TrueCrypt Replacement

Why can't you just use TrueCrypt? It still works just fine.

Agree with The Rev; there's absolutely no reason why you should not continue using TrueCrypt if you were happy with it before, or even as a newcomer to such things...

There has been an ongoing in-depth analysis of TrueCrypt from the security perspective and so far it appears to be pretty clean. I think ongoing support will be re-established once the analysis is complete. It is available, but just not being actively updated until the survey/analysis is complete. At least that's what I understand.

Speaking of this... what is a good site to Download Truecrypt if one did not already have it saved?

It's still there at http://truecrypt.sourceforge.net/ just scroll to the bottom of the page...

<EDIT> Ignore that, see answer from Mike below...>

There is also a verified repository that was created by the auditing team. There, you can find the last unchanged version of TrueCrypt, i.e., version 7.1a, with verified hashes. The version on the sourceforge site has been altered by the TrueCrypt developers to disable the ability to create new containers (partitions, folders, etc.), so, it's just a version to allow you to access your existing containers temporarily while you migrate to something else. If you want to keep using TrueCrypt, you need to use the 7.1a version.

There is also a somewhat official fork called VeraCrypt.

But like others have said, you should probably wait until the final report of the audit (which is apparently still ongoing) before deeming TrueCrypt as unsafe. I think that much of the community is just on hold for that moment, so they know what to fix in an eventual fork or re-starting of TrueCrypt development. It would be precipitated to do anything before there is a final report (or other news) from the auditors.

Thanks for the info. I will wait a while until the audit is complete.

Mike_2000_17: I looked at VeraCrypt and it looks promissing, the VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format. So does that mean I will have to decrypt and resave everything before installing VeraCrypt?
I've pretty much just let TrueCrypt do its thing and not really messed around with it.

I would imagine the migration process would be

1. create VeraCrypt container and mount it
2. mount TrueCrypt container
3. copy or move the files from TC to VC

Also, If you encrypt a partition/system, you will:

1) Decrpyt volume with Truecrypt.
2) Encrypt volume with Veracrypt.

Veracrypt uses a huge number of iteration in thr KDF. While it's secure, it's inconvienient for the person starting the computer (I estimate about 30-40) seconds on my laptop.

The KDF in the original Truecrypt was one of the weaker points. I'm hoping that once the password hashing competition is completed and the audit is completed, that Truecrypt will be minnably modified to carefully correct possible threats in the audit and replacing the KDF.

The problem isn't even making the changes as much. The problem is getting enough qualified people to review the changes.

I've switched to DiskCryptor (https://diskcryptor.net/wiki/Main_Page) which is pretty fast and also secure, free and open source.

Except as noted above, VeraCrypt is an identical twin brother (or sister, as the case may be) of TrueCrypt. You lose nothing of TC's interface, functionality, or efficiency if / when you switch to Vera. Migrating to this software is about as painless as any conversion could possibly be. Reverend Jim outlined the procedure, which I recently followed during a massive file conversion from TC to VC. While tedious and time-consuming, it was remarkably straightforward.

Vera recently released a upgrade of the software, an eventuality unlikely to occur with TC at this stage of the game.

http://www.theregister.co.uk/2015/04/02/truecrypt_security_audit/

http://www.theregister.co.uk/2016/10/18/veracrypt_audit/