VeraCrypt project is hosted on Sourceforge (https://sourceforge.net/p/veracrypt
), Github (https://github.com/veracrypt/VeraCrypt
and Codeplex. The main git repository is Sourceforge. I choose Codeplex because it was the one that offers the easiest interface for editing a documentation.
I know there is a type of users that are suspicious of anything touched by Microsoft but one must remain realistic: the code integrity is handled through different mirros not only Codeplex. Binaries are mirrored through different mirrors and their checksums
and PGP signatures are published and copied over different sources: Pastbin (http://pastebin.com/u/veracrypt
) and Reddit (https://www.reddit.com/user/veracrypt
I have already asked for any hosting proposal that gives guarantees about security and availability. All proposals are welcomed. Nevertheless, I see no reason why not use any freely available hosting service while having the control of the integrity of the
Since the beginning of the project, I was asking for contributions and for collaborations. For now, apart from few patches that were not included because of quality issues, I didn't receive any proposal for collaboration. I reiterate my statement that VeraCrypt
is an open source project open to everybody. There many features that are waiting for skilled people to implement (like GPT/UEFI support). So spread the word.
As for my own credentials, my LinkedIn profile is open for professionals who would like to connect and share information about my background. As you can imagine, I will not spill my private life on the internet but I can give here a public statement that I
don't and have never worked for any government agency. Before starting my consulting business, I was employed by a smart card manufacturer. Smart card professionals, especially in France, knows me and some of my contributions in this field are publicly available.
For example, for several years, I was the only one proving a patch for a Microsoft dll in order to help Smart Card developpers test their CSP dlls on Windows without the need of requesting a signature from Microsoft. You can type "advapi32 patch"
in Google and you'll see the results pointing to my work.
Also, I was the first to implement Smart Card support in WINE (the Windows emulator) through the implementation of a pcsclite based winscard.dll for Linux and MacOSX. As of today, I'm still the only source for a 100% working winscard implementation on Linux.
With the latest revelations about US activities, I understand the need for people to scrutinize the people behind security related project. We need to be as transparent as possible without falling into voyeurism. Personnaly, I decide to put my reputation at
stake by going public about VeraCrypt since 2013, at a time when no body cared about TrueCrypt weaknesses. My motivation behind veraCrypt remains the same and it is not related to any shadowy organization or quest for profit, but rather the simple wish to
provide users with something useful and secure in the most transparent way.