Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • October 22, 2016, 11:11:52 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Discrepancy Found in TrueCrypt v5.1a  (Read 1323 times)

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,982
    • View Profile
    • Donate to Member
Discrepancy Found in TrueCrypt v5.1a
« on: January 30, 2009, 09:22:41 PM »
Source: http://www.wildersse...wthread.php?t=218663

Quote from: KookyMan
Hey all. I was just working with some files trying to clear stuff out and I found a discrepancy with two copies of TrueCrypt v5.1a. Both were downloaded months apart, the first was downloaded during its initial release, along with the PGP verification that was provided by TrueCrypt.

A couple weeks ago I downloaded another copy of v5.1a (After the release of v6.0) as I wanted to test something and couldn't find the original archive that I had downloaded. This second download is .12MB larger. I downloaded the associated PGP verification, which also verified as accurate.

The PGP verifications don't work with each other, just the version that was downloaded at the same time (two different signatures obviously).

Anyone notice mid-term changes in TC applications before? Are they updating it without actually releasing new version numbers? I can't ask on the TC forum because it is still down over a week later.

For comparisons, here are a couple hashes from the files:
TrueCrypt v5.1a Install dated 15MAR08, 2,585KB
MD5: 0b02b6a8b9437f8968cbe8719722079b
SHA512: 3200e65995dc655c29b06f3ee363c16591e9526f219fc3a8531d9b76b2cbe72e4a35d3136a74292a79aa2decd9c7a530be066b6d3f12f94f094d8712c70441d2

TrueCrypt v5.1a Install dated 3AUG08, 2,696KB
MD5: 9f2c390917d60aa2f729516cd1a6818f
SHA512: be80093e9946654320e6689fae149779df45fba4959d7b7ff2d70503b0ef84ea750b08b12bd0f02924c2c1a81ff7fdf66f672817125bd959998ffe9c66f8e857

Just fired up my VM. I found the first (if multiple) differences between 5.1a-original and 5.1a-new. The new 5.1a during installation wants to disable the page file as v6.0 does, but the old 5.1a does not.

The question is, why this change? Trying to fix a problem in an old version that they didn't want to admit to? The fact that they made the change, and any other changes, without acknowledging it bothers me.

I can't wait for the TC forums to come back up to put this out there.

Actually, this also creates a new problem. The source code was never released for this version of TrueCrypt. You can only get access to the source code of the current version, and if they changed 5.1a when they moved it into the "old" releases, you can no longer access the source code of the new modified version.

I asked someone who is involved with TrueCrypt quite closely as he had in the past developed two add-ons for it to take a look.

According to him, the installers for 4.3a and 5.1a have both been changed in the recent past. They are almost identical with v6.x's installer which disables the pagefile now by default (user selectable option.) They also updated the included license file. The program itself, as well as the driver files, remain identical with their pre-6.0 selves.

In his words, "In my opinion they have just polished the license and the installer to be up to date."

So it appears that things are still kosher, but I wish they would have made some sort of indication that the installer was changed.