Why people still believe Truecrypt is much better than Veracrypt?

I saw many prefer TrueCrypt as a “more trusted” application than Veracrypt.

There have been multiple cases where they couldn’t unlock Veracrypt volumes.

VeraCrypt have been also audited multiple times.

the goal of VeraCrypt is not only to fix the public vulnerabilities of TrueCrypt, but also to bring new features to the software. The innovations introduced by VeraCrypt include: … Security Assessment of VeraCrypt: fixes and evolutions from TrueCrypt - Quarkslab's blog (2016)

BSI - Bundesamt für Sicherheit in der Informationstechnik - Security Evaluation of VeraCrypt (2021)

Improvements and fixes have been addressed after the reports

Some attempts were introduced into VeraCrypt to protect against forensics attacks Passware 2023 version Decrypts Veracrypt RAM Encryption

TrueCrypt is literally unmaintained. So, if there have been any vulnerabilities found in the future, everyone will be backdoored forever.

2 Likes

I’ve ever encountered anyone making that claim. Where have you encountered people saying this, do you have a link to the discussion? Is it possible you were reading old discussions (Truecrypt was highly recommended for many years, but that was a long time ago, I haven’t seen it recommended for years)

2 Likes

From Mental outlaw latest video. And probably a lot of 4chan users.

1 Like

Since Ive jumped into this privacy and security madness, I’ve only heard it called as veracrypt, granted I was only in this thing for half a decade or so

I believe Veracrypt forked from Truecrypt about ~10 years ago.

Up to that point, my recollection is that Truecrypt had a reputation at least as good as Veracrypt currently has, basically the gold standard for cross platform encryption, and had been for many years (at least that is my recollection).

But people were understandably confused and lost confidence in Truecrypt when its developers abruptly and unexpectedly shut it down. The unexpectedness of it and lack of a clear reason, and somewhat cryptic and kind of weird announcement of the closure which some perceived as a veiled warning, led people to feel suspicious and unsure whether the software could be trusted, despite it having just past the first phase of a crowdfunded audit.

There were many theories as to what happened and why, many people at the time felt the abrupt shutdown was evidence that the developers may have been being leveraged or threatened by a national security agency or the like, and shutdown to avoid having to backdoor or undermine their software. It seemed a credible suspicion (especially at the time, this was right around the time of Lavabit being forced to make a similar choice, and not too long after the Snowden Revelations).

However to my knowledge that suspicion was never substantiated and no evidence of a backdoor has been found (and both Truecrypt and Veracrypt have been audited). Here is an article written at the time that goes into more detail, And here is a Bruce Schneier blogpost from back then with lots of links from the time including articles and a hacker news discussion from that time

2 Likes

Hi there Jerm!

I was in a similar position to you as TrueCrypt was working great even after it was shut down. However, Steve Gibson is considered an expert on Truecrypt and he even hosted Truecrypt installers on his site that were 100% secure. He was one of the few sources that could be trusted when you needed to download a Truecrypt installer. However, even he recommends Veracrypt:

Also, check out the amount of user views on that link: 2,524,886 views

Ah yes, the “This is compromised, let me show you 0 evidence other than my opinion” crowd. A very serious bunch.