Hacker News new | past | comments | ask | show | jobs | submit login
Truecrypt.org appears hacked (truecrypt.org)
11 points by spiffytech on May 28, 2014 | hide | past | web | favorite | 3 comments

Quoting @ValdikSS on Reddit[0]:

  TL;DR: The website is presumed hacked, the keys are presumed compromised, 
  the binary on the website is capable only to decode crypted data, 
  not encode, and may contain trojan. The binary is signed with the valid (old) key. 
  All old versions are wiped, the repository is wiped too. 

  Please do not download or run it. And please don't switch to bitlocker.                                                                                                                     

  Latest version is 7.1a. Version 7.2 is a hoax.                                                                                                                                                                                             

  TrueCrypt Setup 7.1a.exe:                                                                                                                                                                                                                  
  sha1: 7689d038c76bd1df695d295c026961e50e4a62ea                                                                                                                                                                                             
  md5: 7a23ac83a0856c352025a6f7c9cc1526                                                                                                                                                                                                      

  TrueCrypt 7.1a Mac OS X.dmg:                                                                                                                                                                                                               
  sha1: 16e6d7675d63fba9bb75a9983397e3fb610459a1                                                                                                                                                                                             
  md5: 89affdc42966ae5739f673ba5fb4b7c5                                                                                                                                                                                                      

  sha1: 0e77b220dbbc6f14101f3f913966f2c818b0f588                                                                                                                                                                                             
  md5: 09355fb2e43cf51697a15421816899be                                                                                                                                                                                                      

  sha1: 086cf24fad36c2c99a6ac32774833c74091acc4d                                                                                                                                                                                             
  md5: bb355096348383987447151eecd6dc0e                                                                                                                                                                                                      

  Diff between latest version and the hoax one: https://github.com/warewolf/truecrypt/compare/master...7.2                                                                                                                                   
  Screenshot: http://habrastorage.org/getpro/habr/post_images/da1/1bf/6a5/da11bf6a5225fa718987ba4e54038fc1.png 

Also, Kenn White, who is involved with the Truecrypt audit, asserts this is probably a compromise[1].

[0]: http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_i...

[1]: https://twitter.com/kennwhite/status/471740840478797824

What's going on?!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact