![]() TrueCrypt and VeraCrypt do not store the information about the cascade, and once the encrypted volume is to be mounted, they search for the right cascade. Unlike Bitlocker encryption, TrueCrypt/VeraCrypt may encrypt their containers and volumes with multiple encryption keys (cascade encryption) applying the encryption types one by one. That's what I use and will continue to use until I have to change encryption algos when time dictates to do so.VeraCrypt and the former TrueCrypt are two of the most challenging types of encryption to bypass with regard to their popularity as full disk encryption software. If building for a Mac, use your own copy of nasm instead of the one included or download it yourself from its web page. Summing up, it's not that hard to audit using the above mentioned patch set.īest practice dictates you use the verifiable TrueCrypt 7.1a distro, and download your own PKCS11 headers from RSA. I was going to add support for TrueCrypt containers, but decided against it since I personally think the format change is an advantage. The stream cipher is nice to use in the middle of a cascade such as Serpent, Keccak (SHA3), then AES. hc, better packaging options for distribution, etc.Īfter applying the reduced patch set, I added Keccak to the mix for encryption and hashing. Besides the aforementioned iteration count, the other notable changes are NTFS support, upgraded WxWidgit support, volume format change, and inclusion of RSA's PKCS11 headers. VeraCrypt uses SHA256, which is better than SHA512 because of the key schedule. If you do a diff on TrueCrypt and VeraCrypt, remove all of the name change and version code, you are left with a reasonable size patch to look at. Also, if you are the VeraCrypt dev, the trust argument doesn't apply (because you trust yourself). This answer may change after they publish new results from the audit. So I can download a copy of TrueCrypt 7.1a from any source and verify its authenticity) (I downloaded the public key of TrueCrypt admin years before the scandal. If you chose a 64-char random password, 1 million years of brute forcing or 10 million years is the same from a security stand point. The increase in iterations to mitigate brute force attacks only affects performance. Unless I personally watch VeraCrypt source code diffs, it would require an audit on the changes, or a high increase in popularity, or many years of maintenance and active community to make me trust them more than the good old TrueCrypt. ![]() An audited TrueCrypt with the vulnerabilities fixed would be the perfect choice. I consider that TrueCrypt 7.1a have all the features I need. Since VeraCrypt is currently less popular than TrueCrypt, there are 'less eyes' watching at the VeraCrypt source code changes. If VeraCrypt start changing TrueCrypt fast, they may introduce a few vulnerabilities. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors. The TrueCrypt audit finished on April 2, 2015. I would still choose TrueCrypt for a matter of trust and the "many eyes" theory:Īfter the "TrueCrypt scandal" everyone started looking at the source for backdoors. But with that being said, I would also choose to go with the older option if it is actually better than the newer options. I'm not on the "TrueCrypt is dead" bandwagon, I am just in trying to be progressive, so I would choose a newer "better" option if it is available. That sounds nice and all, but.ĭoes anyone have real world experience using Veracrypt and is it as good as advertised? How does it compare to TrueCrypt?ĭoes anyone have a security reason why they would choose TrueCrypt over VeraCrypt? Any reasons at all why TrueCrypt is preferable to you? I know what VeraCrypt claims, I know they say they do more hash iterations of the password to derive the encryption keys. The one more interesting to me is VeraCrypt, and from the research I have done, this looks like the "more secure" option. There is a lot of talk about "TrueCrypt is dead" and it seems there are two forks out there now gaining momentum. ![]() It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa. I am looking to encrypt a few drives of mine, and my ONLY interest is security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |