|
|
|
|
|
|
by testtesttest
3592 days ago
|
|
|
Nowadays facts don't matter. Everybody follows whatever they already believe, including myself. If we look at the TrueCrypt audit report:
https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_O... It says they found 2 high severity issues, 1 low severity issue, 1 undermined severity issue. All in the cryptography category. There were additional issues found by the Project Zero:
http://googleprojectzero.blogspot.de/2015/10/windows-drivers... Even when faced with this clear evidence, people consider TrueCrypt as being safe. VeryCrypt is under active development, so the situation is much better since the issues can be fixed in the future releases. However, people might blindly follow whatever is reported and consider VeraCrypt bulletproof regardless of the previous experience with other crypto projects. |
|
|
I don't understand. If your definition of 'safe' requires that no vulnerabilities can ever be discovered in a product, you're going to have to give up and never use a computer again.
Having some high-end crypto experts and some of the best bug hunters audit your product and then fix the discovered vulnerabilities puts you at the higher end of the security spectrum.
> VeryCrypt is under active development, so the situation is much better since the issues can be fixed in the future releases.
Counter-point for consideration: any non-maintenance code changes may introduce new issues that weren't part of this audit.