Discussion in 'Mac Apps and Mac App Store' started by ring, Mar 9, 2012.

  1. ring, Mar 9, 2012
    Last edited: Mar 23, 2012

    ring macrumors regular

    Nov 17, 2011
    If the website providing a download isn't secure, doesn't that mean the ISP can cache an evil FBI version of truecrypt? With the use of subpoenaed proxy caching?

    How do you know you are getting a real version? Couldn't some corrupt powerful agency force your ISP to cache an evil version, or force them to intercept anybody's legitimate traffic, and replace it with a bad version (with a backdoor installed)? I use truecrypt for all my personal backups, financial documents, and school documents, and I don't want an insecure version "protecting" them.

    - Truecrypt doesn't use SSL, or any web encryption. How can we know that the download we are receiving doesn't have any backdoors (RIAA backdoors, MPAA backdoors, third-world-government backdoors, etc?)

    - They offer a .sig PGP verification, but I don't know how to use this...

    Am I missing something?

  2. miles01110 macrumors Core


    Jul 24, 2006
    The Ivory Tower (I'm not coming down)
    You don't, and honestly it doesn't matter a single bit. If the FBI or RIAA wanted information "protected" by your TrueCrypt install, they would go and get it from another source (like your bank or ISP).
  3. ring thread starter macrumors regular

    Nov 17, 2011
    Well, If you download the necessary files from their website, you can do a PGP/GPG verification of the .DMG download (using the .sig file, and the truecrypt team's ASC public key)

    Is this correct?

Share This Page