lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 04 Jun 2014 15:05:17 -0700
From: Dave Warren <davew@...eahit.com>
To: Dave Howe <davehowe.pentesting@...il.com>, 
 fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt?

On 2014-06-03 04:09, Dave Howe wrote:
> The issue we have with the current TC builds is that they are not
> reproducible.
>
> The source code is available online, and is in the process of being
> audited, but there is no guarantee the installer almost all the users
> have installed TC with contained code actually built from that source.

https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ 
claims to have managed to build a reasonably identical build (such that 
the remaining differences can be identified and explained as build 
date/time stamps). The site includes instructions to reproduce the work.

I haven't tried it personally, but it might be an interesting exercise 
to see if anyone else can independently reproduce the binaries.




_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists