set about encrypting it with TrueCrypt. I installed via the terminal as I'm on Linux, ie:
wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
I extracted it, and encrypted my drive. The TrueCrypt website was
looking it's normal self at that point: I referred to it a few times during the encryption.
However, no sooner had it finished at about 4pm UK time yesterday, I received the first email from someone on the list about Truecrypt pulling the plug. Their site had been changed to the one we see today, recommending we switch to an alternative like, ahem, something as fabulously secure as Bitlocker.
Ironic timing, huh? So, I have what was possibly the last download of a version 7.1a tarball before everything went titsup, and if you read what The Register said about Truecrypt's V.7.2 being corrupted/infected/backdoored here:
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
Then theoretically I have something to wonder about. However, it would appear that the date, checksum and verification are ok on what I downloaded. It *seems* clean.
It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige.
Let me know if I can be of assistance.
Upload it on Github somewhere, and let's use this tool to compare different 7.1a versions publicly? If we trust GitHub, that is. ;)
I have some older Windows binaries that I'll upload to Mediahub and publish the URLs. - -- Crypto -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTh6jZAAoJEDhzgt+U8WIyzbYP/Aqed8ScgzV9tDT6Lnju3oUL 8m5Q0La1WBd0wEpvaODC/sZ4Mie8jB4GpcFAPu+o0EoHLsaXf5RarB1/5kXFNGE7 F27RNGyWGsYmzEDHstRTqcxeMUdlx8djfj/T8oz63i+FxXgGCF6PpikBm5GY6yhk 2HSfgam943bx3ZUhYJlTxoQygQoL6eJClq9TM0vcQMCKoA7DfTPcPrkvLJyUCDl5 E3SxAln1sG0yc2cW2IJqiil2ShsaOhTyVGAza7xpAwh23OQMu2Q5QKbks8qjnQQy DXRrxeJg2crPGjaiF4t10EM5r/iMnf796VM6lQlgChnNed5Yd6691GcBXE1KLQxJ rCy6Nj4ZXbNybFRHxp1Fa9OqA3yxMmlMTFETgbjWFD2l/DwVGIEYNXvPKMC74+a8 NrDz1aPh1Zn37eSnQDJsynrJe7AQZTbfSqn0bEKUaFF7+ZKd/xxBXb7Fb8nTpGWZ hsCNeI5dmF8c0i3gA1CEZeA7eJhFVbkwyp+U2eQvBm5MzwEGB+TgVUYkgqR0t/43 EabS26lvVyhCNaiNSonLKDerJpyQmiZ6pU7SV1KsCS3AYdIqLf7kvdjFgFsdVw57 KHECf8eEGMXOWLhfiO7CwFlEhShU7JOu1QRTCR51sTVAsr3HY1HacKLFHzgzoI3y BeUws2LV108PicEV0mA2 =UP2b -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/29/2014 4:38 PM, Crypto wrote:
On 5/29/2014 4:22 PM, rysiek wrote:
Dnia czwartek, 29 maja 2014 21:23:27 NullDev pisze:
With exquisite timing, I bought a new external HDD yesterday (28.05.14) and set about encrypting it with TrueCrypt. I installed via the terminal as I'm on Linux, ie:
wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
I extracted it, and encrypted my drive. The TrueCrypt website was
looking it's normal self at that point: I referred to it a few times during the encryption.
However, no sooner had it finished at about 4pm UK time yesterday, I received the first email from someone on the list about Truecrypt pulling the plug. Their site had been changed to the one we see today, recommending we switch to an alternative like, ahem, something as fabulously secure as Bitlocker.
Ironic timing, huh? So, I have what was possibly the last download of a version 7.1a tarball before everything went titsup, and if you read what The Register said about Truecrypt's V.7.2 being corrupted/infected/backdoored here:
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
Then theoretically I have something to wonder about. However, it would appear that the date, checksum and verification are ok on what I downloaded. It *seems* clean.
It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige.
Let me know if I can be of assistance.
Upload it on Github somewhere, and let's use this tool to compare different 7.1a versions publicly? If we trust GitHub, that is. ;)
I have some older Windows binaries that I'll upload to Mediahub and publish the URLs.
