This project has moved. For the latest updates, please go here.

Auto fall back to TrueCrypt mode

Topics: Feature Requests
Oct 6, 2015 at 10:19 PM
I just switched to VeraCrypt and now have a mix of TrueCrypt and VeraCrypt volumes. I often times forget to click the TrueCrypt checkbox when mounting TrueCrypt volumes.

Would it be possible to have VeraCrypt automatically fall back to mounting in TrueCrypt mode when VeraCrypt mode fails?
Oct 7, 2015 at 2:10 PM
Edited Oct 7, 2015 at 10:14 PM
If Mounir decides to implement this feature, I would like to request that a single message box displays after all mounting operations have been completed to inform the user that some or all of the volume(s ) that were mounted are in TrueCrypt mode only when the user did not explicitly select the TrueCrypt Mode checkbox during the mounting operations.

There are two reasons for my request.
  1. Users will forget that their volumes are still TrueCrypt and are not VeraCrypt volumes if the program automatically switches to TrueCrypt mode to successfully mount the volumes. This leads to a security vulnerability due to the low number of iterations performed for TrueCrypt volumes and possibly using the depreciated RIPEMD-160 hash.
  2. I personally had interactions with a forum user that was experiencing failure to mount issues who said that their volumes were converted from TrueCrypt to VeraCrypt when it turned-out that the volumes were still TrueCrypt volumes. Wasting a lot of time trying to troubleshoot an issue.
Personally, I think VeraCrypt project should remove the ability for mounting TrueCrypt 6.0 or higher version volumes to reduce the code complexity, the impact on Mounir's limited availability spent on coding and testing along with time consuming support. Users can either use the convert feature within VeraCrypt or continue using the TrueCrypt program. In my opinion, it is not feasible to continue supporting TrueCrypt within VeraCrypt and the constant requests for TrueCrypt enhancements and bug fixes has created a unneeded burden. :-)
Oct 7, 2015 at 5:04 PM
Agree with Enigma2Illusion's last paragraph. It's time to drop all the TrueCrypt support and focus on VeraCrypt work instead.
Oct 7, 2015 at 10:30 PM
Edited Oct 7, 2015 at 10:30 PM
I would disagree about removing TrueCrypt mounting... At least for the time being.

I think VeraCrypt needs to actually attract TrueCrypt users to come over and try the software, not make it harder for them to switch over. If you remove the ability to mount TrueCrypt, then they would just procrastinate and not switch in the first place. I did that -- TrueCrypt worked just fine for me, and I didn't have some huge secret that I'm keeping anyway, so I stayed.

If you want to warn the users, then make it into an option that the user needs to explicitly enable:

"[X] Fall back to TrueCrypt mounting. <WARNING HERE>"

You know, reason #2 probably didn't have to happen if there was an option like this. ;)

And is it really that complex to keep TrueCrypt mounting? I thought it was pretty much the same, but just lower iteration count?
Oct 7, 2015 at 11:39 PM
Edited Oct 8, 2015 at 3:34 AM
Hello katkat,
And is it really that complex to keep TrueCrypt mounting? I thought it was pretty much the same, but just lower iteration count?
.
If people only wanted to manually mount TrueCrypt volumes to tryout VeraCrpypt, then it would have been less intrusive to the VeraCrypt code. However, people wanted to be able to mount TrueCrypt volumes from Favorites and System Favorites. Support mounting TrueCrypt system partition. Enhance the GUI display to show the volume is mounted in TrueCrypt mode. One bug that occurred when SHA-256 replaced the deprecated RIPEMD-160 in VeraCrypt allowed for invalid selection for TrueCrypt Mode.

Hence my statement that you have one developer with a very finite amount of time to work on the source code after working his day job and family life to implement needed features to improve VeraCrypt like UEFI/GPT booting and converting the bootloader from 16-bit to 32/64 bit bootloader which is not a trivial task to speed-up system encryption password verification.. I would prefer that Mounir not spend his limited time enhancing, bug fixing and troubleshooting support issues for TrueCrypt Mode.

I do not believe it is necessary to integrate mounting TrueCrypt in VeraCrypt for people to evaluate VeraCrypt. For example, I install trial software to see if it meets my needs before purchasing the software.

You can install VeraCrypt on your system along with TrueCrypt to evaluate VeraCrypt by testing with a small VeraCrypt file container to try out the various features of VeraCrypt. If you decide to switch to VeraCrypt, you can use the VeraCrypt conversion from TrueCrypt volumes without hidden volumes that were created with 6.0 or higher versions without having to recreate your TrueCrypt volumes.

https://veracrypt.codeplex.com/wikipage?title=Converting%20TrueCrypt%20volumes%20and%20partitions

Kind Regards.
Oct 8, 2015 at 6:05 PM
Edited Oct 8, 2015 at 6:05 PM
I think having this flexibility is necessary in the short term. As far as I can see from the source code the additional code needed to support TrueCrypt is quite small. At some point I do expect the need for this backward compatibility to diminish but we are not there yet.
Oct 8, 2015 at 8:02 PM
Edited Oct 8, 2015 at 8:29 PM
Hello David,

Can you expand on your answers to help Mounir see both sides of the debate more clearly?
.
I think having this flexibility is necessary in the short term.
.
Please explain in more detail. What is gained by this flexibility versus users trying VeraCrypt using test file containers? I would think that users would not want to try another encryption software by risking their existing TrueCrypt volumes by mounting them with the new software.
.
As far as I can see from the source code the additional code needed to support TrueCrypt is quite small.
.
However, we do not know how much work effort went into making the TrueCrypt Mode code changes. With a million plus lines of code, it is knowing all the ramifications and dependencies within the code to not break functionality or introduce new bugs. I would think making changes requires careful analysis along with testing which consumes Mounir's limited time for working on VeraCrypt.

