If you use Truecrypt, migrate to Veracrypt

Last Updated on July 14, 2017 by Dave Farquhar

I’m playing catch-up with this one, but if you’ve been relying on the quasi-open source Truecrypt encryption solution, you need to migrate to Veracrypt as quickly as possible.

For some reason, it doesn’t seem to be common knowledge that Veracrypt is derived from Truecrypt and is, for all intents and purposes, the successor to Truecrypt.

A Google researcher discovered two issues in Truecrypt late last month and disclosed the details. Truecrypt, of course, won’t get patched, but the two issues were quickly patched in Veracrypt.

The worst of the two bugs is a privilege escalation issue, which basically means someone could use the bug to gain administrator rights on the machine. Neither bug directly affects encryption.

Truecrypt was audited in 2014, of course, but finding every bug in a code audit is, of course, infinitely close to impossible. The audit found no deliberate backdoors and no issues with the encryption, as best we know today, but since the software creators abandoned it, moving to a supported derivative is necessary for it to stay safe.

And, for the record, I don’t believe there was any conspiracy against Truecrypt.

If you found this post informative or helpful, please share it!