Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)
Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)
Threat Post takes
a look at two TrueCrypt forks, VeraCrypt and CipherShed. Although
TrueCrypt development was discontinued last year, the code underwent a two
phase audit and passed with a relatively clean bill of health.
"VeraCrypt and CipherShed have addressed many of the shortcomings
identified not only by the audit, but by others who have scrutinized the
TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example,
said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with
SHA-256 support for system encryption. He said VeraCrypt has also tried to
simplify the build process, especially for Linux and Mac OS X systems, so
that other less common configurations could be used.
" The results of
the audit of TrueCrypt are available in PDF format; phase
1 was completed in February 2014, and phase
2 was completed March 2015.