I was going to switch from Truecrypt to Veracrypt but now I'm not so sure.

Topics: Feature Requests, Technical Issues, Users Discussion
Sep 29, 2015 at 7:16 PM
Edited Sep 29, 2015 at 7:30 PM
For one, if I'm only upgrading for the local security vulnerabilities. Aren't there likely at least a few dozen other Windows or driver vulnerabilities that would allow an attacker to get administrator from an unprivileged account? Isn't trying to fix local security in Windows like trying to plug swiss cheese?

When I see stuff like this in the changelog I start to get worried, REAL worried:

1.13 (August 9th, 2015):
Windows:
    Solve TOR crashing when run from a VeraCrypt volume. 

How does this even happen? What about all the other applications and games that I play? What if Veracrypt breaks them? Also reading about people having crashes when dismounting volumes and etc.

Someone try to convince me otherwise, but I think I'm just going to keep truecrypt and hope maybe someone releases a truecrypt with only those vulnerabilities patched as the encryption seems "good enough".

Plus I'm running an encrypted system drive which I assume I'll have to decrypt and re-encrypt with veracrypt. The fact they had to add truecrypt container support later also makes me wonder how much this is really based off of truecrypt and what all they changed.

Seems strange that something based on truecrypt can't even mount truecrypt volumes until later releases, and also I'm assuming still no support for truecrypt system volumes.
Sep 29, 2015 at 8:38 PM
Concerning your first statement, no encryption program can protect you from a compromised system or any flaws in the OS that creates a security hole.

As with any software that is undergoing many changes, there are going to be unexpected bugs that are not discovered in the beta testing released to the users for testing. As noted, the BSOD issues were due to outdated software drivers. Examples:

https://veracrypt.codeplex.com/discussions/644830
https://veracrypt.codeplex.com/discussions/645378

The TOR issue was due to TOR not properly checking for error codes. Skip to the bottom of the link below to read the developer's comments.

https://veracrypt.codeplex.com/discussions/642465

Currently, there are only two code forks from TrueCrypt. CipherShed is performing a total rewrite of the code and there is no ETA of when they will release version 1.0. VeraCrypt is the other code fork.

To switch from TrueCrypt system encryption to VeraCrypt system encryption, you will need to decrypt using TrueCrypt and encrypt the system drive/partition with VeraCrypt.

The mounting and conversion of TrueCrypt 6.0 or higher versions for the non-system TrueCrypt volumes to VeraCrypt is limited by the format change made within TrueCrypt 6.0 version.

https://en.wikipedia.org/wiki/TrueCrypt_release_history
Sep 29, 2015 at 8:55 PM
In VeraCrypt I only use encrypted volumes. I use Windows during work and I use Linux at home and at times a MacBook. I have had no problems with encrypted volumes. I can open them in OSx, Windows, and Linux. I do have some truecrypt volumes on a couple of external drives and I am able to open, read, and write to them using the (Veracrypt)truecrypt mode.
Sep 29, 2015 at 9:57 PM
Well I'll test it out on my laptop first. :-)

Also, I wish this would just work with an existing TC system encrypted disk, oh well. Decrypting and re-encrypting pretty much ties up the PC for hours and hours.

Thanks for the responses. Feel more secure using VeraCrypt now.
Sep 29, 2015 at 10:15 PM
Be aware that VeraCrypt uses a much higher iteration count for the hash algorithms versus TrueCrypt. This affects the wait time for mounting a volume.

If the wait time is too long for you and your threat model, you can adjust the PIM by using a password of 20 or more characters to adjust the PIM to a lower value to reduce the wait time for mounting.

https://veracrypt.codeplex.com/wikipage?title=Personal%20Iterations%20Multiplier%20%28PIM%29
Oct 1, 2015 at 6:03 PM
From the documentation the advantages of switching from truecrypt file format to veracrypt file format are not clear to me.
I think it would help to have a brief part describing the migration and reasons why one should do so.

Thanks! And great work - many others will just be so grateful!
Oct 1, 2015 at 6:17 PM
Agreed.

Also you can review the release notes to review the features and security enhancements made by Mounir.

https://veracrypt.codeplex.com/wikipage?title=Release%20Notes
Oct 2, 2015 at 12:02 PM
Truecrypt is like Windows XP - flawless, but old and unsupported, outdated....
Veracrypt is like Windows 7 - almost flawless and updated/supported :)

Bitlocker is like Windows 10 - updated and supported with free backups to gov servers LOL


guess who is Windows 8?