TrueCrypt is flawed

[Numerio]

TrueCrypt has been widely demonstrated to be flawed. VeraCrypt continued it and claims to have solved those problems: https://veracrypt.codeplex.com/

The possibility to update the code involved should be investigated and the relative code should be updated. If not possible for some reason the user should still be acknowledged about the software being not secure proof and based on flawed algorithms.

[axeld]

Have you any links as to why TrueCrypt should be flawed? Last I heard was that the security audit ended pretty much without complaints. Besides that, the only reason DriveEncryption is compatible with TrueCrypt is because the latter is available for pretty much any platform.

[Numerio]

There is not a big single flaw allowing you to decrypt the data, but a series of little bugs which doesn't ensure the program is always secure. Plus there's warranty that those problems will never be resolved. I would not trust a software which his creators claims unsecure. In this area even if there's a undisclosed backdoor it's unlikely that it will be disclosed any time soon (you may imagine why). Caution make me think that it's more sage to switch to an updated version of it (VeraCrypt). This is the report of the code audit : https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf

EDIT

Also take a look here: https://veracrypt.codeplex.com/discussions/569777

[axeld]

Thanks! Since DriveEncryption only uses the algorithms from TrueCrypt, only AES might be vulnerable to cache timing attacks. Well, I'm sure I introduced bigger issues in the main code base ;-)

I'll have a look in due time; I'm currently busy with other things that allow me to use DriveEncryption's Login application again to decrypt my partitions automatically.