[ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4

• From: Stephen R Guglielmo <srguglielmo@xxxxxxxxx>
• To: ciphershed@xxxxxxxxxxxxx
• Date: Mon, 23 Jun 2014 09:46:32 -0400

On Mon, Jun 23, 2014 at 6:56 AM, Bill Cox <waywardgeek@xxxxxxxxx> wrote:
> Personally, I wish to contribute long-term to CipherShed as one of the
> people who check the code for back doors.  I don't have any particular
> reason to believe I am any good at it, but I certainly feel better
> after checking the code myself.

Based on your attention to detail thus far, I think you'd be great for
that actually, Bill!

> First, Stephen did solid work.  Nice job!  He not only checked in the
> same TrueCrypt sources we can find on the Internet in various places,
> he explained how he verified them.  If we can have solid explanations
> like this in git commit comments or change logs going forward, it will
> make verification much simpler.

Thanks!

> We now have Windows .exe files signed into the git repo.  We should
> use them to verify newer versions of these exe files rather than
> assuming they are golden and error-free.  If these executables are
> hacked, it could be a disaster.  If they are out of date and have
> unpatched buffer overflow bugs, they could be exploited.  However, I
> think it is a good idea to have these executables in git.  When we do
> releases, I think we should use the latest versions of these
> executables from our favorite sources (preferably sources that are not
> disclosed), and verify that we get the same result as using the signed
> in versions.

Hm? I don't think there's any .exe files committed to git right now?

> I verified the Pkcs11 header files match those I could download from
> the RSA site, and also match those from the realcrypt project.  I
> checked the sha256 signatures for the source .tar.gz and .zip files,
> and verified the truecrypt-hashes.asc file matches what I could find
> using Google.  Everything checked out.
>
> Minor update needed to README.md: The
> https://ciphershed.org/DevelopmentProcess page is referenced in the
> README.md file, but does not currently exist.  Similarly,
> https://ciphershed.org/Docs does not currently exist.

Updated!

• Follow-Ups:
  • [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4
    • From: Bill Cox

• References:
  • [ciphershed] Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4
    • From: Bill Cox

Other related posts:

• » [ciphershed] Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4- Bill Cox
• » [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4 - Stephen R Guglielmo
• » [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4- Bill Cox
• » [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4- Stephen R Guglielmo

1. Home
2. ciphershed
3. Archive
4. 06-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---