> This is by far one of the best advertisements for LUKS/VeraCrypt I've ever seen.
LUKS isn't all rainbows and butterflies either [https://news.ycombinator.com/item?id=46708174]. This vulnerability has been known for years, and despite this, nothing has been done to address it.
Furthermore, if you believe that Microsoft products are inherently compromised and backdoored, running VeraCrypt instead of BitLocker on Windows likely won’t significantly improve your security. Implementing a VeraCrypt backdoor would be trivial for Microsoft.
Sadly VeraCrypt is not optimized for SSDs and has a massive performance impact compared to Bitlocker for full disk encryption because the SSD doesn't know what space is used/free with VeraCrypt.
Forgive me this shameless ad :) with the latest performance updates, Shufflecake ( https://shufflecake.net/ ) is blazing fast (so much, in fact, that exceeds performances of LUKS/dm-crypt/VeraCrypt in many scenarios, including SSD use.
VeraCrypt can be set to pass through TRIM. It just makes it really obvious which sectors are unused within your encrypted partition (they read back as 00 bytes)
Oh I did not know of this option, thanks! However, I was wrong about the reason for the performance loss on high speed SSDs and the issue is actually related to how VeraCrypt handles IRPs: https://github.com/veracrypt/VeraCrypt/issues/136#issuecomme...
The performance loss can be substantial on modern NVMe drives, up to 20 times slower. But I was wrong about the reason for the performance loss, it's not TRIM but how VeraCrypt handles I/O operations. You can see some numbers real numbers in this Github issue: https://github.com/veracrypt/VeraCrypt/issues/136
Remember when the original dev of TrueCrypt (the VeraCrypt predecessor) suddenly abandoned the project and wrote that people should use BitLocker instead? [1] [2]
We now know that BitLocker is not secure, and an intelligent open source dev saying that was probably knowingly not saying the truth.
The best explanation to me is that this was said under duress, because somebody wanted people to move away from the good TrueCrypt to something they could break.
alternatively, they knew truecrypt/veracrypt to be irrepairably compromised, and while bitlocker may be backdoored in the same way, it is at least maintained
> This is by far one of the best advertisements for LUKS/VeraCrypt I've ever seen.
LUKS isn't all rainbows and butterflies either [https://news.ycombinator.com/item?id=46708174]. This vulnerability has been known for years, and despite this, nothing has been done to address it.
Furthermore, if you believe that Microsoft products are inherently compromised and backdoored, running VeraCrypt instead of BitLocker on Windows likely won’t significantly improve your security. Implementing a VeraCrypt backdoor would be trivial for Microsoft.
Is LUKS still secure if I'm not using secureboot?
Depends on your threat level. You can have both and enroll your own secure boot keys by the way.
Agree, use Linux, use LUKS.
PGP WDE was a preferred corporate solution, but now you have to trust Broadcom.
Sadly VeraCrypt is not optimized for SSDs and has a massive performance impact compared to Bitlocker for full disk encryption because the SSD doesn't know what space is used/free with VeraCrypt.
Forgive me this shameless ad :) with the latest performance updates, Shufflecake ( https://shufflecake.net/ ) is blazing fast (so much, in fact, that exceeds performances of LUKS/dm-crypt/VeraCrypt in many scenarios, including SSD use.
VeraCrypt can be set to pass through TRIM. It just makes it really obvious which sectors are unused within your encrypted partition (they read back as 00 bytes)
Oh I did not know of this option, thanks! However, I was wrong about the reason for the performance loss on high speed SSDs and the issue is actually related to how VeraCrypt handles IRPs: https://github.com/veracrypt/VeraCrypt/issues/136#issuecomme...
i want to see some real world numbers about that "massive" impact of trim, which is repeated regularly.
first of all trim only affects write speed (somewhat), which is not really all that important for non-server use.
it also has some impact on wear which is probably more interesting than its performance impact.
The performance loss can be substantial on modern NVMe drives, up to 20 times slower. But I was wrong about the reason for the performance loss, it's not TRIM but how VeraCrypt handles I/O operations. You can see some numbers real numbers in this Github issue: https://github.com/veracrypt/VeraCrypt/issues/136
Remember when the original dev of TrueCrypt (the VeraCrypt predecessor) suddenly abandoned the project and wrote that people should use BitLocker instead? [1] [2]
We now know that BitLocker is not secure, and an intelligent open source dev saying that was probably knowingly not saying the truth.
The best explanation to me is that this was said under duress, because somebody wanted people to move away from the good TrueCrypt to something they could break.
[1] https://truecrypt.sourceforge.net
[2] https://en.wikipedia.org/wiki/TrueCrypt#End_of_life_announce...
alternatively, they knew truecrypt/veracrypt to be irrepairably compromised, and while bitlocker may be backdoored in the same way, it is at least maintained