-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have verified that the latest master HEAD, e8529e95d89d3f519a31ef7de5bd7f0d0d318e8c, looks good to me. Mostly the git-diffs are from moving all the source to the src directory. There is one minor issue I found. Line 3045 of src/Driver/ntdriver.c uses the class ID from TrueCrypt. Class IDs are documented here: http://msdn.microsoft.com/en-us/library/ms970651.aspx I think we need a different, random class ID if we don't want to collide with TrueCrpyt running on the same system. This basically is the ID Windows uses to allow COM objects to communicate with each other. They are all supposed to be unique. I wanted feedback on this issue before fixing it, but I'm leaning towards creating a random-ish ID. To show that I didn't cherry pick the random ID for some nefarious purpose, I would use the latest hex digits from our commit history, rather than trusting a random number generator. Would this be OK? The most significant change was a bug Jason found and fixed. Good catch on the string length on line 3050 in Ntdriver.c! I missed that in my review. So, Jason is +1 vs me in catching bugs the other guy should have found :-) One unrelated question: Should the security team have it's conversations here? I think we need to be as public as possible when reviewing code, unless we discover an exploit we want to patch before publishing. This long-term ongoing review may be boring to the other ciphershed list members. Bill I have never been served with any warrant such as an NSL, I have no gag order of any kind, and am not under any sort of compulsion related to the CipherShed project. The latest commit I have reviewed and trust all the way back to the original TrueCrypt original source is e8529e95d89d3f519a31ef7de5bd7f0d0d318e8c. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTsxYuAAoJEL9an3rWhBk+I/4P/2Kfd+JrKi2FxZSFqIxvcFXZ 3Q2Yv1jjF9Y7ZHs/dY95CF0hQJq4pYuEJYHMEQLXPkcCFlG72HrSeV2oHzhpmyI4 hhEl9sTorrlWAnZ8jsnIwG8mH/KXHNW75WqcxTzqxnLX2w2yoizrYhYQPciMAIDl RuueIBN1xMmeJVMNnl6MvEouatvQt87nb/HBa91NT7C6AOepAx1isqEWKVHdwn00 KvM/QnuINe8rqzggFrU/1nJgoY3g8J1fWQPliMoV9AvVvnobnftGQiJE+itcawC0 16IMEkS6SKa5MKnBaFaWYf573clM8xVDhH5t1k8cg8Ac/DdSUKW5Dpb4qFOUU1hw 37PuYG5zoVkQLLdYLF0DQJbUr7IKCrsKMVmNQetSjsLha1Mc4hZJSsOuSAuUbQto o+1zKdi2VQZ0W/Bc/vV+P6EOZdRqAu3SaiuESgiyx9meaH6c7M+VtSuE4Ajtn/oA hDeR/TuLof+gqqIdQAFryHiby/z5dAPTUwyhAei46lwYAmvLXokOynlrWVIwk+99 Q97f1DXelXw2gwNM8V0b+FTHjEu1DNqVUg9m0F1DlvY+t7vhXnbyktwIatUuZWzL 403HruZuf6Lnn6Pt0ktiI+kNEnqLZN/s7Xw9wevx7lNznpjiv3ASEqO5qIGd5phE OkRxiSqxApfq0zazyMCP =FAvj -----END PGP SIGNATURE-----