4

I know that TrueCrypt was considered safer over VeraCrypt a few years ago. But does this situation remain the same? It was because TrueCrypt was audited and VeraCrypt was not and there was just more eyes watching TrueCrypt than VeraCrypt, is this still true?

I also heard VeraCrypt was audited and they didn't find any backdoor, do you belive it?

James Draper
  • 103
  • 3
user137459
  • 49
  • 1
  • 2
  • 3
    Have you done any research? Are you aware that TrueCrypt was abandoned and they left unpacthed security issues? – schroeder Jan 26 '17 at 13:47
  • https://en.wikipedia.org/wiki/VeraCrypt – schroeder Jan 26 '17 at 13:49
  • Here's the code, you can look for backdoor: https://veracrypt.codeplex.com/SourceControl/latest#README.md – schroeder Jan 26 '17 at 13:50
  • Please do not ask two questions in one. I suggest you [edit] your question and remove that last sentence about containers. –  Jan 26 '17 at 13:51
  • 2
    VeraCrypt developers have rather dubious software engineering practices. Such as integrating dubious crypto (e.g. GOST with 64-bit blocks) without specification, design docs or public discussion. – CodesInChaos Jan 26 '17 at 14:22
  • http://security.stackexchange.com/questions/72249/is-there-a-reason-to-use-truecrypt-over-veracrypt?rq=1 – woliveirajr Jan 26 '17 at 19:37

2 Answers2

7

VeraCrypt is a fork of the now abandoned TrueCrypt project. I really wonder where you have found the information that TrueCrypt was safer than VeraCrypt. More exactly, it may have been true in the early times of the fork, if some security patches had been implemented in TrueCrypt before being ported in VeraCrypt. But as TrueCrypt is no longer maintained, while VeraCrypt started from the same code and is actively maintained, I would now trust VeraCrypt more than the good old TrueCrypt.

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
0

I found the information right there on the forum: Is there a reason to use TrueCrypt over VeraCrypt?

I would still choose TrueCrypt for a matter of trust and the "many eyes" theory:

After the "TrueCrypt scandal" everyone started looking at the source for backdoors.

The TrueCrypt audit finished on April 2, 2015. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors.

...

user102054
  • 21
  • 2