Untitled

[23:50] --> You (~valdikss@92.42.31.58) have joined the channel #truecrypt.
[23:50] *** The channel topic is "TrueCrypt v7.1a (07-Feb-2012) @ http://truecrypt.org/ - Please ask your question and stay a while (don't leave us)! :)".
[23:50] *** The topic was set by Raccoon!wayward@unaffiliated/raccoon on 12.03.14 23:08.
[23:50] *** Channel URL: http://www.truecrypt.org
[23:50] <ValdikSS> hi
[23:50] <froax> but remember truecyrpt is not a free software, the entiere free software is tc-play ;)
[23:50] *** Channel modes: g, no messages from outside, topic protection
[23:50] *** This channel was created on 16.06.10 02:50.
[23:50] <ValdikSS> what's going on?
[23:50] <hazardous> hi
[23:50] <hazardous> yes we know don't touch it
[23:50] <Darky> linking the development of TC with MS's end of support for XP makes no sense to me
[23:50] <-- froax (~froax@unaffiliated/froax) has left this channel ("Leaving").
[23:50] <hazardous> so who owns this channel lol
[23:51] <Darky> Raccoon does
[23:51] <Darky> but he's afk
[23:51] <plus> is raccoon a TC dev
[23:51] <Darky> no
[23:51] <plus> welp
[23:51] <Darky> well maybe, but TC devs have never told who they are
[23:51] <ValdikSS> Is only the site got hacked?
[23:51] <ValdikSS> Not downloads?
[23:52] <znf> don't download that .exe
[23:52] <znf> it's most likely changed
[23:52] <plus> The files listed have all been recently changed
[23:52] <plus> Definitely do not download them
[23:52] <Darky> I wouldn't download them
[23:52] <ValdikSS> Let's check signatures
[23:52] <hazardous> otoh i just downloaded all of them and uploaded them to f-secure hydra
[23:52] <ValdikSS> Do you guys have old keys?
[23:52] <znf> Last version was 7.1 afaik?
[23:52] <hazardous> btw, do `curl http://www.truecrypt.org/xxxxxxxx'
[23:53] <ValdikSS> extra/truecrypt 1:7.1a-2
[23:53] <ValdikSS>     Free open-source cross-platform disk encryption software
[23:53] <hazardous> or use a browser that ignores redirects
[23:53] --> bontibon (~bontibon@unaffiliated/bontibon) has joined this channel.
[23:53] <plus> hazardous: specifically that url?
[23:53] <hazardous> anything
[23:53] <hazardous> /* redirects to a custom page now
[23:53] <hazardous> i assumed it was just the frontpage
[23:53] <hazardous> but apparently not
[23:53] <ValdikSS> it's front for me
[23:53] <ValdikSS> <meta http-equiv="refresh" content="2;URL='http://truecrypt.sourceforge.net/'" />
[23:54] <ValdikSS> so guys
[23:54] <ValdikSS> does anybody has keys?
[23:54] <ValdikSS> old keys
[23:54] <Darky> ValdikSS: they got the site, and the sourceforge page
[23:54] <hazardous> yea
[23:54] <hazardous> https://www.google.com/search?q="C5F4+BAC4+A7B2+"
[23:54] <Darky> the keys could have been compromised too for all we know
[23:55] <plus> https://twitter.com/cynicalsecurity/status/471739884680794112
[23:56] <plus> according to this guy the new binaries are signed with the same keys
[23:56] <ValdikSS> hey
[23:56] <ValdikSS> there is shasum in archlinux pkgbuild
[23:56] <ValdikSS> i'll check now
[23:56] <hazardous> i want to know if the 7.2 src matches the exe
[23:56] <plus> shasum will be different
[23:56] <hazardous> because for all we know, exe and dmg might be tampered
[23:56] <plus> because the binaries have been changed
[23:56] <hazardous> but source might not be
[23:56] --> maciek (maciek@unaffiliated/maciek) has joined this channel.
[23:56] <Darky> but the source might be... someone has to check
[23:56] <maciek> hi?
[23:56] <ValdikSS> md5sum should be 102d9652681db11c813610882332ae48
[23:57] <Darky> also the fact they they removed all the old versions from sourceforge is really fishy
[23:57] <plus> ValdikSS: checksums aren't going to tell you anything
[23:57] <maciek> someone hacked truecrypt's website on SF?
[23:57] <plus> they are going to be different whether or not this is legit
[23:57] <ValdikSS> plus: and the sig is saved actually
[23:57] --> genii (~quassel@ubuntu/member/genii) has joined this channel.
[23:57] <Darky> pretty sure that's the case yes, not only that but everything else too.
[23:57] <ValdikSS> ftp://ftp.archlinux.org/other/tc/truecrypt-7.1a.tar.gz
[23:57] <ValdikSS> ftp://ftp.archlinux.org/other/tc/truecrypt-7.1a.tar.gz.sig
[23:58] <ValdikSS> but that may be custom build, not sure
[23:58] <plus> I'm pretty sure the signatures in the archlinux repository are going to be by the archlinux repository maintainers, not upstream.
[23:59] <ValdikSS> https://www.alchemistowl.org/arrigo/truecrypt-7.1a-7.2.diff.gz  diff!
[23:59] --> BlueMatt (~BlueMatt@unaffiliated/bluematt) has joined this channel.
[23:59] <ValdikSS> The signature of the TrueCrypt .exe was made on Tue May 27 12:58:45 2014 EDT using DSA key ID F0D6B1E0.
[23:59] <hazardous> pub 1024D/F0D6B1E0 uid TrueCrypt Foundation
[00:00] <ValdikSS> there was an email from sourceforge on may 22
[00:00] <ValdikSS> they switched to another hash algo for passwords
[00:00] --> Wessie (~Wessie@ip5651e009.adsl-surfen.hetnet.nl) has joined this channel.
[00:00] <ValdikSS> and wanted everybody to change their passwords
[00:00] <hazardous> do you have a copy of that
[00:00] <ValdikSS> sure
[00:02] <hazardous> http://sourceforge.net/blog/sourceforge-net-password-reset-required/
[00:02] <ValdikSS> http://pastebin.com/PMgmXPYj
[00:03] <hazardous> i want to know why that is vaguely worded
[00:03] <hazardous> incredibly vaguely worded
[00:03] --> cnu_ (~u@s8635.dmz.se) has joined this channel.
[00:03] <genii> Did the site get compromised?
[00:03] --> ivan (~ivan@unaffiliated/ivan/x-000001) has joined this channel.
[00:04] <ValdikSS> https://defuse.ca/files2/TrueCrypt-Foundation-Public-Key.asc old key
[00:04] <hazardous> ValdikSS: the way they worded that
[00:04] <ValdikSS> strings TrueCrypt-7.2.exe | grep "Using TrueCrypt is not secure"
[00:04] <Darky> genii: probably yes, the site and everything else
[00:04] <hazardous> seriously sounds like someone got the sf userdb or something
[00:04] --> baizon (~baizon@unaffiliated/baizon) has joined this channel.
[00:05] <baizon> !admin
[00:05] <baizon> website was hacked :/