Is there a reason to use TrueCrypt over VeraCrypt?

I would still choose TrueCrypt for a matter of trust and the "many eyes" theory:

  • After the "TrueCrypt scandal" everyone started looking at the source for backdoors.

  • The TrueCrypt audit finished on April 2, 2015. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors.

  • If VeraCrypt start changing TrueCrypt fast, they may introduce a few vulnerabilities. Since VeraCrypt is currently less popular than TrueCrypt, there are 'less eyes' watching at the VeraCrypt source code changes.

  • I consider that TrueCrypt 7.1a have all the features I need. An audited TrueCrypt with the vulnerabilities fixed would be the perfect choice. Unless I personally watch VeraCrypt source code diffs, it would require an audit on the changes, or a high increase in popularity, or many years of maintenance and active community to make me trust them more than the good old TrueCrypt.

  • The increase in iterations to mitigate brute force attacks only affects performance. If you chose a 64-char random password, 1 million years of brute forcing or 10 million years is the same from a security stand point.

(I downloaded the public key of TrueCrypt admin years before the scandal. So I can download a copy of TrueCrypt 7.1a from any source and verify its authenticity)

This answer may change after they publish new results from the audit. Also, if you are the VeraCrypt dev, the trust argument doesn't apply (because you trust yourself).


Yes. Use VeraCrypt.

As of September 26th 2015, google's security researchers found a couple of vulnerabilities that affect TrueCrypt 7.1a and VeraCrypt 1.14

they are CVE-2015-7358 and CVE-2015-7359

On September 26th, 2015 VeraCrypt released 1.15 which fixes those vulnerabilities.

On October 17th, 2016, VeraCrypt's audit by the QuarksLab has been completed and as a result, VeraCrypt version 1.19 has been released to address vulnerabilities found.

Sources:

  • http://www.pcworld.com/article/2987439/encryption/newly-found-truecrypt-flaw-allows-full-system-compromise.html

  • https://veracrypt.codeplex.com/wikipage?title=Release%20Notes

  • https://ostif.org/the-veracrypt-audit-results/

Edit: added the October 17th, 2016 QuarksLab audit info


If you do a diff on TrueCrypt and VeraCrypt, remove all of the name change and version code, you are left with a reasonable size patch to look at. VeraCrypt uses SHA256, which is better than SHA512 because of the key schedule. Besides the aforementioned iteration count, the other notable changes are NTFS support, upgraded WxWidgit support, volume format change, and inclusion of RSA's PKCS11 headers. Minor changes are things like changing .tc files to .hc, better packaging options for distribution, etc.

After applying the reduced patch set, I added Keccak to the mix for encryption and hashing. The stream cipher is nice to use in the middle of a cascade such as Serpent, Keccak (SHA3), then AES.

I was going to add support for TrueCrypt containers, but decided against it since I personally think the format change is an advantage.

Summing up, it's not that hard to audit using the above mentioned patch set.

Best practice dictates you use the verifiable TrueCrypt 7.1a distro, and download your own PKCS11 headers from RSA. If building for a Mac, use your own copy of nasm instead of the one included or download it yourself from its web page.

That's what I use and will continue to use until I have to change encryption algos when time dictates to do so.