TrueCrypt vs VeraCrypt for file encryption
-
TrueCrypt is being evaluated (or was) in Phase II (as reported several months ago).
VeraCrypt has not be evaluated as of yet.
I am not needing Full Disk Encryption (FDE), only folder encryption.
End result is some data files no passwords and userIDs (I use Keypass for that) which need to be encrypted and stored. Not governed by HIPPA or anything.. this is for personal use.
-
Never start a new project with a dead product.
TrueCrypt was killed by it's creators last year.
As for the evaluation, TrueCrypt wasn't evaluated until months before it was killed, yet it was in use for years beforehand.
Assuming VeraCrypt is open source and you trust the source, you should be fine.
-
LibreOffice did that, it worked out great. So do Windows NT (dead product was OS/2 Warp.)
-
I agree that one should not start a new project with dead software or hardware. It smacks of impending failures and other difficulties.
-
@gjacobse said:
I agree that one should not start a new project with dead software or hardware. It smacks of impending failures and other difficulties.
I do not agree. This is the magic of open source. The politics that brought down one project has nothing necessarily to do with the product. TrueCrypt didn't die, the TC developers collapsed.
-
@scottalanmiller said:
@gjacobse said:
I agree that one should not start a new project with dead software or hardware. It smacks of impending failures and other difficulties.
I do not agree. This is the magic of open source. The politics that brought down one project has nothing necessarily to do with the product. TrueCrypt didn't die, the TC developers collapsed.
Sure, but you're not going to get any new features in it either. Does TC work in Windows 10? If not, it never will, does VC? maybe not today, and if not, it might in the future.
VC is based upon TC, why wouldn't you want to use the newer product?
-
@scottalanmiller said:
@gjacobse said:
I agree that one should not start a new project with dead software or hardware. It smacks of impending failures and other difficulties.
I do not agree. This is the magic of open source. The politics that brought down one project has nothing necessarily to do with the product. TrueCrypt didn't die, the TC developers collapsed.
You have a point. The great thing about Open source is that it is available for anyone to pick up and move it forward.
I suppose some 'reasoning' in my statement is maybe something like Windows 9x, It's dead, unsupported though I am sure there is a repository somewhere where you can download it and all the updates. It's only within the last 16 months that I myself disposed of the CDs of updates and keys I had acquired.
-
@Dashrender said:
Sure, but you're not going to get any new features in it either. Does TC work in Windows 10? If not, it never will, does VC? maybe not today, and if not, it might in the future.
VC is based upon TC, why wouldn't you want to use the newer product?
Point -
I suppose my 'only reason' to not use VC is that it had not been through any validation process. TC had gone through Phase I and was in Phase II upon my last reading...
While I have nothing that TPTB would really be interested in - or really not already know about - I want something that will be quite difficult to break.
-
@Dashrender said:
Sure, but you're not going to get any new features in it either.
Why do you say that?
-
I think that there is confusion. VeraCrypt IS the current TrueCrypt release. TC became VeraCrypt.
-
@gjacobse said:
@Dashrender said:
Sure, but you're not going to get any new features in it either. Does TC work in Windows 10? If not, it never will, does VC? maybe not today, and if not, it might in the future.
VC is based upon TC, why wouldn't you want to use the newer product?
Point -
I suppose my 'only reason' to not use VC is that it had not been through any validation process. TC had gone through Phase I and was in Phase II upon my last reading...
While I have nothing that TPTB would really be interested in - or really not already know about - I want something that will be quite difficult to break.
But VC is TC. So any TC validation is VC validation too.
-
@scottalanmiller said:
But VC is TC. So any TC validation is VC validation too.
But is it? There could be changes in VC that compromises the security...
-
Let me state my thoughts prior to starting this thread:
My expectations are that I was going to / will be using TC or even VC. This is mainly to flesh out if that first thought should be changed and another product / project used. -
@gjacobse said:
@scottalanmiller said:
But VC is TC. So any TC validation is VC validation too.
But is it? There could be changes in VC that compromises the security...
Yes, it is. There could be those changes in TC too after the code version for the audit. It's a real concern but one that has nothing to do with the name change.
-
Like any software product, you want to be up to date. Running intentionally old versions of something is nearly universally bad. It means that bugs, features, updates, fixes or whatever that have been made and are assumed to be part of the system are missing. While there is a cause for concern and the risk non-zero, it's fundamentally a bad approach to think of code as something that can be ignored and "Frozen". Code must be a living entity to be reliable.
-
Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to
-
@MattSpeller said:
Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to
That is what I am running into Matt.. I like and want to support OpenSource all I can. I need a product I can rely on... but I have reservations...
-
@MattSpeller said:
Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to
How much of that saga was media and SW people looking to attack the product? How much "saga" was there that actually applies to the code? Let's separate the wheat from the chaff. Is there really as saga?
-
@gjacobse said:
@MattSpeller said:
Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to
That is what I am running into Matt.. I like and want to support OpenSource all I can. I need a product I can rely on... but I have reservations...
What is causing the reservations? TC/VC is not the best product ever, that's certain, but what actual concerns are there versus just fear mongering what SW spread a lot of? I'm not vouching for the product, just saying I've seen nothing of concern yet.
