Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key. The SourceForge page, which was delivered to people trying to view pages, contained a new version of the program that, according to this "diff" analysis, appears to contain only changes that warn the program isn't safe to use. Plus, closed source can't be independently audited without permission, and is vulnerable to NSA orders. Just because proprietary software businesses have "direct incentives to spend money" on their products does not mean they're going to do it.
Is truecrypt 7.2 secure full#
Symantec, a fucking SECURITY software vendor, has been hacked, with the full source code for pcAnywhere now posted on torrent sites for anyone to obtain and re-compile. Look, Adobe has been hacked several times, and has always had plenty of resources to audit their code and keep it secure, but never bothered. This has never been more important than now. For profit businesses have direct incentives to spend money auditing their products. I really wish people would stop waving the open source security banner as it comes with a whole lot of caveats that can be just as troubling as closed sourced projects. This doesn't make sense in light of the limited information at hand. I've used TrueCrypt and I've recommended it to others. I suppose my question is why did the TrueCrypt people close up shop? To follow up on DoomHanster's query, why would you close an open source project and go with a closed source solution that can't be verified? I hate to don the tinfoil hat, but I'm scratching my head as to what the motivation behind this is.