The response to the audit reveals that it’s not as “scary” as the report makes it sound (from a “headlines” perspective.)
VeraCrypt has active development. TrueCrypt does not.
Some of report is subjective (an opinion about how “clean” the code is, which will improve with time anyways.)
Any concerns with VeraCrypt are even worse for TrueCrypt (which is abandoned).
RIPEMD is only used for legacy (MBR) systems. SHA256 is used by default, otherwise. Thus, VeraCrypt leaves it as an option for legacy systems (if the user so desires to select it.)
PBKDF2 is still used by LUKS1 (which is the default key derivation function used in a “full disk encryption” Manjaro installation.) Thus, the fact that VeraCrypt uses PBKDF2 is nothing to fret over. They might use Argon2 in the future (same as LUKS2 does now.) It’s really a non-issue for home users.
We’re not working with mission critical nuclear codes here. We’re just encrypting our files on our Linux laptops and PCs. VeraCrypt and LUKS (and even granular solutions like “Vaults”) are more than enough to keep your data private and deter most attackers. You’re not the target of a ragtag elite group of international hackers.
If you are worried about privacy and security, please message me with your credentials and passwords (e.g, email accounts, social media accounts, bank accounts, etc) and I will provide a free professional consultation on best security practices, and inform you if your passwords are strong enough.
Honestly VeraCrypt is trash. Used it on 2 different occasions and some months later the decryption did not work. Appearently there is an issue which can corrupts the encrypted content and becomes unrecoverable. Complete trash in my opinion.
Well this was 2 years ago so can’t recall specifically the issue but I remember that it was something that it was quite common, regardless I mentioned that it was my opinion so obviously take it with a grain of salt.
Thank you for the suggestions but after my last incidents with VeraCrypt I’m pretty much avoiding encryption. My machine has Luks encryption, but anything else, be it usb or external drive, it’s a big no no for me. Don’t want to risk losing personal photos and such (also because I’ve moved to cloud based services).