TrueCrypt vs VeraCrypt for file encryption

scottalanmiller

@Dashrender said:

Sure, but you're not going to get any new features in it either.

Why do you say that?

scottalanmiller

I think that there is confusion. VeraCrypt IS the current TrueCrypt release. TC became VeraCrypt.

scottalanmiller

@gjacobse said:

@Dashrender said:

Sure, but you're not going to get any new features in it either. Does TC work in Windows 10? If not, it never will, does VC? maybe not today, and if not, it might in the future.

VC is based upon TC, why wouldn't you want to use the newer product?

Point -

I suppose my 'only reason' to not use VC is that it had not been through any validation process. TC had gone through Phase I and was in Phase II upon my last reading...

While I have nothing that TPTB would really be interested in - or really not already know about - I want something that will be quite difficult to break.

But VC is TC. So any TC validation is VC validation too.

gjacobse

@scottalanmiller said:

But VC is TC. So any TC validation is VC validation too.

But is it? There could be changes in VC that compromises the security...

gjacobse

Let me state my thoughts prior to starting this thread:

My expectations are that I was going to / will be using TC or even VC. This is mainly to flesh out if that first thought should be changed and another product / project used.

scottalanmiller

@gjacobse said:

@scottalanmiller said:

But VC is TC. So any TC validation is VC validation too.

But is it? There could be changes in VC that compromises the security...

Yes, it is. There could be those changes in TC too after the code version for the audit. It's a real concern but one that has nothing to do with the name change.

scottalanmiller

Like any software product, you want to be up to date. Running intentionally old versions of something is nearly universally bad. It means that bugs, features, updates, fixes or whatever that have been made and are assumed to be part of the system are missing. While there is a cause for concern and the risk non-zero, it's fundamentally a bad approach to think of code as something that can be ignored and "Frozen". Code must be a living entity to be reliable.

MattSpeller

Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to

gjacobse

@MattSpeller said:

Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to

That is what I am running into Matt.. I like and want to support OpenSource all I can. I need a product I can rely on... but I have reservations...

scottalanmiller

@MattSpeller said:

Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to

How much of that saga was media and SW people looking to attack the product? How much "saga" was there that actually applies to the code? Let's separate the wheat from the chaff. Is there really as saga?

scottalanmiller

@gjacobse said:

@MattSpeller said:

Just gut instinct but the whole TC saga has given me bad vibes and I don't trust it 100% like I used to

That is what I am running into Matt.. I like and want to support OpenSource all I can. I need a product I can rely on... but I have reservations...

What is causing the reservations? TC/VC is not the best product ever, that's certain, but what actual concerns are there versus just fear mongering what SW spread a lot of? I'm not vouching for the product, just saying I've seen nothing of concern yet.