Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Replacing binaries for specific targets certainly happens more than one would like. This has even happened specifically with TC and VC files in the past. A mitigating circumstance though with Veracrypt is that the binaries also have detached GPG signatures that one can check against IDRIX's public key to verify that it is in fact what Idrassi has released on the website. It's still possible for actors to tamper with the binaries in other ways even if signed, so it's best to pull from source and periodically check the diffs.


If you read my original post again, unfortunately my lack of trust is exactly with Idrassi and IDRIX. Other than that, I agree.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: