[Ach] TrueCrypt discontinued?

Pepi Zawodsky pepi.zawodsky at maclemon.at
Wed May 28 23:24:17 CEST 2014

Personal opinion: The whole thing stinks.

Facts collected so far:

- The signing key seems to be genuine, signatures are good.
- The signing key is 1024/DSA. The key could have been compromised to sign the “new release”.
- The signing key available for download on the website has Windows line endings.
- One previously downloaded version of the SAME key from the website had Unix line endings.
- It doesn't make any sense to release 7.2 just to shut it down.
- The TC audit team doesn't know anything about an upcoming release.
- The TC audit team has completed Phase 1 of the audit with good results which - make it unlikely that there is something to be afraid of.
- The changes made in the source code are quite strange.
- The 7.2 release contains an updated license (TC license 3.1, I haven't diffed it yet.)
- 7.2 can only read TC volumes.
- The Windows installer for 7.2 doesn't make any network connections during installation.

Virustotal doesn't recognize any malware in any of the released binaries or installers.

Source diff:

Best regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140528/a4414c23/attachment.sig>

More information about the Ach mailing list