Security evaluation of the German Federal Office for Information Security not taken under consideration

In November 2020 the German Federal Office for Information Security audited Veracrypt. I am no expert in the cryptographic field, so I am basing this issue mainly on chapter 5 and 6 of said evaluation.

The issues pointed out by the BSI (also the ones contained in the 2015 TrueCrypt evaluation) are not fixed yet. Is there on schedule any such intervention? Was this audit considered in the first place? Thank you, and thank you for your hard work, Mounir.

Interesting to read through. I sure wish more of these tools like valgrind were used to help fix errors in the Veracrypt code, and that more people would come on board and help. Money is the answer, I'm sure. It sure looks like a lot could be done with Veracrypt to make it better, cleaner code, more comments.

This project needs a crowdfunding to hire developers. And maybe start using rust.

@cypherbits agreed. Would be neat if LUKS could be ported to Windows systems.

@cypherbits agreed. Would be neat if LUKS could be ported to Windows systems.

LUKS2 is good for encryption, bad if you wan't to hide you are actually using LUKS. Anyone can tell if you are using it.

With Veracrypt this is hidden. At least on file containers.