Hi, Several alternatives are trying to emerge as TrueCrypt's successor program. Among these VeraCrypt I'd like to know if users consider it a good alternative to TrueCrypt, and why. Thanks
Too slow. Both in creating a container as well as mounting. On my machine it takes 30 seconds just to tell me I chose the wrong hash or entered the wrong password. Not Good.
Well..it's not really quick indeed (I use it on a 8GB RAM i7 machine and on a 16GB RAM i5 machine). I think long time mounting is due to the PBKDF2-RIPEMD160 iterations which are from 500.000 to over 600.000 depending on the type of volume. (Truecrypt had just 2000)
Well of course my laptop IS rather old and I may have exaggerated how many seconds I had to wait, but I don't think hardware is the issue here. With TC, a mucked up password displays a warning almost immediately. VC does not. It just takes way too long. Now I get that VC is out to be a stronger form of TC, but in my current situation VC won't work to my tastes. I've a bad habit of mistyping long passwords.
Yes I use, but I have some concern about dev's attitude. First, regarding hash algorithm, he speaks as if "SHA1 is bad BECAUSE it is broken hash". As some anonymous poster noted, this is not correct, as long as properly implemented only aspect of hash which affects security in this kind of encryption is time to calculate. SHA1's disadvantage is only faster calcuration, but collision or even preimage vulnerability do not affect security of password hashing or key derivation. And...this can look like as if persecution mania... https://veracrypt.codeplex.com/discussions/570937 I have never posted about Veracrypt except some of those Wilders posts and only 1 or 2 positive posts in another forum probably they don't know and can't read, never tried to make VC looks bad nor found someone doing that. Definite advantage of VC is it fixed vuln found in 1st audit and will fix vuln in final audit. As to increased iteration count, it's moot. Sure, it means it's more robust against bruteforce attack, but for those who use 40+ char random password, how much value it has...I don't say no value, but bruteforcing 40+ password is impossible at least for several years (probably much more), and remember, such adversary can attack key directly where hashing doesn't help. But why they disregard serious, yeah, quite BIG performance delay many ppl discussing here? They should make user can choose iteration count rather than hardcode it.
So whats behind Door #3 Luciddream? 142395, Looks like 'FanBoy' behavior. FanBoy behavior is likely more dangerous then performance issues. I agree with you, give the user an option to choose.
Why would you choose other encryption programs over Truecrypt? (Yes, this is a serious question) I'm asking since i use Truecrypt but i really havent read much about security things in the last year or so, can someone enlighten me.
On Windows, there are several advantages to using BitLocker over TrueCrypt. I wrote the following almost a year ago, but I don't see that I ever posted it here. I did post a related message concerning imaging differences in this forum: Windows 8.1 encryption and imaging Moving from TrueCrypt to BitLocker This message is a summary of what I had found out six weeks or so after transitioning from TrueCrypt to BitLocker, which I did back in June shortly after the publication of the discontinuation notice. I just reviewed it and have nothing to change here in November. I've been using TrueCrypt pervasively on all three systems I have and almost a couple dozen system, data, external backup, and thumb drives, so moving to BitLocker was not something I took lightly. While I was not overly concerned that TrueCrypt had suddenly turned into a pumpkin and become unsafe to use, its detrimental effects on VSS, TRIM, drive letters, and so forth had been bugging me for a long time, and the discontinuation notice was the final motivation I needed to look at an alternative. I have both Windows 7 Ultimate and Windows 8 Pro licenses, so I was good to go for BitLocker, which I had never used before now. Here are the advantages I've found to using BitLocker: 1. VSS and TRIM work on all drives, not just the ones in the scope of system encryption, and I don't need to mount fixed data drives as removable devices to avoid errors when using vssadmin. 2. I don't have to fool around with hiding drive letters for the RAW volumes to avoid getting the "Do you want to format" prompts when I plug in external drives. It is hiding the drive letters that has the side effect of removing the drive letters and labels from "Safely Remove", which I describe more in (3). 3. Removable drives are displayed with their drive letters and volume names in the "Safely Remove" menu, and I can just eject them, instead of having to dismount them first in TrueCrypt. Showing the letters/labels is a nice feature when using multiple drives, as I do with a dual dock having independent power buttons, and it's something I've been wanting for a long time, because with TrueCrypt, I would get two indistinguishable AS2105 items in that menu with two drives in my dual dock, which made ejecting just one of the drives a useless 50/50 proposition. 4. I don't have to create a TrueCrypt Recovery CD every time I encrypt a system volume, and in Windows 8, I can encrypt just the used space. (I know there is an obscure way around creating the Recovery CD, but it should have been straightforward when using the main UI for the program.) 5. For SSDs, BitLocker appears to issue TRIM commands when encrypting entire system drives, whereas with TC, I would have to do a manual TRIM after encrypting a system drive to observe zeroed sectors when viewing outside of Windows. For SSD data drives, of course, there is no remedy as TrueCrypt doesn't support TRIM on data drives, or more generally, volumes outside the scope of system encryption. (NB: Even System Favorites mounted at boot-time that are not on the system drive are outside the scope, so all "data drives" are outside the scope.) 