TrueCrypt 7.1a Win32 Binary Verified

Xavier de Carné de Carnavalet, a master’s student at Concordia University, Montreal recently demonstrated that the official binary of Truecrypt 7.1a for Windows is indeed produced from the supplied source. Proving that a compiled binary derives from the same source on many platforms is far from trivial as you must ensure that all variables (compiler flags, library versions, etc.) are identical to the original build. His report includes detailed instructions should you wish to reproduce his results.

Of course this does not mean that Truecrypt is proven to be safe. This merely validates that the source code and binaries released to the public match. A backdoor could still exist in the source – and yes, a subtle “bug” could hide in plain site for long period of time.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s