How I Compiled TrueCrypt For Windows and Matched the Official Binaries

First time accepted submitter xavier2dc writes "TrueCrypt is a popular software enabling data protection by means of encryption for all categories of users. It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way. This has led several concerns raised in different places, such as this blog post, this one, this security analysis [PDF], also related on that blog post from which IsTrueCryptAuditedYet? was born. One of the recurring questions is: What if the binaries provided on the website were different than the source code and they included hidden features? To address this issue, I built the software from the official sources in a careful way and was able to match the official binaries. According to my findings, all three recent major versions (v7.1a, v7.0a, v6.3a) exactly match the sources."

But can you trust Microsoft Visual C++

[Suiggy]

Sure, the binaries match up after rebuilding from the sources. But perhaps the compiler injects exploits into all versions of binaries. Or maybe there are exploits in the MSVC CRT.

And let's not forget that the Windows operating systems are all essentially just NSA backdoors.

worst grammar mistake they could make

[slashmydots]

"It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way."

What they mean is:
It is getting even more attention lately[,] following the revelations of the NSA[,] as the authors remain anonymous and no thorough security audit [has] yet been conducted to prove it is not backdoored in any way.

Oh, you know, so it doesn't say: "revelations of the NSA as the authors," implying that the NSA wrote the software.