TrueCrypt

TrueCrypt is dead, long live TrueCrypt. In a move that shocked everyone on the internet TrueCrypt was taken down on May 28th 2014 and the official TrueCrypt website, truecrypt.org, began redirecting users to a page warning the software contained unfixed security issues.

This announcement caused a great amount of panic and speculation about one of the most popular cross platform encryption tools available. As the dust settled it’s become clear there are no known security problems with TrueCrypt but all development by the original authors has ceased and it is their opinion that to use unmaintained software would pose a security risk.

Don’t Panic

In part they might be right. If down the line a flaw in TrueCrypt is found they will not be fixing it, but as yet there is no such flaw and a full security audit is under-way. The audit is being carried out by iSECpartners and crowed funded by TrueCrypt users. While still in its infancy it has already completed work on the TrueCrypt boot loader and found nothing of concern. For those who don’t want to read the full report Steve Gibson of GRC.com did a fantastic breakdown for Security Now Episode 458.

Verifying the TrueCrypt v7.1a Files

Across this site I have used my OpenGPG key to digitally sign my downloads as a way of authenticating them. In this case I didnt want to sign the work of someone else and it would only have verified that the download was the one I intended for you to get.

Since paranoia is nothing to be ashamed of I’ve taken a leaf out of GRC’s book and provided SHA256, SHA1 and MD5 hashes for all my downloads which I have then digitally signed to prevent tampering.

Now, since I do not have another site I can host an independant copy of these hashes on I can only point you to the same place as GRC does. Taylor Hornby (aka FireXware) of Defuse Security is hosting a copy of the same files offered by GRC at https://defuse.ca/truecrypt-7.1a-hashes.htm. The best validation I can offer is the hashes of my files match exactly what is offered by GRC and serveral other independent archives.

TrueCrypt 7.1a Archive Repository

File Name Operating System
truecrypt-7.1a-linux-x64.tar.gz Linux/Unix truecrypt-7.1a-linux-x64.tar.gz (178 downloads)
truecrypt-7.1a-linux-x86.tar.gz Linux/Unix truecrypt-7.1a-linux-x86.tar.gz (180 downloads)
TrueCrypt 7.1a Mac OS X.dmg Mac OS X TrueCrypt-7.1a-Mac-OS-X.dmg (181 downloads)
TrueCrypt Setup 7.1a.exe Microsoft Windows TrueCrypt-Setup-7.1a.exe (174 downloads)
TrueCrypt User Guide.pdf N/A TrueCrypt-User-Guide.pdf (186 downloads)
truecrypt-7.1a-linux-console-x64.tar.gz Linux/Unix truecrypt-7.1a-linux-console-x64.tar.gz (183 downloads)
truecrypt-7.1a-linux-console-x86.tar.gz Linux/Unix truecrypt-7.1a-linux-console-x86.tar.gz (179 downloads)
TrueCrypt 7.1a Source.tar.gz N/A TrueCrypt-7.1a-Source.tar.gz (183 downloads)
TrueCrypt 7.1a Source.zip N/A TrueCrypt-7.1a-Source.zip (180 downloads)

OpenPGP Signed Download Hashes

About the Author

Stuart McCulloch Anderson
For over a decade and a half Stuart has been in love with all things science fiction or technology and for almost fourteen of those years his operating system of choice has been one breed of Linux or another and despite some brief trips back into the world of Windows Stuart has never found him self wanting anything else.