There's a paragraph in the Phase I Audit Report (published a year ago) which includes a checksum:
> The iSEC team reviewed the TrueCrypt 7.1a source code, which is publicly available as a zip archive (“truecrypt 7.1a source.zip”) at http://www.truecrypt.org/downloads2. The SHA1 hash of the reviewed zip archive is 4baa4660bf9369d6eeaeb63426768b74f77afdf2.
The Phase II report (today;s release) claims to be auditing 7.1a, so I assume it's exactly the same version and ZIP file.
> The iSEC team reviewed the TrueCrypt 7.1a source code, which is publicly available as a zip archive (“truecrypt 7.1a source.zip”) at http://www.truecrypt.org/downloads2. The SHA1 hash of the reviewed zip archive is 4baa4660bf9369d6eeaeb63426768b74f77afdf2.
The Phase II report (today;s release) claims to be auditing 7.1a, so I assume it's exactly the same version and ZIP file.
Last June, they published "a verified TrueCrypt v. 7.1 source and binary mirror", including file hashes, on GitHub: https://github.com/AuditProject/truecrypt-verified-mirror
I just cloned that repo and inspected the source ZIP; the SHA1 sum matches what they quote in the report.