That's wonderful news, but I'm curious about a couple things:
(a) How much, if any, of the original TrueCrypt source code was used? The anonymous TrueCrypt author(s) inexplicably refused to open source their code even after abandoning the project, so although all TrueCrypt source code is available, the TrueCrypt author(s) still own it.
(b) Who is behind VeraCrypt? I see two names (idrassi and kavsrf), but who are they really? There were only two developers? Did anyone finance it other than public donations on their website? I'm tremendously grateful for their efforts and I intend to make a donation shortly, but I think we'd all trust it a little more if we knew more about the people behind it.
The source code availability and the audit are even more important than knowing about the people, but knowing about the people adds something as well. A video interview or newsmagazine profile about them would be ideal. (Perhaps I'm asking something contradictory since someone who writes a TrueCrypt replacement is probably a very private person.)
The software is supported by a company in Paris[0] so normally it's possible to get information about their authors. I don't think they are anonymous like TrueCrypt author(s).
Yes, when mounting a volume, there is a checkbox "TrueCrypt mode" on right side bottom, under password edit line. You can make it checked by default in settings.
This may be because they fixed the vulnerability with truecrypt keyfiles and didn't want to leave the vulnerable implementation around. Might want to report it and see what can be done.
Honestly I dont care. Truecrypt works great for me. My adversary is neither NSA nor FBI, so I can live with some small vulnerabilities. I installed Veracrypt, tried it with "Truecrypt compatibility" on and it didnt worked. This signals to me, that Veracrypt is not very much tested either, if they have bugs like this, they may also have bugs in crypto. So why shouold I trust it more? Truecrypt is proven by years of usage.
Well, that's good, Truecrypt mode worked for me. I'll start switching over now in Truecrypt mode, and eventually will create VeraCrypt volumes and move everything over.
17 comments
[ 3.6 ms ] story [ 54.3 ms ] thread(a) How much, if any, of the original TrueCrypt source code was used? The anonymous TrueCrypt author(s) inexplicably refused to open source their code even after abandoning the project, so although all TrueCrypt source code is available, the TrueCrypt author(s) still own it.
(b) Who is behind VeraCrypt? I see two names (idrassi and kavsrf), but who are they really? There were only two developers? Did anyone finance it other than public donations on their website? I'm tremendously grateful for their efforts and I intend to make a donation shortly, but I think we'd all trust it a little more if we knew more about the people behind it.
The source code availability and the audit are even more important than knowing about the people, but knowing about the people adds something as well. A video interview or newsmagazine profile about them would be ideal. (Perhaps I'm asking something contradictory since someone who writes a TrueCrypt replacement is probably a very private person.)
[0] https://www.idrix.fr/Root/mos/Contact_Us/Itemid,3/
Do I have to upgrade my container to the newer version?