There's a paragraph in the Phase I Audit Report (published a year ago) which includes a checksum:
> The iSEC team reviewed the TrueCrypt 7.1a source code, which is publicly available as a zip archive (“truecrypt 7.1a source.zip”) at http://www.truecrypt.org/downloads2. The SHA1 hash of the reviewed zip archive is 4baa4660bf9369d6eeaeb63426768b74f77afdf2.
The Phase II report (today;s release) claims to be auditing 7.1a, so I assume it's exactly the same version and ZIP file.
What is the checksum of the source tree that I can use to verify that I have exactly the copy they audited ?
I looked at the full report PDF and saw no mention of downloads, binaries, source trees or checksums.