6. SSDs (didn't test HDs) benchmark better, way better for certain operations like 4K random reads. I can't say I've noticed any difference in performance though. Of course, TrueCrypt offers features Bitlocker lacks, such as portability, read-only mounting, and plausible deniability, and if these things are important to you, they would be reason to continue using TrueCrypt. After using TrueCrypt pervasively for several years on system, data, and removable drives, I find BitLocker to be more than a worthy replacement. In Windows 8, Bitlocker supports passworded system drives, so you don't need to use a USB key to boot the system, which was my main gripe with Windows 7. I think TrueCrypt is almost certainly safe to continue using, but I would definitely recommend BitLocker over it unless you require features unique to TrueCrypt. BitLocker is just as seamless and can auto-unlock fixed and removable drives just as well as TrueCrypt could with its "System" and normal "Favorites". The manage-bde program is available in Windows 8 WinRE environments, so one can unlock encrypted drives in, say, a WinRE environment. OTOH, Linux CDs like PartEd Magic are left out in the cold. BTW, it's easy to add all kinds of stuff to Terabyte's Image for Windows tbwinre environment, things like WinHex, XYplorer, diagnostic tools, etc, and after doing this, I don't really miss PartEd Magic. If you still have a Windows 7 system you must continue using, you can encrypt data drives in Windows 8 and save a lot of time for large drives by using its "used space only" option; drives encrypted by Windows 8 work fine in a Windows 7 system. You will give up the Elephant diffuser, as Microsoft removed it from Windows 8 without explanation. My understanding is that the diffuser only protects AES-CBC against targeted attacks, where someone would have to modify your system and get you to log onto it afterwards, as with Evil Maid, in which case, I don't care. I'm just worried about simple theft of my stuff. Also, the default for Windows 7 and 8 is 128-bit AES, but you can change a system policy to get 256 bit. Last I read, Schneier recommends sticking with the default, as 256 (and 192) bit are subject to an attack that doesn't apply to 128 bit. https://www.schneier.com/blog/archives/ ... n_a_1.html In that post, he reiterated his advice from 2009 despite a new attack that makes all AES bit lengths very slightly easier to break.
That Schneier's advise is questionable. The basis of his claim is that relative key attack break 11 (only when combined with super fast brute force. full break is 9) rounds AES256. So safety margin is 2 (or 4). When you see or hear crypt attack, always pay attention to its condition. Is relative-key attack your concern? I don't think so. Even Wikipedia's AES article says: (In quite bad implementation, relative-key attack can come true (e.g. WEP). I don't know if BL is well-implemented.) And AES128 is not fully immune against such unlikely attack. Best known single-key attack (basically it's kind of chosen plain-text attack) break 7 rounds AES128 and 9 rounds AES256, so in this case safety margin is 2 and 4. CPA is again, not much practical attack as it requires adversary can control tremendous amount of plaintext going to be encrypted, but a bit more realistic than relative-key attack. One example is notorious BEAST attack in TLS. Just as another note, CBC is not the best mode for at-rest encryption. Again in unlikely scenario that adversary have partial access to your encrypted contents i.e. he is allowed to read part of, but not full of, encrypted contents in plaintext but doesn't know encryption key or password, then he can read full contents by copy-and-paste attack.
Since you posted it, have you seen a significant improvement in creating and mounting containers? 20% on 64 bit isn't exactly impressive. Eh, I suppose I can try again.
why are there so many ppl whining about longer mounting time with Veracrypt? Of course it will take longer to mount a volume, as the authors clearly mentioned, because of the much larger numbers of encryption iterations. You are basically trading speed for more security. If speed is more important to you then stick with TC. But then again, why would you even use any encryption tools if you could not stand a 30-second waiting for maybe just once or twice a day, just because more security measures are implemented?
a) Because I know which attack I want to prevent and I hate to wait 30 seconds after login. And my security threat is not the NSA or Bruce Schneier, but rather "Wife brings my PC to computer guy next door who insta seeks pr0n" or "I die". And btw, length of my rnd password is the security in my case, not the iterations. b) Because I want to decide. The guys should implement it as Keepass, where you can define the # of key strengthening rounds yourself. But due to stupid fanboyism-elitism, dev got blinded. Happens to many devs, unfortunately. Knowing what's good for anybody. As foobar2000, where the developer decided it's good to write a warning at any startup about specific 3rd party addons (addons which in my case worked and I knew exactly what I did, but now coupled with this convenient warning). Pffffft.
I would't use Vera. Not because I don't trust it (I don't), but because TrueCrypt has been audited and it still works. Anyone can easily get version 7.1a with the same digital signature and version as there was in 2012.
OK, from peoples reports it works. Will go on using TC then. Also I can not convince my wife to always wait 30+ seconds to access her Outlook or family pictures after successfully entering a password. Sigh: Great times, when there was TCGina with only having to enter credentials once...
Just remember to download the correct version: https://www.grc.com/misc/truecrypt/TrueCrypt Setup 7.1a.exe Make sure to upload it to Virustotal to check if this file was first published in 2012, and look for the comments as well.
No, I still trust and use TrueCrypt and do not need any alternative at the moment I guess the zeal deployed to encrypt local data depends on one's life context. Here local data encryption is more for the principle than based on the potentialities of a risky context. I do take into consideration the very unlikely scenario that would include my browser in an assault, as well as relatives with their kids curious (the kids but not only!) about what I feed the machine with. No more than that so TrueCrypt is enough once the password is unlikely to be guessed of course.
