Um. No. Hence "I still don't understand." I've said that twice already. I also asked you to make better sense of what you've said to help me understand. What straw men? Could you provide an example of one I presented? What did I play around with? I've quoted you literally verbatim, and taken what you've said at your word. Do you mean you can't be bothered to admit you've contradicted yourself, so instead you'll commit another logical fallacy [this time ad hominem] and spend your time focusing on me personally, and going the famous route of psychoanalyzing the person showing you up...instead of actually discussing the issue at hand? Yeah. Never seen that before.
So, make contradicting statements, then when they are called out as such and you are asked to explain, resort to ad hominem and psychoanalyzing, and project your own logical fallacies onto other people...anything to avoid the actual issue being discussed, and then finally, per Internet forum SOP, call the person who called attention to your fallacies a "troll" and pretend you're retreating by way of some moral high ground, so as to attempt to mask the tail tucked between your legs. Excellent strategy. Again, never seen that before.
Nope, I wont engage in nitpicking dialog with you. Again, as they say, dont feed the trolls... Append that as many times as you respond forthwith.
I've compiled the source code of TrueCrypt 7.1a and compared the binaries with the originally distributed ones (by using "dumpbin.exe /all /disasm" and "fc.exe"). I've found only differences in: build time stamps / file checksums / further build time stamps / CodeView build GUID / certificate area. I have even tried (with several attempts) to modify one byte of the source code (in several areas) to see whether these would be detected but all modifications were found. Case closed TrueCrypt 7.1a Source.zip -- SHA-256: 9ec1a8002d80a4bfa43cb1d4116fb59c3f00d94407a042556183fe72541ea431 TrueCrypt Setup 7.1a.exe -- SHA-256: e95eca399dfe95500c4de569efc4cc77b75e2b66a864d467df37733ec06a0ff2
If someone decides to put a backdoor in truecrypt, then inspect the source code for the backdoor and remove it. It is literally that simple.
One more aspect: If TrueCrypt was some high-level honeypot — even for completely innocent, benevolent purposes, as some seem to think possible — and the idea was to spread it everywhere and "make it the go-to application for encryption worldwide" (particularly for techies and people who would be able to do high-level harm through electronics in some way and would make regular use of encryption)... Why in the world would you place a restrictive license on it, making all the open source initiatives and Linux builds unable to include it right in their distribution by default?? Isn't that something you would welcome? Wouldn't that make your job a ton easier? In fact, wouldn't that literally be doing your job for you? And wouldn't it be getting done in the most advantageous sect of the population (the techies)? Hell you could even make a push to get it included in the Microsoft and Apple OSs...and then you wouldn't have to approach pretty much any company about implementing any backdoor into an encryption product: virtually the entire consumer market would already have a great one included on their system already. (Meaning that's obviously the one almost every one of the users is going to use.) Between Windows, Mac, and Linux, you've got at least 97% of the entire computer market. If your entire goal was to get as many people using the software as possible (particularly if that was your goal simply because you wanted to have the best chance possible of someone bad encrypting useful information about nefarious deeds using your software)...Why in the world would you place a legal restriction on its distribution? I've never heard a more appropriate situation for the metaphor "shooting yourself in the foot." P.S. I hadn't really thought this before, really because I hadn't given this whole thing much thought at all. But as seen in the OP, even on the surface, the fact that the license is (allegedly) restrictive does absolutely nothing to support the theory (let alone suggest) that TrueCrypt is a honeypot, government or otherwise. But given the reasoning I just offered above — which is not exactly complex, nor difficult to come by — it's quite obvious that the license aspect actually hurts that case...which is even more reason this "box750"/"Privacy Lover"/"Frank" character should be completely embarrassed by his article. Honestly, if anything, at best it makes him look incompetent. At worst, it makes him look like a disinfo agent, spreading the typical FUD to get people to use some other product from a "trusted" company like Microsoft and it's Bitlocker. (But of course trying to come off neutral with his obligatory "trust no one" clause.)
Out of curiosity, what all did you use to make this comparison? Wow. I wonder why no one else ever thought of that. That's like saying "If someone decides to hide a needle in a barn full of hay, then just search the barn for the needle and remove it. It is literally that simple"...except you need expert level knowledge in two different areas of science before you can even see the hay, or even know what a needle looks like. It's like saying "If someone decided to rewire a random car in the crowded parking lot such that something bad would happen upon driving or starting it, then inspect the engineering (electrical, mechanical, electronic, etc.) of every single car in the lot, and defuse the trap. It is literally that simple." But more importantly than that...did you compile the source code yourself? Or are you running the binaries available on the site? Have you reverse engineered those and confirmed the code is exactly the same as the source that is made available? I would be confident in saying far less than 1% (probably less than .01%) of people using TrueCrypt compile it themselves. That means, it doesn't matter what the source code says. You have no guarantee that's what you're installing anyway.
I've updated my former post. It now includes a reference to the used comparison tools and the SHA-256 checksums of the respective TrueCrypt files. You have now a verifiable opinion that the published TrueCrypt 7.1a source code matches the published TrueCrypt 7.1a binary files (for Windows).
http://www.implbits.com/HashTab.aspx (Alternatively, open source software like "gpg.exe --print-md sha256 filename". I do compare the results of comfortable closed source software with open source software )
Thanks...I found it before you posted, so I edited my post...you must have been typing while I was doing it! PD
To be fair, you did come across as condescending in this post - only to later accuse him of the same. All he did was ask for some clear examples of what you were claiming. JackmanG was right: it did all sound rather interesting. The thread would have gone much smoother if you had decided to clarify what you had posted, rather than becoming defensive. From my point of view, it seemed as though you were guilty of most of what you accused him of.
There you go again. FYI, box750 (Frank) has been a member here a long time and has a website he shares with the world - you should be ashamed. You are the one who started this thread with a long OP full of links, etc. but you say you haven't "given this a lot of thought." Poosey II/JackmanG/etc./etc./, you really need to be on your way and leave Wilders (and close all your sock puppets, too). You are incredibly disruptive. It makes me back off every time you return here. Basically, your attitude ruins this otherwise wonderful forum for many of us.
Here is an alternative TrueCrypt binary comparison: https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
Thanks mate. I'll say this: Out of all the Disk/Container encryption programs out there, there is a ton of anecdotal evidence that TC *is* trustworthy, IMO. I donated to the "istruecryptauditedyet" project...the 'final word' would be awesome. PD
First, thanks for the information! Second, there are two things I don't like about TC compilation process: the need for a compiler from 1993 (!) and the need for the Pro version for Microsoft Visual Studio 2008 in order to achieve the same results as they do. I really don't understand why can't they use the free compilers available (or at least some recent paid ones). I'm not accusing them of anything malefic here, but sometimes laziness can damage your reputation...
Truecrypt does not contain a honeypot, lol. Truecrypt is perfectly secure. Unless someone extracts your encryption keys from RAM, there is no way anyone can crack the encryption algorithm of Truecrypt.
