About downloading TrueCrypt and verifying the authenticity of the downloaded file – on Mac OSX, the TrueCrypt official website does not provide clear information on how to verify the downloaded file and the How to use the provided PGP digital signature to verify the DMG file. Even thought, they do provide the fingerprint too, they don’t provide the Checksum which is more commonly used.

The checksum is supposed to be: 0dfb1e09b337d92dd7a90095bc29d909

I did use the MD5 App the get the above checksum, and then I goole it to see if I will find it somewhere and I found it on The Chip Magazine download section, so it looks enough reliable for me to consider the TrueCrypt file that I downloaded directly from the TrueCrypt website.

Anyway, the point of all this is that TrueCrypt should also include the Checksum on their own site.

Now, About TrueCrypt for Mac I would prefer not to see a port, but an actual Mac App who does not use or depend on MacFuse, simply because everything that Google makes these days is not security and privacy conscious. Per example: Google Earth and Picasa Software heavily uses Google Analytics and phones home when installing it and on every update, see article below:

http://www.macosxhints.com/article.php?story=20090424045847496

So, Why someone would like to use a fine security tool like TrueCrypt along side a utility developed by privacy – blood sucker – Google?

Sorry, I just don’t trust MacFuse, it could and may be used to mount remotely anything you have on your Mac.

So, in the mean time, Encrypted Disk images (DMG) created with Disk Utility on a Mac seems to be a little more secure than using TrueCrypt on a Mac. Too bad that Apple does not allow you to copy and paste long and strong passwords from passwords managers to open an Encrypted Disk Image, so remembering and using a 40 digits alphanumeric password, with sign and dashes, to open an encrypted container is just unpractical.

Tarzan.

regards