| ▲ | tptacek 4 hours ago |
| I don't use Microsoft products generally but not with even with your computer would I run VeraCrypt. |
|
| ▲ | rpdillon 3 hours ago | parent | next [-] |
| Curious to see this take from you! I followed TrueCrypt for years, but always thought it was very strange that they were anonymous, and then the mysterious shutdown happened, and I have no idea what to make of VeraCrypt. It's been in my "possibly good, but too many weird flags around the whole project" bucket. Anything in particular that makes you wary? I'm aware of the 2016 and 2020 audits (https://ostif.org/the-veracrypt-audit-results/ is the 2016 one, I believe), but those seemed to suggest things were getting better over time. Curious what other signals to look for. |
| |
|
| ▲ | cantrevealname 2 hours ago | parent | prev | next [-] |
| > not with even with your computer would I run VeraCrypt This has got to be the most surprising encryption-related comment I've ever read from you. Please tell us what you're thinking about VeraCrypt. What would you say about TrueCrypt v7.1a, the last known good release? |
|
| ▲ | recursivegirth 4 hours ago | parent | prev | next [-] |
| Ever since the TrueCrypt fiasco years ago, I have no trust in that brand. |
| |
| ▲ | rokkamokka 4 hours ago | parent | next [-] | | Fiasco? You mean where they voluntarily shut down rather than compromise themselves? Or are you referring to another matter? | | |
| ▲ | michaelt 2 hours ago | parent [-] | | Presumably when the authors of TrueCrypt declared “Using TrueCrypt is not secure” If I trust them to provide my FDE software, I certainly trust them when they say I shouldn’t use it. | | |
| ▲ | ndiddy an hour ago | parent | next [-] | | My interpretation was that the authors received a National Security Letter and chose to shut down development rather than let their software get backdoored. IIRC the shutdown announcement cited the discontinuation of Windows XP as why the software got discontinued (when it was cross platform and supported newer versions of Windows) and included a step-by-step guide for how to migrate to Bitlocker (a red flag for anyone remotely cynical). An independent audit of the last version of TrueCrypt was published about a year after the discontinuation. It did not find any significant security issues or backdoors. | |
| ▲ | recursivegirth 2 hours ago | parent | prev [-] | | This. I have no trust in TrueCrypt or it's derivatives. If TrueCrypt was compromised then it stands that VeraCrypt is as well. | | |
|
| |
| ▲ | jazzyjackson 3 hours ago | parent | prev [-] | | Is there a brand you do have trust in? I’ve kind of thrown my hands up, considered my attack surface is dude stealing my laptop and not the state department wants my 4chan history, and just use the encryption tools provided by Apple and Microsoft |
|
|
| ▲ | Hypomixolydian 38 minutes ago | parent | prev | next [-] |
| [citation needed] |
| |
| ▲ | tptacek 38 minutes ago | parent [-] | | Ok. You got me. I would run VeraCrypt on your computer. The one exception. |
|
|
| ▲ | MrZander 4 hours ago | parent | prev [-] |
| What? Why? |
