Slashdot Mirror

← Back to Stories (view on slashdot.org)

How I Compiled TrueCrypt For Windows and Matched the Official Binaries

Posted by timothy on from the all-the-lurid-details dept.

First time accepted submitter xavier2dc writes "TrueCrypt is a popular software enabling data protection by means of encryption for all categories of users. It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way. This has led several concerns raised in different places, such as this blog post, this one, this security analysis [PDF], also related on that blog post from which IsTrueCryptAuditedYet? was born. One of the recurring questions is: What if the binaries provided on the website were different than the source code and they included hidden features? To address this issue, I built the software from the official sources in a careful way and was able to match the official binaries. According to my findings, all three recent major versions (v7.1a, v7.0a, v6.3a) exactly match the sources."

15 of 250 comments (clear)

  1. But can you trust xavier2dc? by Anonymous Coward · · Score: 5, Funny

    But can you trust xavier2dc? It's turtles all the way down.

    1. Re:But can you trust xavier2dc? by Impy+the+Impiuos+Imp · · Score: 5, Funny

      Yah, really.

      Wait! But what if I, myself, am an NSA stooge and don't realize it?

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    2. Re:But can you trust xavier2dc? by maxwell+demon · · Score: 2, Funny

      OK, but how do I compile xavier2dc? Is the source even available?

      --
      The Tao of math: The numbers you can count are not the real numbers.
    3. Re:But can you trust xavier2dc? by paiute · · Score: 5, Funny

      OK, but how do I compile xavier2dc? Is the source even available?

      Step 1: Find his mother

      --
      If Slashdot were chemistry it would look like this:Cadaverine
    4. Re:But can you trust xavier2dc? by tippe · · Score: 5, Funny

      Lets give him the Voight-Kampff test and find out...

    5. Re:But can you trust xavier2dc? by amicusNYCL · · Score: 4, Funny

      One, he's joking. But two, he's also serious.

      You just blew my mind.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    6. Re:But can you trust xavier2dc? by bondsbw · · Score: 2, Funny

      What if the NSA injected a Ken Thompson hack into our human compilers? Our DNA may have an NSA backdoor!

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    7. Re:But can you trust xavier2dc? by TangoMargarine · · Score: 3, Funny

      Yes. They give you a couple complex calculus problems and if you get them right, you're a robot.

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
    8. Re:But can you trust xavier2dc? by Grog6 · · Score: 5, Funny

      If there's DNA on your Backdoor, you've just been rooted!

      (sorry; but this IS /.) :)

      --
      Truth isn't Truth - Guliani
    9. Re:But can you trust xavier2dc? by Applekid · · Score: 4, Funny

      Ken Thompson once presented a hack where he modified the C compiler to insert a backdoor in the generated code for the UNIX login code (and only that one specific module!). So trusting the compiler to do what you say is NOT an "of course".

      And how can I trust the cpu to actually execute the code as compiled and not insert it's own microcode into the process? And how can I trust the memory chips that hold my data to not clandestinely copy it off someplace else?

      No no, the only solution is to catch the butterflies whose wings flapped and waterboard them to learn the truth.

      --
      More Twoson than Cupertino
    10. Re:But can you trust xavier2dc? by IndustrialComplex · · Score: 5, Funny

      You'll need to provide us with your source code.

      I'll provide you my source code, but just remember, you asked for it. So no complaining to the police when it is delivered.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
  2. Re:Now for extra credit by Thud457 · · Score: 4, Funny

    Define the universe.
    Give two examples. ;-)

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  3. Re:But can you trust Microsoft Visual C++ by Dishevel · · Score: 5, Funny

    I don't. I build all of code in hardware. That is rendered in MineCraft.

    --
    Why is it so hard to only have politicians for a few years, then have them go away?
  4. Re:And why should we trust you? by Anonymous Coward · · Score: 2, Funny

    I'm a little suspect of this ./configure --enable-backdoor option.

  5. Re:Diverse double compiling by Stuarticus · · Score: 3, Funny

    I see the flaw their.

    --
    If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.