Can Veracrypt mount old TrueCrypt volumes?

Topics: Technical Issues, Users Discussion
Nov 13, 2014 at 8:21 PM
Can Veracrypt mount old TrueCrypt volumes? And, if so, can it do a re-encryption of those volumes so that the stronger/better Veracrypt encryption is used?

Thanks.
Nov 13, 2014 at 8:24 PM
Oops - my bad. I just saw the line in the product description that says that the product is not compatible with TC. Sorry for the unnecessary inquiry.
Coordinator
Jan 7, 2015 at 10:13 AM
Starting from version 1.0f, VeraCrypt can mount TrueCrypt volumes.
Jan 8, 2015 at 6:30 AM
Dear Mounir,

Just to get things clear. I want to test VeraCrypt for a month or so before making the jump.
So, for now, I want to keep my file containers in TrueCrypt format.

1.
If I uninstall TrueCrypt and install VeraCrypt to use with my existing containers, nothing will change at the security level?

2.
Is there any advantage to using VeraCrypt other than security, like bugfixes and features I would still benefit from?

With kind regards,

Sander Bouwhuis
The Netherlands

PS
I hope the high visibility of this project will propel your reputation (and therefore your company!) to higher levels.
Coordinator
Jan 8, 2015 at 10:07 AM
Edited Jan 8, 2015 at 10:07 AM
Hi Sander,

Thank you for your kind words and a big hello to the Netherlands.
  1. Installing VeraCrypt in place of TrueCrypt will not change the security level of your existing containers but at the same time you'll benefit from the fixes of TrueCrypt issues that have been implemented in VeraCrypt.
  2. As explained above, VeraCrypt solved many issues and vulnerabilities discovered so far in the TrueCrypt code, either by Open Crypt Audit project, static code analysis tools or by myself. Also, many features were added to VeraCrypt compared to TrueCrypt like the introducing of SHA-256 algorithm, the possibility to generate any number of random keyfiles with any size (TrueCrypt only generated single 64 bytes keyfiles), the display of the random gathering dialog everytime we need random for sensitive operations (TrueCrypt displayed this dialog only once during runtime),
Don't hesitate to give any feedback about your testings.
Jan 13, 2015 at 6:07 AM
To be honest, I'm very scared of (new) bugs. I'm really dependent on not only the security, but definitely also the proper working of VeraCrypt. I do have backups, but we're talking about terabytes of data in containers at risk.

How mature is VeraCrypt? Please be brutally honest. I prefer waiting a couple of months if there is any risk of failure. Also, do you expect the containers or headers to change in a way that would require another conversion?
Coordinator
Jan 14, 2015 at 12:09 PM
I understand your concerns but VeraCrypt is built upon the stable TrueCrypt code for volume and data handling, and VeraCrypt didn't change any critical part in this. You should expect the same stability as TrueCrypt for the handling of your data.
The modifications done in VeraCrypt involved correcting the issues found in TrueCrypt and hardening key derivation which only affects the mounting of volumes. The SHA-256 algorithm for key derivation is new compared to TrueCrypt and it has been tested properly but if you don't trust its stability, you can stick with the other algorithms inherited from TrueCrypt (SHA-512, Whirlpool). The other features added don't affect the handling of data stored in volumes.

There is change planned for the storage format or volume headers. And even if there is a change, backward compatibility will be guaranteed and no conversion will be forced. This was the spirit of TrueCrypt and VeraCrypt will continue this way.
Jan 14, 2015 at 1:06 PM
Edited Jan 14, 2015 at 1:09 PM
SHBouwhuis wrote:
To be honest, I'm very scared of (new) bugs. I'm really dependent on not only the security, but definitely also the proper working of VeraCrypt. I do have backups, but we're talking about terabytes of data in containers at risk.

How mature is VeraCrypt? Please be brutally honest. I prefer waiting a couple of months if there is any risk of failure. Also, do you expect the containers or headers to change in a way that would require another conversion?
.
Hi SHBouwhuis and welcome to the forum.

I shared your fears when I first took a look at VeraCrypt. However over time I have become more convinced of it's superiority over all other options.

I also have many terabytes of data encrypted with VeraCrypt.

I have been accused many times on this forum of being paranoid, so I guess this actually makes me qualified to answer your question better than most others here. :)

All I can say is I personally trust VeraCrypt. There isn't anything as "special" and more importantly there are no compromises. VeraCrypt does not appeal to the masses, general public and people using encryption to hide their files from their family members.

However it is popular with those who understand serious threat models and require security even at the expense of convenience.

Mounir was probably too modest to mention this, but one of the main concerns with encryption products is those who are writing and supporting it are competent and honourable.

We have recently witnessed Mounir's ability to reject calls from a few vocal members to introduce a feature to weaken the iterations. Many developers seek popularity and will compromise their products in an attempt to gain it.

Mounir has clearly demonstrated the security of VeraCrypt is more important to him than popularity.

In my opinion VeraCrypt is a pro's choice, it is the standard to which other products are judged. If your threat model is high enough then you can find sanctuary within VeraCrypt's containers. If speed and convenience is more important to you then there are many other products available.

Note:

Just to make it clear "speed" refers to the boot time of a WDE. Once booted VeraCrypt is as fast as any other encryption product.
Jan 14, 2015 at 1:18 PM
Thanks for the info. I'll first test with a single small container that I backup daily. That way, any loss will be relatively benign.

I seem to recall reading somewhere VeraCrypt can't be installed along side TrueCrypt. Is that true?
Jan 14, 2015 at 3:13 PM
I am currently running them both side by side in Win7 with no issues.
Jan 24, 2015 at 9:21 AM
Hi all,

I just installed VeraCrypt as well and wanted to convert my current TrueCrypt System Volume to VeryCrypt.
However for me this doesn't work. When I try to use 'Change Password' or 'Set Header Key Derivation Alghorithm' and select TrueCrypt Mode it says 'Incorrect password or not a VeraCrypt volume.

I'm using TrueCrypt 7.1a and VeraCrypt 1.0f-1
Screenshot:
Image
Coordinator
Jan 24, 2015 at 10:16 AM
Currently, the conversion of TrueCrypt system partitions is not implemented. Only TrueCrypt containers and non-system partitions are supported.
Hopefully, this will be implemented in the next version if all technical difficulties are overcome.
Jan 24, 2015 at 10:57 AM
Ah, all right. Thank you. :)
Jan 31, 2015 at 11:34 PM
Created issue for tracking purposes.

https://veracrypt.codeplex.com/workitem/84
Mar 11, 2015 at 12:04 AM
idrassi wrote:
Currently, the conversion of TrueCrypt system partitions is not implemented. Only TrueCrypt containers and non-system partitions are supported.
Hopefully, this will be implemented in the next version if all technical difficulties are overcome.
As a workaround though, you could just create a 2nd container and move files from the unencrypted TC container into the new container, right? Provided you have the harddrive space.
Coordinator
Mar 11, 2015 at 8:03 AM
Actually, the question was about Windows system encryption which means encrypting the whole Windows system. The user was asking how to convert his encrypted Windows system to VeraCrypt without decrypting first and the re-encrypting using VeraCrypt.

Currently, VeraCrypt supports only converting non-system partitions and file containers. Conversion of Windows system partitions is planned.