[Cryptography] What is going on with TrueCrypt?

Doron Shikmoni doron.shikmoni at gmail.com
Thu May 29 07:57:46 EDT 2014


On Thu, May 29, 2014 at 2:27 PM, Peter Trei <petertrei at gmail.com> wrote:

>
>
> [I get the 'digest' form of this list around noon each day, so I'm
> probably
> throwing this into an already active discussion.]
>
> 1.0 What do we know?
>
> (...)
>
> 1.3 Includes TrueCrypt binaries ("version 7.2") for Windows,
> Mac, and Linux. The 7.2 version has only decrypt functionality,
> it cannot encrypt.
>
> 1.3.1    These binaries are signed with a 2004 truecrypt gpg key.
>     https://gist.github.com/daveio/14f7d40f05ac68bb2e63
>
>
A data point:
The 7.2 binary file is signed (Autheticode) by TrueCrypt Foundation.

In comparison with the signature on the 7.1a binary:

- Same CA entity (GlobalSign).
- Different certificate (the one used for 7.1a has already expired).
- Certificate for 7.2 is valid from Aug 2012 (i.e. not recent), thru Aug
2015.
- Different key (also 4096 vs. 2048)
- Object signed ‎27 ‎May, ‎2014 19:45:19 (Symantec time stamping)

Doron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140529/93d09d05/attachment.html>


More information about the cryptography mailing list