Comment by dijit

Comment by dijit a day ago

15 replies

View on Hacker News

Same was true of Truecrypt.

After the core team disbanded there was a full security audit which uncovered some very minor issues.

People never really trusted Veracrypt though. Quite interesting how that turned out.

fencepost a day ago

IIRC there were a lot more options by the time of the Truecrypt-Veracrypt shift. Truecrypt was around when drive encryption was otherwise an expensive enterprise software thing, but I think Bitlocker was included with Pro versions of Windows by the time of Veracrypt so that probably became the easiest free option - and probably with better compatibility as well.

Reply View 9 replies
  • no-dr-onboard a day ago

    this presumes that anyone would trust bitlocker.

    https://pulsesecurity.co.nz/articles/TPM-sniffing

    Reply View 7 replies
    • bri3d a day ago

      Being able to sniff a key as it transits a local bus is a very different kind of compromise of "trust" than believing that something is preemptively backdoored by a threat actor. It is deeply mysterious that Microsoft don't simply use TPM encrypted sessions to prevent this, though.

      Reply View 6 replies
      • dylan604 a day ago

        Isn't this yet another example of if they have your physical machine, it's already game over?

        Reply View 5 replies
  • input_sh a day ago

    How's it free if it's not available in the Home edition of Windows?

    In fact it's pretty much the only difference between Home and Professional editions of Windows these days, so I'd price it as the difference between the two (about $60).

    Reply View 0 replies
hypeatei a day ago

> People never really trusted Veracrypt though

Can you expand on this? It was my understanding that Veracrypt is the new de-facto standard.

Reply View 4 replies
  • dijit a day ago

    Bitlocker, LUKS and FileVault are the new standard(s).

    Veracrypt is a curiousity, not beloved the way truecrypt was.

    I’d love to see hard numbers for this, just my outside impression.

    In fact, when trying to find old forums that I was part of during that era, I failed; and found only this: https://discuss.privacyguides.net/t/why-people-still-believe...

    Reply View 3 replies
    • UberFly a day ago

      This is complete conjecture. Like Truecrypt, Veracrypt is open source, has been audited and has been actively maintained. Could it use another audit? Sure but so could Bitlocker but that isn't happening for even the first time any time soon.

      Reply View 2 replies
      • dijit a day ago

        I read this as intended to be some kind of rebuttal but… Where did I say it wasn't conjecture?

        I was stating facts about the ecosystem. People didn't trust it at the time.

        I never said there was a definite reason for that distrust.

        Reply View 1 reply
        • trompetenaccoun a day ago

          Never heard of any credible reasons to distrust Veracrypt. Don't know who these "people" are either, none of the comments named anything more concrete than what sounds like online rumors.

          Reply View 0 replies