This project has moved. For the latest updates, please go here.

TrueCrypt: To VeryCrypt security wise enough to convert or better copy to new VeryCrypt volume?

Topics: Technical Issues, Users Discussion
Mar 23, 2015 at 9:16 PM

I just would like to know, if it would be enough - regarding security - to open an old TrueCrypt volume (non system partition) and change e.g. the password (which should convert it to VeryCrypt).

Or would it be better to only mount the old TrueCrypt partition, create a new partition, e.g. on a new disk and copy all data there?
Mar 23, 2015 at 11:36 PM

Converting a TrueCrypt volume by changing should be enough since this will update the header to use a stronger key derivation.
VeraCrypt and TrueCrypt use the same encryption format (XTS) and after the conversion the master key generated by TrueCrypt will be reused by VeraCrypt since it can't be changed.
This master key was generated using TrueCrypt random generator which is the same as VeraCrypt one. The only enhancement done in VeraCrypt is that we ensure that the random generator is seeded correctly before each sensitive operation whereas in TrueCrypt this was done only once.
So, I don't see any reason to create a new partition.

That being said, you should also take into account the age of the hard drive because hard drives are not eternal and they tend to fail. Also, new disks can fail quickly so you should maintain a double backup at least for some time to be sure that the new disk is also reliable.
Mar 24, 2015 at 6:29 AM
Edited Mar 24, 2015 at 6:42 AM
idrassi wrote:
The only enhancement done in VeraCrypt is that we ensure that the random generator is seeded correctly before each >sensitive operation whereas in TrueCrypt this was done only once.
idrassi, what does it mean when you say, "seeded correctly before each sensitive operation"? What do you mean by each operation? We only use the random generator to create keys and volumes. What other operations are there?
Sorry to ask, we're not all technical. It's greatly appreciated that you take the time to answer messages. But some of your responses go way over people's head. I don't mean that to be rude either. But the reality is, we're not all programmers like you, or we would write our own program. That's why we ask.
Mar 24, 2015 at 8:10 AM
I'm sorry for the technical nature of my writing...I try my best to simplify my language but sometimes I fail to do so.

In TrueCrypt, the mouse movement dialog used to seed the random generated was shown only once after your start TrueCrypt. For example, you start TrueCrypt in the morning, you create a volume then the mouse dialog will appear, after few hours you create another volume or you create a keyfile or you change a password but here the mouse dialog doesn't show up, and it will never show up again unless you exit TrueCrypt and start it again.

In VeraCrypt, a change was made to ensure that this mouse movement dialog is shown every-time a sensitive operation needs random numbers (volume creation, keyfile creation, change password, backup volume header, restore volume header). This is important to guarantee the quality of the random in all operations. TrueCrypt didn't provide such guarantee if you made several operations on a row.
Mar 24, 2015 at 10:30 AM
I see now. Great explanation idrassi!

Yes, I remember this behavior very well. I use to wonder why it was not consistent. However I was vigilant about it, I use to always restart before encrypting a new volume or making a key as I had an instinct that something was not right. It's great that you fixed this.

Thanks for the clarification!
Mar 24, 2015 at 6:13 PM
Edited Mar 24, 2015 at 6:14 PM
Thanks for the fast reply.

Regarding backups: already dowing so anyway.

One other question (not directly on topic):
64Bit Windows (8.1, 7) works too without needing to disable driver enforcment checks?

Were there any important changes to the CLI except the flag for TrueCrypt compatibility setting?
Mar 24, 2015 at 9:05 PM
Yes, VeraCrypt works on 64-bit Windows vl (7,8.1,10) without needing any modifications to the system.

I don't understand your last question (CLI??). Are you asking for changes in VeraCrypt compared with TrueCrypt? There are many changes and new features. Do you want a list of all what has been added? The list is long and basically it will the concatenation of all release notes.
Mar 24, 2015 at 10:28 PM
CLI stands for command line interface :)

So basically I mean the command line / parameters.
Mar 24, 2015 at 11:02 PM

No, nothing changed in the command line apart from the addition of /hash switch to choose the PRF and /tc switch for TrueCrypt Mode.

On Windows, the command line offers little functionality compared to Linux/MacOSX counterparts and it is planned to upgrade it to incorporate the full set of features offered by the GUI.
Apr 3, 2015 at 12:19 AM
Hi idrassi
I am new to VeraCrypt but have been using TrueCrypt for years. I have been able to both mount TC volumes and migrate from TC to VC.
VC mounts the TC volumes as fast as TC does so I was wondering, does VC offer any additional security benefit when simply mounting TC volumes or does one have to migrate to get added security?