veracrypt

veracrypt/VeraCrypt

C No license Security License not recognized by GitHub

Disk encryption with strong security based on TrueCrypt

10.7k stars
1.3k forks
active
GitHub +596 / week

10.7k

Stars

1.3k

Forks

437

Open issues

30

Contributors

AI Analysis

VeraCrypt is a disk encryption tool that evolved from TrueCrypt 7.1a with security enhancements, designed for users who need strong full-disk or container-based encryption across Windows, Linux, macOS, FreeBSD, and OpenBSD. It serves security-conscious individuals, system administrators, and organizations requiring compliance-grade data protection at rest. This is not a general-purpose tool—it is specialized encryption software for those with specific security and compliance requirements.

Security Security Tool Discovery value: 3/10
Documentation 8/10
Activity 9/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 8/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

disk-encryption cryptography cross-platform security truecrypt-successor
Actively maintained Well documented Niche/specialized use case Popular Production ready
Deep Analysis · Based on README and public signals
2w ago

VeraCrypt: The de facto open-source disk encryption standard, evolved from TrueCrypt

VeraCrypt provides full-disk, partition, and container-based encryption for Windows, Linux, macOS, FreeBSD, and OpenBSD. It is the direct successor to TrueCrypt, adding stronger key derivation, security fixes, and ongoing maintenance. Its primary users are privacy-conscious individuals, journalists, security researchers, activists, and IT administrators who need deniable or full-volume encryption without trusting proprietary solutions. It supports hidden volumes, plausible deniability, and system partition encryption — features rarely combined in competing tools.

Origin

Forked from TrueCrypt 7.1a in 2013–2014 after TrueCrypt's controversial shutdown. IDRIX (Mounir Idrassi) has led development since then, addressing audit findings and adding EFI boot support, among other improvements.

Growth

Growth is steady but modest — 32 stars in 7 days on a ~10K-star project indicates slow, stable organic interest rather than viral expansion. VeraCrypt inherited a large existing user base from TrueCrypt's collapse and has retained it. Growth is driven by recurring privacy incidents, journalist/NGO recommendations, and absence of credible open-source alternatives with equivalent features.

In production

VeraCrypt is recommended by the Electronic Frontier Foundation, Reporters Without Borders, and privacy guides such as PrivacyGuides.org. It has undergone multiple independent security audits (OSTIF-coordinated in 2016, follow-up audits thereafter). Packaged in major Linux distributions and available via Homebrew. Widely cited in security journalism and academic literature on disk encryption. Adoption is well-documented in privacy and journalism communities.

Code analysis
Architecture

Likely a kernel-mode driver plus user-space GUI/CLI application. On Windows it uses a signed .sys driver; on Linux/macOS it relies on FUSE and wxWidgets. EFI bootloader is maintained as a separate repo (VeraCrypt-DCS, LGPL). Appears to support both graphical and text-mode interfaces via a single binary on Linux. Reproducible builds are explicitly supported for .deb and .rpm packages.

Tests

Not documented in README

Maintenance

Last push was 2026-06-22, one day before analysis date — actively maintained. The project has been continuously developed for over a decade. Reproducible build support and multi-platform packaging (Windows MSI, WiX, deb, rpm) suggest mature release engineering. Maintainer is a known individual (IDRIX/Mounir Idrassi) rather than a corporate team, which is both a strength (commitment) and a concentration risk.

Honest verdict

ADOPT IF: you need cross-platform encrypted containers, full-disk encryption with plausible deniability, or a TrueCrypt-compatible open-source tool that has been audited and is actively maintained. AVOID IF: you need enterprise key management, cloud-native file encryption, or seamless integration with modern SSO/MDM infrastructure — VeraCrypt is not designed for those scenarios. MONITOR IF: you depend on a single maintainer (IDRIX) and are concerned about bus-factor risk; watch for whether the project attracts additional core contributors over time.

Independent dimensions

Mainstream potential

4/10

Technical importance

9/10

Adoption evidence

8/10

Risks
  • Single primary maintainer (IDRIX/Mounir Idrassi) creates a bus-factor risk; no evidence of a formal succession plan or distributed core team.
  • Kernel-mode driver on Windows requires a valid code signing certificate from a CA; certificate expiry or CA policy changes could disrupt official builds.
  • Security audits are periodic, not continuous; the codebase (descended from TrueCrypt, written in C) may contain latent vulnerabilities between audit cycles.
  • Platform-specific complexity (EFI bootloader, FUSE on macOS, signed drivers on Windows) means bugs in one platform can linger without expertise in that environment.
  • License ambiguity ('NOASSERTION' on GitHub) reflects the complex dual TrueCrypt/Apache licensing heritage, which may create friction for downstream redistribution in some jurisdictions.
Prediction

VeraCrypt is likely to remain the reference open-source disk encryption tool for privacy-sensitive end users and journalists for the foreseeable future. Slow, steady maintenance is the expected trajectory unless a well-funded successor emerges.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

C
67.1%
C++
20.3%
Assembly
9.4%
Shell
1.4%
Makefile
0.8%
Python
0.3%
Batchfile
0.3%
CMake
0.3%

Information

Language
C
License
NOASSERTION
Last updated
2d ago
Created
142mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

cryptomator

cryptomator/cryptomator

Cryptomator is a client-side encryption tool for cloud storage that works...

15.6k Java Security
Velocidex

Velocidex/velociraptor

Velociraptor is an endpoint visibility and host-state collection tool that uses...

4.1k Go Security
hashicorp

hashicorp/vault

Vault is HashiCorp's centralized secrets management and encryption platform,...

35.9k Go Security
cryptomator

cryptomator/android

Cryptomator for Android is a mobile client for transparent client-side...

1.2k Kotlin Security
cryfs

cryfs/cryfs

CryFS is a cryptographic filesystem that encrypts files for cloud storage...

2.3k Rust Security
vs. alternatives
Cryptomator

Cryptomator encrypts individual files in cloud-synced vaults rather than full disk or container volumes. It is simpler to use and better suited for cloud storage scenarios, but does not offer full-disk encryption, hidden volumes, or pre-boot authentication. Different use case rather than direct replacement.

BitLocker (Windows built-in)

BitLocker offers full-disk encryption on Windows but is closed-source, tied to Microsoft's TPM ecosystem, and lacks plausible deniability/hidden volumes. VeraCrypt is the go-to alternative for users who cannot trust platform-vendor encryption or need cross-platform containers.

LUKS/dm-crypt

LUKS is the standard full-disk encryption mechanism on Linux, kernel-native and widely trusted. It lacks hidden volumes and cross-platform portability. VeraCrypt complements rather than replaces LUKS for Linux-only full-disk use, but dominates for cross-platform encrypted containers and hidden volume scenarios.

git-crypt

git-crypt is narrowly scoped to encrypting specific files in git repositories. It does not overlap with VeraCrypt's disk/volume encryption use case.

HashiCorp Vault

Vault addresses secrets management and encryption-as-a-service for distributed infrastructure. Completely different domain — no meaningful overlap with VeraCrypt's personal and endpoint disk encryption focus.