Could VeraCrypt become the next TrueCrypt?

veracrypt
Martin Brinkmann
Jun 8, 2014
Updated • Sep 14, 2018
Security
|
16

VeraCrypt is an encryption software that is a fork of TrueCrypt. What is meant by that is that it is based on TrueCrypt source without being a mere clone of the program.

Since it is based on the popular application, it offers pretty much the same feature set that TrueCrypt makes available. This includes creating encrypted containers on hard drives and encrypting entire partitions or drives including the system partition.

According to IDRIX, the company behind VeraCrypt, it adds security enhancements to the algorithm that "makes it immune to new developments in brute-force attacks".

For example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

The downside to those changes is that it takes longer to open (read mount) encrypted partitions. The actual performance of mounted drives is however not affected by this.

Another downside is that the storage format is not compatible with TrueCrypt's storage format which means that you will still have to find a way to convert TrueCrypt partitions to VeraCrypt format.

The stop of TrueCrypt development affects VeraCrypt. Since it is based on TrueCrypt source,it is now up to IDRIX to continue development of the application. Previously, the company could use new features introduced by the TrueCrypt team which is not an option anymore at the time of writing.

The "TrueCrypt is insecure" message may also affect user perception or at least doubt when it comes to VeraCrypt. While the -- ongoing -- audit has not found any major security issues in its first stage, it may still keep some users from giving VeraCrypt a true, considering that it is based on the same source as TrueCrypt.

Mounir Idrassi, IDRIX founder and developer behind VeraCrypt on the other hand does not seem devastated by TrueCrypt's end of life statement. Quite the contrary; he told us that he had big plans for the application and believes that development could continue more quickly than before.

A Mac OS X and Linux version will be released this summer for instance, and there is development ongoing to implement SHA-2 key derivation for the encryption of system partitions.

Idrassi believes that VeraCrypt will benefit from TrueCrypt's security audit to correct any weaknesses or issues found by the audit. While this may require lots of work, he hopes that other developers may contribute to the VeraCrypt project to speed these things up.

It will be interesting to see how VeraCrypt evolves in the coming months. If things to as planned, it could rise to become a very popular TrueCrypt alternative.

Summary
software image
Author Rating
1star1star1star1stargray
5 based on 2 votes
Software Name
VeraCrypt
Operating System
Windows
Software Category
Security
Landing Page
https://veracrypt.codeplex.com/
Advertisement

Related content

Intel

Microsoft publishes new Registry security mitigation for Intel processors (Spectre)

KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password
Malwarebytes 5

First look at Malwarebytes 5.0
RustDoor malware targets macOS users by posing as a Visual Studio Update

RustDoor malware targets macOS users by posing as a Visual Studio Update
keys

KeePass 2.56 released: options search and history improvements
70 million account credentials were leaked in a massive password dump

70 million account credentials were leaked in a massive password dump

Previous Post: «
Next Post: «

Comments

  1. Jim said on March 12, 2015 at 5:37 am
    Reply

    Anyone hear of Lavabit? Read their story carefully before you start trusting a new encryption software. Let’s face it – the US Government is on an inquisition, out to eliminate any and all personal privacy and data privacy. Witness the FBI free-ranging the entire globe over the last 5 years, yes beloved Obama years, to destroy download sites and TOR. And to take control of the Internet.

    Veracrypt showing up right when the Truecrypt founders just disappear is wierd as hell, and highly suspicious.

    1. Rick said on September 12, 2015 at 7:25 am
      Reply

      Good point, Jim. Those were my exact thoughts.

  2. me said on December 24, 2014 at 2:13 pm
    Reply

    Hi,

    I use Truecrypt 7.1a under Kubuntu.
    I know that TC is no longer being developed and was wondering if I should migrate to Varacrypt or stay with TC?

    Advice please

  3. Man in the winter said on June 23, 2014 at 6:07 am
    Reply

    Hi I agree.We had better to integrate all the compiler into one team on one platform .
    And who build a google talk account (group talk) in order to let us talk about the TC/VC instantly.

  4. mida said on June 14, 2014 at 4:57 pm
    Reply

    i think i know why the new format isnt compatible with this from old truecrypt, but if trucrypt.ch make a second fork of tc than cooks all developers there own little soup. it should be better if developers there want work one fork. combine manpower…

  5. Hawk said on June 12, 2014 at 4:32 pm
    Reply

    Don’t have a portable version?

  6. TheRube said on June 9, 2014 at 10:29 pm
    Reply

    Mr. Brinkmann.

    Thank you for this VC review as I (we) was in eager anticipation of it!

    TR

    1. Martin Brinkmann said on June 9, 2014 at 10:50 pm
      Reply

      You are welcome ;)

  7. Marc F said on June 9, 2014 at 12:04 am
    Reply

    Well, TrueCrypt.ch will also be working on an OSS fork.
    So there’s plenty of choices

  8. steven said on June 8, 2014 at 11:21 pm
    Reply

    https://www.grc.com/misc/truecrypt/truecrypt.htm

    1. Tom Hawack said on June 9, 2014 at 10:16 am
      Reply

      Worth being read, as all Gibson’s articles are.

    2. Pants said on June 9, 2014 at 6:29 am
      Reply

      ^^^ indeed .. and listen to anything Bruce Schneier has to say about it ( https://www.schneier.com/ )

      and for your amusement >> http://www.schneierfacts.com/ :)

  9. Nebulus said on June 8, 2014 at 9:54 pm
    Reply

    Until that TrueCrypt audit will be finished, there are too many questions and very few answers… All we can do now is wait. In other words, if I am willing to trust a TrueCrypt fork, why not continue to use the old TrueCrypt?

    1. sades said on June 9, 2014 at 5:33 am
      Reply

      Conversely if you’re willing to trust TrueCrypt why not use the better supported and more advanced fork?

      1. Wilson said on October 21, 2014 at 5:36 pm
        Reply

        Makes sense.

    2. Martin Brinkmann said on June 8, 2014 at 10:02 pm
      Reply

      Makes sense.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved