TrueCrypt is open-source, but has anybody actually reviewed the source code?
Yes. In fact, the source code is constantly being reviewed by many independent researchers and users. We know this because many bugs and several security issues have been discovered by independent researchers (including some well-known ones) while reviewing the source code. As TrueCrypt is open-source software, independent researchers can verify that the source code does not contain any security flaw or secret ‘backdoor’. Can they also verify that the official executable files were built from the published source code and contain no additional code? Yes, they can. In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code.
Related Questions
- I m fairly new to the Internet and have never actually sent and e-mail attachment before. Would you tell me the easiest way to do this?
- A person who will never make it in the game industry, since guys in the game industry have to actually, like, work, know whatimean?
- WHO ARE THE BEST CANDIDATES FOR SPIDER VEIN REMOVAL (SCLEROTHERAPY) AND HOW DOES THE TREATMENT ACTUALLY WORK?