Hmm. Looking through my recent backups the only copy of Truecrypt I have at the moment is: http://www.mediafire.com/download/a88i4622qh6v7ku/TrueCrypt_Setup_7.1a.exe Anyone that wants it is welcome to it. - -- Crypto -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTh6s6AAoJEDhzgt+U8WIyoyIQAMchWBEwb+dSPx6sKLskCWDk QnYfaLYk0A2y/SruT0m1+6gwRYNA5GFxPz1dHypxlt17hFHKPSbXAnwFzIoYwZYx SipFjWiAFkPRdHur8G6rDt7v3Be6nWo88DOWovFjAqI/KWC0buiBf7bmJbvUho9v cc8vmno0qVxqU3wxSk+OjDrKtZJfNb0xgHibkmj1DP8IbQYZciNRORBtZcac2ssi V4BosymZ8tyX5VV72k4LL4wXQIaon5aQs42G3+20uqzHBUBBphqWCvQQKf2GQTrV swAFM/VtUiLo3XciOEKBOhFHJxm+FaJYDfxVoltgYegKGLstqFA+7Uh+MmwVL2Tz rbWIvN3RIyF6BGx9sPD57losHhuH6CvlbU+F1Ls7r6Jp8O98myi5IZwMdhzc04eR CHdUFaBcUptuxIK6AbcD9Isa4ilOineSCaJo5IgGlR8/ByGcnaxEY/LKsdyeL8Uf 5cx7atzv8Y4ILZVSheQv+EwroRtOGXyZKTLtIKQ7Zq+6sCsRVwKaHbbMa5zCuJUX koEbD8Hce5PFM/9j8uE5CzFwhgdrWSksgCmLbLbSbYGFSgRNb25emlvOPScvooeg ms67lNnIU5f2pbAjBNMlp5HkANEPh2cggy8bUSRt6kp2rHR72v9hfdhnOuLMXVip lZN27UvoNZ02TixIs9EG =nzKi -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 29 May 2014 21:23:27 +0100 NullDev <nulldev@hush.com> wrote:
It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige.
I have downloaded all the 7.1a TrueCrypt versions long before that shutdown, and made them available here: https://enigmabox.net/truecrypt/ According to http://truecryptcheck.wordpress.com/, my versions seem sane. - -- 42 <42@enigmabox.net> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJTiF2/AAoJELqmW1wGWUSYjXgQAKlcjyUH6pkHfF1A2utBO6qA N6u2CqkGZjsFi8gMjX3tMzqkc0L9dAJOGgYrtZSzb8CGLmiHp1BRAawq0QiH3kho nVhJaWImTQOfnAQ3mlphGlvWQ+sFkmZdueFgam8TdZEFRKuwz7513mIfmIC7AUwM E85L3gYuXEK1Y9txWlLrvuVpJjy0HFT3W+W9JFh09g0lF7MT4gXTKM9W2KyKKNWz motgakDXhOzfVuetmV6UcKefHPs5iapV8u0aWuQ7kapZLcAD2sGS09jclg12c/lw xDnoA36f3GpXhsEbKxQG7iELTsQ/s7w5H0vYlvK0r5R5SpoZsmnF7AiUsBGtynFx cL65rkr3JGRc/qXlFiK2ENEan7eEUY1PLJf3HgYAMCImovzvpw7i6BNuGhsSC0ZR 4WQF4/Ey9F2ntlq1ixW/zsFeTEr/glVHClK4PnhQM7mf/BaEh9MyOMnP5h0Uv1a5 vBNukgcWqJAJum9mOnbheawh4ojUx0LwNaf7U6+urtFn5LJ5bn6wrWo4TV2BoesX 9R50UbCtB+ai6+LLNtDG5MiQFsT3fUYrW0QGuGXJJCa5GmRgQSw3Sdn1i3ZQhKCj twdi/8ebbBdfyc3zp4HbohRJCRdg9r9NSYv8f14vD/ixgvxhirRzNr+bOGeX5Y7I damCDyMNUcudTLxZGF6V =xFLc -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/30/2014 5:30 AM, 42 wrote:
On Thu, 29 May 2014 21:23:27 +0100 NullDev <nulldev@hush.com> wrote:
It would be interesting to see if it's in anyone's scope to compare the source code with other versions of 7.1a for Linux: it's beyond mine, apologies. If anyone wants me to send them the tarball I'll be happy to oblige.
