This answer may change after they publish new results from the audit. So I can download a copy of TrueCrypt 7.1a from any source and verify its authenticity) (I downloaded the public key of TrueCrypt admin years before the scandal. If you chose a 64-char random password, 1 million years of brute forcing or 10 million years is the same from a security stand point. The increase in iterations to mitigate brute force attacks only affects performance.
TRUECRYPT REPLACEMENT 2016 CODE
Unless I personally watch VeraCrypt source code diffs, it would require an audit on the changes, or a high increase in popularity, or many years of maintenance and active community to make me trust them more than the good old TrueCrypt. An audited TrueCrypt with the vulnerabilities fixed would be the perfect choice. I consider that TrueCrypt 7.1a have all the features I need. Since VeraCrypt is currently less popular than TrueCrypt, there are 'less eyes' watching at the VeraCrypt source code changes. If VeraCrypt start changing TrueCrypt fast, they may introduce a few vulnerabilities. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors. The TrueCrypt audit finished on April 2, 2015. I would still choose TrueCrypt for a matter of trust and the "many eyes" theory:Īfter the "TrueCrypt scandal" everyone started looking at the source for backdoors. But with that being said, I would also choose to go with the older option if it is actually better than the newer options.
I'm not on the "TrueCrypt is dead" bandwagon, I am just in trying to be progressive, so I would choose a newer "better" option if it is available. That sounds nice and all, but.ĭoes anyone have real world experience using Veracrypt and is it as good as advertised? How does it compare to TrueCrypt?ĭoes anyone have a security reason why they would choose TrueCrypt over VeraCrypt? Any reasons at all why TrueCrypt is preferable to you?
TRUECRYPT REPLACEMENT 2016 PASSWORD
I know what VeraCrypt claims, I know they say they do more hash iterations of the password to derive the encryption keys. The one more interesting to me is VeraCrypt, and from the research I have done, this looks like the "more secure" option. There is a lot of talk about "TrueCrypt is dead" and it seems there are two forks out there now gaining momentum. It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa. I am looking to encrypt a few drives of mine, and my ONLY interest is security.
0 kommentar(er)
