TrueCrypt is dead, long live VeraCrypt

Updated: October 26, 2018

For many years, TrueCrypt was one of the most popular cross-platform encryption tools. Simple, flexible, powerful. Then, suddenly, the project team decided to EOL their work in a rather abrupt manner, releasing decrypt-only version 7.2. This left version 7.1x and earlier in a predicament. Well, the thing is, TrueCrypt is still a safe and practical product, and you can use version 7.1a. But if this whole affair makes you somewhat uneasy, you may want to try a different solution.

Rising from the ashes of TrueCrypt is VeraCrypt, a program designed to continue the legacy of TrueCrypt while also adding new functionality, address existing problems, and allowing users the same flexibility and peace of mind that TrueCrypt gave them so far. Let's see what gives.

Setup

VeraCrypt is not just a spiritual successor of TrueCrypt - it is based on version 7.1a, including both the underlying code and the UI framework. You get the same set of capabilities, including standard and hidden containers, whole disk encryption, system disk encryption, and support for UEFI/GPT and SSD devices.

I tested VeraCrypt in Linux (Kubuntu). The configuration is very similar to TrueCrypt. You can extract the downloaded archive and use the program in a standalone manner - or actually install it. Pretty straightforward.

Install

Volume creation

VeraCrypt is almost identical to TrueCrypt, and if you didn't know it, you might not be able to distinguish between the two. Like in its predecessor, you first need to create one or more encrypted volumes. You can use containers, which is the simplest option, encrypt whole partitions and disks - so they essentially show as unformatted devices in your system - or even encrypt the entire system (Windows).

Create volume

Encryption options

Format options

You will spot some differences as you progress through the wizard. If you've read the audit above, you will notice there's a very remote chance that the built-in Windows encryption API may fail to initialize, which TrueCrypt will ignore and continue with key generation. Now, this could potentially cause decreased entropy, hence less randomness and potentially a less secure encryption container. TrueCrypt collects entropy from many sources, including the mouse pointer, which is why you were always advised to move it as randomly and for as long as possible.

VeraCrypt now features a randomness progress bar that will inform you how you're doing. Something like one minute of vigorous wrist motions ought to do it. Later, once you have the volume(s) created, you still have the option to backup your volume headers, which you should do, and such like.

Randomness

Formatting

Using VeraCrypt

My tests showed an identical workflow to TrueCrypt. Very simple and elegant. Mounting a volume was quite fast (about 1-2 sec max), even though VeraCrypt does far more header key derivation function iterations than TrueCrypt. This means there should not be any (too) detrimental performance/usage issues where you're forced to wait an eternity for VeraCrypt to respond during the volume mount. This might be an issue on older systems, but the 2015 Lenovo G50 with an i3 processor worked perfectly fine.

Mounted volume

The one complaint I have is that the GUI is not resizable, and it does not look good in Linux. I've done additional tests in other Linux distributions, including Gnome and Plasma desktops, and the results were the same. The visual side of things is definitely biased toward the Windows version.

TrueCrypt to VeraCrypt

If you have TrueCrypt containers, you can still use them in VeraCrypt. Even though the two programs do not share the same file format, VeraCrypt has a legacy mode - TrueCrypt mode, which allows you to mount and use your older volumes without any problems. You can also permanently convert your volumes.

TrueCrypt mode

Conclusion

VeraCrypt seems to be a nice, solid program and a good successor to TrueCrypt, however you want to phrase it. While TrueCrypt remains a perfectly valid encryption solution, the fact it is no longer developed may one day create compatibility issues (maybe with new filesystems or such). If you want to have a volume-based product that is simple and portable, VeraCrypt fits the bill perfectly. It has all the nice things found in TrueCrypt plus some new, extra perks and features.

The one thing that might worry you is the suddenness of this whole thing. TrueCrypt sort of vanished in a rather abrupt way, and VeraCrypt was born in pretty much the same fashion. As an end user, this probably does not concern you, but the future of the successor program might be at risk if some bureaucratic issues arise one day. In other words, there's no guarantee, and a few years from now, we might be looking at another situation where we'll need to be looking for new volume-based, cross-platform encryption tools.

But that hasn't happened, and on the bright side, the demise of TrueCrypt didn't really stop it from remaining a safe, valid and effective program, either, or allowing VeraCrypt to come to life and make all the good things even better. In the end, if you're a TrueCrypt user, you might want to start testing VeraCrypt. 'Tis a very sensible and practical choice. Take care.

Cheers.

You may also like: