From otp22 db
Jump to: navigation, search

CD contents based on file name

"TrueCrypt 5.1a.exe"
The TrueCrypt version change log lists the changes for 5.1a as..


March 17, 2008


    Faster booting when the system partition/drive is encrypted (typically by 10%).   (Windows Vista/XP/2008/2003)

    Other minor improvements.  (Windows, Mac OS X, and Linux)

      Resolved incompatibilities:

    On computers with certain hardware configurations, resuming from hibernation failed when the system partition was encrypted. Note: If you encountered this problem, the content of RAM may have been saved unencrypted to the hibernation file. You can erase such data, for example, by decrypting the system partition/drive (select System > Permanently Decrypt System Partition/Drive) and then encrypting it again.  (Windows Vista/XP/2008/2003)

    Remark: As Microsoft does not provide any API for handling hibernation, non-Microsoft developers of disk encryption software are forced to modify undocumented components of Windows in order to allow users to encrypt hibernation files. Therefore, no disk encryption software (except for Microsoft's BitLocker) can guarantee that hibernation files will always be encrypted. At anytime, Microsoft can arbitrarily modify components of Windows (using the auto-update feature of Windows) that are not publicly documented or accessible via a public API. Any such change, or the use of an untypical or custom storage device driver, may cause any non-Microsoft disk encryption software to fail to encrypt the hibernation file. We plan to file a complaint with Microsoft (and if rejected, with the European Commission) about this issue, also due to the fact that Microsoft's disk encryption software, BitLocker, is not disadvantaged by this.

    [Update 2008-04-02: Although we have not filed any complaint with Microsoft yet, we were contacted (on March 27) by Scott Field, a lead Architect in the Windows Client Operating System Division at Microsoft, who stated that he would like to investigate our requirements and look at possible solutions. We responded on March 31 providing details of the issues and suggested solutions.]

    [Update 2009-05-10: Since April 2008, we have been working with Microsoft to explore possible ways to solve this issue. We have private access to a draft version of a document specifying the future API, which should allow us to solve the issue on Windows Vista and later versions of Windows. Note: We have been asked not to disclose the content of the document to any third parties, so please do not ask us to send you a copy of the document.]

    [Update 2010-07-19: Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions of Windows. Since version 7.0, TrueCrypt has used this API and therefore has been able to safely encrypt hibernation files under Windows Vista and later versions of Windows. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend that you upgrade to Windows Vista or later and to TrueCrypt 7.0 or later.]

    Workaround for a bug in the BIOS of some Apple computers that prevented users from entering pre-boot authentication passwords and controlling the TrueCrypt Boot Loader.   (Windows Vista/XP/2008/2003)

      Bug fixes:

    When the system partition/drive is decrypted under Windows, the original partition table will not be restored. Note: This issue affected users who repartitioned an encrypted system drive and then decrypted it under Windows.   (Windows Vista/XP/2008/2003)

    Other minor bug fixes.  (Windows, Mac OS X, and Linux)

File found at

MD5: 0B02B6A8B9437F8968CBE8719722079B

Jetico BCWipe

bca1506783d8fcfdbd4559698d1eb53e (VirusTotal, last seen: 2009-05-12), unk. version
5a30ef2f6b1f7338865b7101859ee509 (VirusTotal, last seen: 2009-10-02), unk. version
1d7dd8b7aa11d2785de2949e50c79cfa, Latest download on the Jetico site, (VirusTotal, last seen: 2010-01-08), ver.

This would obviously seem to be a TrueCrypt data file.

data.bin analysis



Overall statistics: 0:2097190276 1:2097113724
Shannon entropy: -64938715985.696927953511477

500MB empty AES TrueCrypt file

Overall statistics: 0:2097163299 1:2097140701
Shannon entropy: -64939590268.783677432686090

dd of=LOL6 bs=512000k count=1 (first 500MB of a 23andMe exome TrueCrypt file)

Overall statistics: 0:2097126649 1:2097177351
Shannon entropy: -64940778036.482994619756937

dd if=/dev/urandom of=LOL bs=512000k count=1

Overall statistics: 0:2097120374 1:2097183626
Shannon entropy: -64940981399.813733812421560

dd if=/usr/src/kismet-2011-03-R2/README2 of=LOL3 bs=512000k count=1 (Kismet readme appended to itself for 500MB)

Overall statistics: 0:2490056696 1:1704247304
Shannon entropy: -52263278746.398058656603098

Relevant links


File hash calculator with Windows shell integration

Discrepancy Found in TrueCrypt v5.1a

Differing MD5 file hashes for the same TrueCrypt version
0b02b6a8b9437f8968cbe8719722079b, dated 15 Mar. 2008, 2,585KB
9f2c390917d60aa2f729516cd1a6818f, dated 3 Aug. 2008, 2,696KB
"TrueCrypt Setup 5.1a.exe"
The official TrueCrypt 5.1a installer on the TrueCrypt website
MD5: 9F2C390917D60AA2F729516CD1A6818F