|
|
|
|
|
|
by alexwlchan
4093 days ago
|
|
|
There's a paragraph in the Phase I Audit Report (published a year ago) which includes a checksum: > The iSEC team reviewed the TrueCrypt 7.1a source code, which is publicly available as a zip archive (“truecrypt 7.1a source.zip”) at http://www.truecrypt.org/downloads2. The SHA1 hash of the reviewed zip archive is 4baa4660bf9369d6eeaeb63426768b74f77afdf2. The Phase II report (today;s release) claims to be auditing 7.1a, so I assume it's exactly the same version and ZIP file. Last June, they published "a verified TrueCrypt v. 7.1 source and binary mirror", including file hashes, on GitHub: https://github.com/AuditProject/truecrypt-verified-mirror I just cloned that repo and inspected the source ZIP; the SHA1 sum matches what they quote in the report. |
|
|