![]() ![]() ![]() It took some doing for the OCAP audit team to get in touch with the developers and get the audit started, a project that was meant to answer longstanding questions about the integrity of the application. The developers of the software are anonymous and have proven elusive. The provenance and integrity of TrueCrypt has been a subject of much debate in the security community. “These files were obtained last November in preparation for our audit, and match the hash reported by iSec in their official report from phase I of the audit,” said Kenn White, part of the team involved in the TrueCrypt audit. ![]() So the files are the same as the ones that were distributed as 7.1a. The OCAP team decided to focus on version 7.1a and created the verified repository by comparing the SHA2 hashes with files found in other TrueCrypt repositories. The message that the TrueCrypt posted about the security of the software also was included in the release of version 7.2a. Many seem to have come to the conclusion that the developers simply hit a wall with the project. No word has been forthcoming from the developers, and speculation has continued, but many seem to have come to the conclusion that the developers simply hit a wall with the project. When the anonymous developers behind TrueCrypt posted a notice on their Web site and SourceForge page in late May saying that the software was not safe to use because it might contain unfixed security vulnerabilities, speculation arose immediately that perhaps the team had been targeted by a National Security Letter, a la Lavabit, or that maybe the developers were sending a subtle message about a backdoor in the application. There are versions for Windows, Linux and OS X. The team behind the Open Crypto Audit Project, which has undertaken an audit of TrueCrypt, has posted a verified repository of TrueCrypt 7.1a on GitHub. As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |