Veracrypt Vs Truecrypt - Which One’s Better And Why?

2.8K    Asked by Ankesh Kumar in SQL Server , Asked on Dec 1, 2021

I am trying to encrypt a few drives of mine, and my ONLY interest is security. It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa.


There is a lot of talk about "TrueCrypt is dead" and it seems there are two forks out there now gaining momentum. The one more interesting to me is VeraCrypt, and from the research, I have done, this looks like the "more secure" option. But is that so?

This is the reason why i am asking you all here. I know aware of what VeraCrypt claims, I know they say they do more hash iterations of the password to derive the encryption keys. That sounds nice and all, but...

Does anyone have real-world experience using Veracrypt and is it as good as advertised? How do you compare veracrypt vs truecrypt?

Does anyone have a security reason why they would choose TrueCrypt while comparing veracrypt vs Truecrypt? Any reasons at all why TrueCrypt is preferable to you?


I'm not on the "TrueCrypt is dead" bandwagon, I am just in trying to be progressive, so I would choose a newer "better" option if it is available. But with that being said, I would also choose to go with the older option if it is actually better than the newer options. Your thoughts?


Answered by Anisha Dalal

I would still choose TrueCrypt between ‘veracrypt vs truecrypt’ for a matter of trust and the "many eyes" theory: After the "TrueCrypt scandal" everyone started looking at the source for backdoors. The TrueCrypt audit finished on April 2, 2015. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors. If VeraCrypt start changing TrueCrypt fast, they may introduce a few vulnerabilities. Since VeraCrypt is currently less popular than TrueCrypt, there are 'less eyes' watching at the VeraCrypt source code changes.

I consider that TrueCrypt 7.1a have all the features I need. An audited TrueCrypt with the vulnerabilities fixed would be the perfect choice. Unless I personally watch VeraCrypt source code diffs, it would require an audit on the changes, or a high increase in popularity, or many years of maintenance and active community to make me trust them more than the good old TrueCrypt. The increase in iterations to mitigate brute force attacks only affects performance. If you chose a 64-char random password, 1 million years of brute forcing or 10 million years is the same from a security stand point. (I downloaded the public key of TrueCrypt admin years before the scandal. So I can download a copy of TrueCrypt 7.1a from any source and verify its authenticity). VeraCrypt vs TrueCrypt VeraCrypt is much more secure than TrueCrypt. TrueCrypt is no longer being maintained and IIRC has known vulnerabilities. VeraCrypt on the other hand is actively being maintained and has been audited by reputable third parties.



Your Answer

Interviews

Parent Categories