Can VeraCrypt become the next TrueCrypt?

VeraCrypt is an on-the-fly encryption program that is based on the TrueCrypt code. VeraCrypt can encrypt partitions on entire disks, and authentication can be used before loading a disk that is fully encrypted. According to the developer, some security issues that were present in TrueCrypt have been resolved. VeraCrypt uses XTS mode of operation.



The following encryption algorithms are supported: AES, Serpent and Twofish. In addition, there are 5 different combinations of cascade algorithms: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The following hash functions are supported: RIPEMD-160, SHA-256, SHA-512, Whirlpool.



The fact that VeraCrypt fork TrueCrypt does not mean that it is a simple TrueCrypt clone.

')

Since it is based on a popular program, to a greater extent it offers the same set of functionality that makes TrueCrypt accessible, convenient, and popular. This set includes creating encrypted containers on disks and encrypting a partition or the entire disk, including the system partition.



As IDRIX says, in VeraCrypt they added security-enhancing algorithms, which “makes the program immune to the latest advances in brute force attack.”



For example, for an encrypted system partition, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations, and in VeraCrypt we use 327661. For standard containers and other partitions, TrueCrypt applies 2000 iterations, while VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA. and whirlpool.



The disadvantage of these changes is that opening encrypted partitions takes more time. The actual performance of the connected drives, however, does not suffer from this.



Another disadvantage is that the storage format is not compatible with the TrueCrypt storage format, which in turn means that you still have to find a way to convert the TrueCrypt partitions into the VeraCrypt format.



Stopping the development of TrueCrypt affects VeraCrypt. Since it is based on TrueCrypt, and now IDRIX continues to develop the application.



“TrueCrypt is insecure” message can also affect the user's perception or at least create doubts when it comes to VeraCrypt. The audit did not find any major security issues in its first phase.



Mounir Idrassi, IDRIX founder, and VeraCrypt developer, on the other hand, do not seem to be devastated by the completion of the TrueCrypt project. On the contrary, he told us that he has big plans for application and believes that development can continue at a faster pace than before.



Idrassi believes that VeraCrypt will benefit from TrueCrypt security auditing to correct any flaws or errors found during the audit. While this may require a lot of work, he hopes that other developers will contribute to the VeraCrypt project.



PS: The article was sent to the sandbox in 2014, now suddenly out of the sandbox.