Veracrypt project update

Posted by super256 17 hours ago

Veracrypt project update(sourceforge.net)

1094 points | 408 commentspage 4

Tsarp 10 hours ago|

For folks looking for a much simpler single binary alternative.

https://github.com/srv1n/kurpod

layer8 9 hours ago|

This is not a replacement, as it has no native file system integration, only a web interface.

Tsarp 8 hours ago||

Its not just a web interface. It creates a storage container that can grow and be compacted on the fly is fully portable.

layer8 7 hours ago||

If it doesn’t have file system integration, you can’t edit files in it using regular software.

speedgoose 15 hours ago||

It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.

repelsteeltje 14 hours ago||

Yeah but isn't the point of these certificates to express trust?

The point isn't (or: shouldn't be) to forcefully find your way through some back alley to make it look legit. It's to certify that the software is legit.

Trust goes both ways: we ought to trust Microsoft to act as a responsible CA. Obfuscating why they revoked trust (as is apparently the case) and leaving the phone ringing is hurting trust in MS as a CA and as an organization.

sidewndr46 13 hours ago||

who on planet earth trusts a piece of software because Microsoft signed it?

roelschroeven 13 hours ago|||

There are different types of trust, but at the very least with such a signature you can trust that the piece of software is really from Veracrypt and not from a malicious third party.

repelsteeltje 11 hours ago||||

For one: Most if not all virus scanners.

A signature is a signal, not an absolute. Although, to be fair, if Microsoft (or most other CAs) had done a better job, then that trust would have carried more weight than it does currently.

mr_mitm 13 hours ago|||

Trust isn't binary, it's a spectrum. A signature is a signal that should increase trustworthiness. Not the strongest signal, perhaps even a weak one, but it's not zero.

orbital-decay 15 hours ago|||

That's what VeraCrypt is, a fork of the original TrueCrypt after all drama, security doubts, and eventual discontinuation. It took a long time and two independent audits to establish trust in it.

subscribed 14 hours ago|||

Probably not French though, give how hostile it appears to be to encryption/security related projects (GrapheneOS had a good arguments re: that)

kijin 13 hours ago||

The author is now based in Japan, and even owns a veracrypt.jp domain. Meanwhile, the old veracrypt.fr domain redirects to veracrypt.io.

Seems rather clear that he doesn't want French jurisdiction.

fg137 14 hours ago||

And Microsoft will be happy to shut that one down because their incompetence.

So we'd better find a real solution now.

lofaszvanitt 6 hours ago||

What about the guy who originally created it. Paul Le Roux, the criminal mastermind? That's a wild story :D.

ChrisArchitect 3 hours ago||

Update from Scott Hanselman:

> Hey I love dumping on my company as much as the next guy, because Microsoft does some dumb stuff, but sometimes it's just check emails and verify your accounts.

Not every "WTF micro$oft" moment is a slam dunk. I've emailed VeraCrypt personally and we'll get him unblocked. I've already talked to Jason at WireGuard.

Not everything is a conspiracy, sometimes it's literally paperwork.

(https://x.com/shanselman/status/2041977121686585396 https://xcancel.com/shanselman/status/2041977121686585396)

kwar13 13 hours ago||

very much sounds like microsoft

swordsith 12 hours ago||

if michalesoft wants to take away our ability to sign drivers, they will find there is more than enough vulnerable easily exploited drivers we can use that are pre-signed online. Thank you micosawft!

HumanOstrich 11 hours ago|

Are you having a stroke?

qingcharles 8 hours ago|||

I think it's a reference to Michaelsoft Binbows :)

https://alf-s-room.com/etc/nandarou/binbows/binbows_english....

https://www.youtube.com/watch?v=QRIklga9IBQ

c0balt 10 hours ago|||

Most likely just intentionally misspelling the name in the spirit of calling them Microslop.

deltoidmaximus 10 hours ago||

And perhaps the time they sued a kid named Mike Rowe for having a website mikerowesoft.com

unethical_ban 9 hours ago||

I run a dual boot of windows and am currently dauly-driving CachyOS quite happily. I've been playing some Crimson desert and got some occasional crashes... But any other game I have has run smoothly.

Their GUI tools for package management are thin wrappers on CLI tools, but are enough hand-holding that most people should navigate it fine. More devices worked out of the box for my with Linux than Windows.

Just like if you haven't tried AI in a year and have mocked it, you need to try it again. Of you haven't tried Linux desktop in a few years, you need to try again. CachyOS really does seem to handle the driver installs and gaming compatibility well.

raggi 1 hour ago|

Cachy pushed a Limine update last weekend without any testing. It broke everyone with secure boot signing. Head proton versions are great, but games tend to turn into a laggy mess after a couple of hours and need regular restarts.

It's decent, but it's not all roses at all, and I wouldn't inflict it on non-techies yet.

steve1977 11 hours ago||

If only there was a way to sign software and not depend on a centralized authority, something like a... web of trust?

(and yes I know, you'd need to have the option to have "your" (haha...) OS trust it of course)

avaer 14 hours ago|

Forced software signing should be illegal.

Pay08 13 hours ago|

It's not forced, especially for normal software, you just get a popup. It's a bit of a pain to disable the requirement for drivers, though.

baobabKoodaa 12 hours ago||

I don't think you can install VeraCrypt, at least for system encryption, unless the installer is signed

Pay08 11 hours ago||

According to further up the thread, you can if you disable secureboot.

pocksuppet 9 hours ago||

And you mess with your boot.ini and ignore that half your screen is taken up by a TEST MODE banner. Buy a screen twice as big and tape over half of it, I guess.

More comments...