I am looking to encrypt a few drives of mine, and my ONLY interest is security. It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa.There is a lot of talk about 'TrueCrypt is dead' and it seems there are two forks out there now gaining momentum. The one more interesting to me is VeraCrypt, and from the research I have done, this looks like the 'more secure' option. But is that so?That is why I am asking you all here. I know what VeraCrypt claims, I know they say they do more hash iterations of the password to derive the encryption keys. That sounds nice and all, but.Does anyone have real world experience using Veracrypt and is it as good as advertised? How does it compare to TrueCrypt?Does anyone have a security reason why they would choose TrueCrypt over VeraCrypt?
Any reasons at all why TrueCrypt is preferable to you?I'm not on the 'TrueCrypt is dead' bandwagon, I am just in trying to be progressive, so I would choose a newer 'better' option if it is available. But with that being said, I would also choose to go with the older option if it is actually better than the newer options. Your thoughts? I use Linux platforms.
It doesn't need to be compatible with Windows or Mac, just as long as it works on a generic linux distro. My only requirements are stability and security. I want it to take years to brute force the encrypted volume, but at the same time, in years from now I don't want any surprise corruption that renders hundreds of gigs of irreplaceable data useless. If I lose the password/keyfile, that is one thing, I just don't want the drive to be bricked one day without a sound reason.–Nov 3 '14 at 22:05. I would still choose TrueCrypt for a matter of trust and the 'many eyes' theory:.After the 'TrueCrypt scandal' everyone started looking at the source for backdoors.The TrueCrypt finished on April 2, 2015. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors.If VeraCrypt start changing TrueCrypt fast, they may introduce a few vulnerabilities.
Since VeraCrypt is currently less popular than TrueCrypt, there are 'less eyes' watching at the VeraCrypt source code changes.I consider that TrueCrypt 7.1a have all the features I need. An audited TrueCrypt with the vulnerabilities fixed would be the perfect choice. Unless I personally watch VeraCrypt source code diffs, it would require an audit on the changes, or a high increase in popularity, or many years of maintenance and active community to make me trust them more than the good old TrueCrypt.The increase in iterations to mitigate brute force attacks only affects performance. If you chose a 64-char random password, 1 million years of brute forcing or 10 million years is the same from a security stand point.(I downloaded the public key of TrueCrypt admin years before the scandal. So I can download a copy of TrueCrypt 7.1a from any source and verify its authenticity)This answer may change after they publish new results from the audit. Also, if you are the VeraCrypt dev, the trust argument doesn't apply (because you trust yourself). The source or binaries from everywhere.
Passware Memory Analysis
It doesn't matter as long as they are signed. The public key is other story. I have it since 2010 so I know the fingerprint is C5F4BAC4A7B22DB8B8F85538E3BA73CAF0D6B1E0. But you should get the public key from websites or people you trust, or sites that date before May 28, 2014.
I personally trust archive.org but they didn't archive truecrypt website (because of robots.txt). I also trust marc.info (a mailing list archive) so I get the last bytes of the fingerprint: 'F0D6B1E0'. Who do you trust?–Nov 22 '14 at 20:30. Use VeraCrypt.As of September 26th 2015, google's security researchers found a couple of vulnerabilities that affect TrueCrypt 7.1a and VeraCrypt 1.14they are CVE-2015-7358 and CVE-2015-7359On September 26th, 2015 VeraCrypt released 1.15 which fixes those vulnerabilities.On October 17th, 2016, VeraCrypt's audit by the QuarksLab has been completed and as a result, VeraCrypt version 1.19 has been released to address vulnerabilities found.Sources:.Edit: added the October 17th, 2016 QuarksLab audit info.
If you do a diff on TrueCrypt and VeraCrypt, remove all of the name change and version code, you are left with a reasonable size patch to look at. VeraCrypt uses SHA256, which is better than SHA512 because of the key schedule.
How To Crack Truecrypt Bootloader Free
Besides the aforementioned iteration count, the other notable changes are NTFS support, upgraded WxWidgit support, volume format change, and inclusion of RSA's PKCS11 headers. Minor changes are things like changing.tc files to.hc, better packaging options for distribution, etc.After applying the reduced patch set, I added Keccak to the mix for encryption and hashing. The stream cipher is nice to use in the middle of a cascade such as Serpent, Keccak (SHA3), then AES.I was going to add support for TrueCrypt containers, but decided against it since I personally think the format change is an advantage.Summing up, it's not that hard to audit using the above mentioned patch set.Best practice dictates you use the verifiable TrueCrypt 7.1a distro, and download your own PKCS11 headers from RSA. If building for a Mac, use your own copy of nasm instead of the one included or download it yourself from its web page.That's what I use and will continue to use until I have to change encryption algos when time dictates to do so. I have been using TrueCrypt for years on Linux and Windows systems and was quite happy with it.
Recently, I upgraded my Linux PCs to Ubuntu 16.04 and thought it would be the right moment to switch from TrueCrypt to VeraCrypt. I went ahead and converted TrueCrypt containers into VeraCrypt containers by simply changing the password as indicated in the documentation.
Decrypt Truecrypt File
I did it especially for an internal 1Tb hard disk drive formatted in two 500 Mb partitions. It appeared that whereas TrueCrypt decrypting of my partitions was previously performed within seconds, VeraCrypt decrypting now requires 4 minutes for each partition. This is unacceptable for me because I have to wait 8-9 minutes for my PC to be up and running in the morning. I therefore consider to switch back to TrueCrypt, which -all things considered- looks like a good trade-off between improved security and convenience.
Is a popular on-the-fly encryption for Windows - it is also available for Mac OS X and Linux. It's now recommended to use instead. It can create a file-hosted container or write a partition which consists of an encrypted volume with its own file system (contained within a regular file) which can then be mounted as if it were a real disk. TrueCrypt also supports device-hosted volumes, which can be created on either an individual partition or an entire disk. Because presence of a TrueCrypt volume can not be verified without the password, disk and filesystems utilities may report the filesystem as unformatted or corrupted that may lead to data loss after incorrect user intervention or automatic 'repair'. Contents.Corrupted Standard Volume headerThe standard volume header uses the first 512 bytes of the TrueCrypt container. It contains the master keys needed to decrypt the volume.