I have downloaded all the 7.1a TrueCrypt versions long before that shutdown, and made them available here: https://enigmabox.net/truecrypt/
According to http://truecryptcheck.wordpress.com/, my versions seem sane.
I've also found a repository of TrueCrypt versions. It seems to be fairly complete. I've put it up for download. Please feel free to share. http://www.mediafire.com/download/aw640r58904ohb3/truecrypt-archive-master.z... - -- Crypto -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTiGEDAAoJEDhzgt+U8WIyGvEP/imCvvdgq9nh12EJ22XY8Hef U80Cdo0TZyyheHEQgjr2hQ2ouJGiJQzN66LeJ4L+I+gUpCmwaQohWDN2/XFBFB50 K1Ab7GGnNrjpjJudhfis/ACaxli03SrnyHFDEly+pdxkoJFijU2vwkWykh7oimMm AjtBlJL0fWs9KLmOeHP4JaH1t0X8w4cRionEK/OJtD3mm/lIr34bVhqtYxpo2JSh MTxBXCi/6U7LPf4M4FJ530OOtuFOFO/gZOrbqg/zvDEZ8vVhtECer8o2PgsFb2ob lOHHJS+UYCX6rhkvuYeoe1CSI49OM0CpZZ+JM538yifQK3e7bGU21hKJo+JLiZlr ZqlHy62kxM6Tef1RMHcT2tv2zHjAmB3OIUdDqXoPWQinhvsblnJslxP/O/A+xAlS H7q6Qs70oNWtkahb3yJCNJwC0GyY988F4BkMcCk8rGhYPW1nunKQJeH46E6Aw8Im Pz8q2iwtQcOxc9u3KI4Ji7nY/nngt1JGxlp68j+xCuWCNZQsClK41mW71M86w8KF DqdbnG4Uttw0wDb4TIO88SSgKQfspJ9O4wEntC08bJdo7bTDfHsjekNgNEPBTHH9 D6DmMwMpIcsODRbqDDDo2gsPDgzjmP7/zUtMI4cYpNHQNanorqXvTkf2WDiZMb6I IdBwsTyxvOfIWCaJPg6H =EeiR -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/30/2014 03:44 AM, Crypto wrote:
I've also found a repository of TrueCrypt versions. It seems to be fairly complete. I've put it up for download. Please feel free to share.
Here's another one: https://github.com/DrWhax/truecrypt-archive Thanks, DrWhax. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ FizerPharm: Trust. Profit. Deniability. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTiRThAAoJED1np1pUQ8Rk3tAP/1qXBMReMo0d6oPQV9OmfJdj iSWN6YfGwb4XOE0fVEOkxyhRp6GPGbHrm1rdvby6bL1BogzNs6N+Uz5hb0IjKdTE Ifx06NP1bbDnv8vFDMNWYl2L9B2QqugLZeAaKIxCBIDvOAZsUbwbTHTGAy9vmTrU c9jwTTRGk75lhags+CS/tzb7rDP49rQwjtA+l+qjZy1p/Vn1sW3qU2Oyd8C3i8iB pFDS2FOL3y+tqSgwixlbWs4Mj57CbOSeoKNo7Yv2yTpZk3KRjKv07Im9vTXMTeEQ 3zXaChFG6f6AwkExrQ455hHPlWe9q32gUwlQwyLzv/TPBsTCvKj9qLQR8RRwP2yR vZI1sz8RR72/okMMt7jARdKGX7bycmqeTmYzgAKq42xr6WntP/WNAbnFddY0Bv/G aHfHdT9IZhjXU8tAwANYAQEq/Bxtu2EcyOf33Z18etPGwEo2LI+67AmBYtZYQker KFoMqqI7SAFsQ107mqKrf7QP8GQk1fM/bDDX2hJ2EOWat5dsR7AMbTCnn6N3Y1hF q5HSCuGeV1dOVxdPAOPzvtMau1ESnXYraKHxsVaaqy3eQEttP/Ot/C+uKHOOSt2Z MiASL8LiYefhTyMhNaxo33Q6ZU04gqs99JtKa1n47W3It3CtUB9N6+b6VLYmqTl4 fQZQ9fChNDy4suaWAmqC =MVFc -----END PGP SIGNATURE-----
participants (5)
-
42 -
Crypto -
NullDev -
rysiek -
The Doctor