.
At some point I do expect the need for this backward compatibility to diminish but we are not there yet.
.
There are no metrics to measure the number of users that switched from TrueCrypt to VeraCrypt since it is unknown what is the total number of TrueCrypt users.

What metric are you proposing to use to consider removing the mounting of TrueCrypt volumes from within VeraCrypt along with enhancement requests like this one from katkat as being met?

Kind Regards.
Oct 11, 2015 at 2:00 PM
I also think TC has to be dropped.... if one wants to migrate from TC to VC (for volumes) the best option is to create brand new VC volume, then open the VC and TC volume simultaneously and copy all his files from TC to VC..... then close the TC volume and start working with the VC volume for awhile..... If everything goes well, in some time, say a month.... the old TC volume can be deleted and TC program uninstalled from the computer.... From that moment on, only VC should be used ad thats it....
Oct 11, 2015 at 2:17 PM
Sometimes you need to move files on physical media (USB memory, portable Hard Drive) from one site to another. In a commercial environment one site (the client) may have a policy that only allows them to install/use TrueCrypt, while the other site (the supplier) may allow use of VeraCrypt (I have clients who insist I deliver everything I supply to them in TrueCrypt'ed containers stored on CDRs).

In such cases having a TrueCrypt mode is very useful. It will take some time for VeraCrypt to become more widely accepted before such sites can be upgraded to use VeraCrypt. In the meantime the TrueCrypt mode has a job to do.

Of course, if you are just using VeraCrypt on a PC as a security/privacy tool there is no need for the TrueCrypt mode and you could just upgrade to VeraCrypt volumes in the manner you have described.
Oct 11, 2015 at 2:42 PM
Edited Oct 11, 2015 at 2:42 PM
Totally agree with davidbe3. I've got the same issue. And I am sure, we are not the only ones.

We should take into account that TrueCrypt existed many years and gained a very good reputation and a lot of users (and is still being widely used in companies and by individuals, as I can see from my work and conversations with many people).
Moreover, VeraCrypt is based on TC code. And as I see it, this fact adds some moral obligation to the case too.

Therefore, I believe maximum support on TrueCrypt must be continued. Despite the difficulties.
Oct 11, 2015 at 3:10 PM
For commercial uses, companies will not convert to VeraCrypt from TrueCrypt unless it saves them money or a major flaw is discovered in TrueCrypt that is fixed in VeraCrypt that would prompt a company to secure their data with VeraCrypt. Otherwise, TrueCrypt is good enough and not worth wasting hourly wages to convert.

As an example, many large companies are unwilling to upgrade to Windows 8.x or Window 10 due to Windows 7 works perfectly to avoid the additional cost of migration, application upgrades and user training for the new interface is not worth the cost.
Oct 11, 2015 at 4:20 PM
Well my own company is converting to VeraCrypt for commercial use. The recent found elevation vulnerabilities in TrueCrypt were deemed a "major" enough flaw. Lots of my clients won't convert for a while yet. Cost obviously comes into this. But they have their own stakeholders/clients who demand they use TrueCrypt containers for off-site storage (anything that might go in a bag and get lost or stolen). The community needs to spread the word that VeraCrypt is a credible alternative to educate the decision makers and it will take time.

If VeraCrypt loses its compatibility to read/write TrueCrypt containers I would have to install TrueCrypt 7.1a alongside it (exposing my machines to the vulnerability unless I patch it for myself and compile from source).
Oct 11, 2015 at 4:21 PM
Edited Oct 11, 2015 at 4:21 PM
Enigma2Illusion wrote:
For commercial uses, companies will not convert to VeraCrypt from TrueCrypt unless it saves them money or a major flaw is discovered in TrueCrypt that is fixed in VeraCrypt that would prompt a company to secure their data with VeraCrypt. Otherwise, TrueCrypt is good enough and not worth wasting hourly wages to convert.
This is exactly the case now. A major flaw has been found in TrueCrypt and Veracrypt has hopefully fixed it :)

As for myself, i am STILL using TC and do NOT use VC... still i am advocating complete removal of TC as VC will be the one that will work for everybody in the future.... TC is legacy
Nov 9, 2015 at 11:21 PM
I'm using my Truecrypt volume files with Veracrypt with no issues. Just remember to tick the box when entering a password.

the lifespan of security software is obviously different from other apps, I think everyone should move to the new standard. Mounir has done sterling work with keeping the spirit of Truecrypt into the new product.

There are flaws in TC discovered, I don't think they are massively serious.

Build your volumes with a Truecrypt in a portable fashion if you need the quick mounting performance but use the latest Veracrypt client itself to mount them.
Nov 10, 2015 at 3:10 PM
YosefM wrote:
There are flaws in TC discovered, I don't think they are massively serious.
.
The recent TrueCrypt/VeraCrypt driver security issue is very serious. The two vulnerabilities are exploits of the TrueCrypt and VeraCrypt respective driver. No impact to the hash and encryption algorithms.

Upgrade to 1.16 version or higher version when released to prevent the exploits and deinstall TrueCrypt software.

Mounir provided his explanations in the article for CVE-2015-7358 (critical) and CVE-2015-7359.

https://threatpost.com/veracrypt-patched-against-two-critical-truecrypt-flaws/114833/