Disk encryption with strong security based on TrueCrypt
10.7k
Stars
1.3k
Forks
437
Open issues
30
Contributors
AI Analysis
VeraCrypt is a disk encryption tool that evolved from TrueCrypt 7.1a with security enhancements, designed for users who need strong full-disk or container-based encryption across Windows, Linux, macOS, FreeBSD, and OpenBSD. It serves security-conscious individuals, system administrators, and organizations requiring compliance-grade data protection at rest. This is not a general-purpose tool—it is specialized encryption software for those with specific security and compliance requirements.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
VeraCrypt: The de facto open-source disk encryption standard, evolved from TrueCrypt
VeraCrypt provides full-disk, partition, and container-based encryption for Windows, Linux, macOS, FreeBSD, and OpenBSD. It is the direct successor to TrueCrypt, adding stronger key derivation, security fixes, and ongoing maintenance. Its primary users are privacy-conscious individuals, journalists, security researchers, activists, and IT administrators who need deniable or full-volume encryption without trusting proprietary solutions. It supports hidden volumes, plausible deniability, and system partition encryption — features rarely combined in competing tools.
Forked from TrueCrypt 7.1a in 2013–2014 after TrueCrypt's controversial shutdown. IDRIX (Mounir Idrassi) has led development since then, addressing audit findings and adding EFI boot support, among other improvements.
Growth is steady but modest — 32 stars in 7 days on a ~10K-star project indicates slow, stable organic interest rather than viral expansion. VeraCrypt inherited a large existing user base from TrueCrypt's collapse and has retained it. Growth is driven by recurring privacy incidents, journalist/NGO recommendations, and absence of credible open-source alternatives with equivalent features.
VeraCrypt is recommended by the Electronic Frontier Foundation, Reporters Without Borders, and privacy guides such as PrivacyGuides.org. It has undergone multiple independent security audits (OSTIF-coordinated in 2016, follow-up audits thereafter). Packaged in major Linux distributions and available via Homebrew. Widely cited in security journalism and academic literature on disk encryption. Adoption is well-documented in privacy and journalism communities.
Likely a kernel-mode driver plus user-space GUI/CLI application. On Windows it uses a signed .sys driver; on Linux/macOS it relies on FUSE and wxWidgets. EFI bootloader is maintained as a separate repo (VeraCrypt-DCS, LGPL). Appears to support both graphical and text-mode interfaces via a single binary on Linux. Reproducible builds are explicitly supported for .deb and .rpm packages.
Not documented in README
Last push was 2026-06-22, one day before analysis date — actively maintained. The project has been continuously developed for over a decade. Reproducible build support and multi-platform packaging (Windows MSI, WiX, deb, rpm) suggest mature release engineering. Maintainer is a known individual (IDRIX/Mounir Idrassi) rather than a corporate team, which is both a strength (commitment) and a concentration risk.
ADOPT IF: you need cross-platform encrypted containers, full-disk encryption with plausible deniability, or a TrueCrypt-compatible open-source tool that has been audited and is actively maintained. AVOID IF: you need enterprise key management, cloud-native file encryption, or seamless integration with modern SSO/MDM infrastructure — VeraCrypt is not designed for those scenarios. MONITOR IF: you depend on a single maintainer (IDRIX) and are concerned about bus-factor risk; watch for whether the project attracts additional core contributors over time.
Independent dimensions
Mainstream potential
4/10
Technical importance
9/10
Adoption evidence
8/10
- Single primary maintainer (IDRIX/Mounir Idrassi) creates a bus-factor risk; no evidence of a formal succession plan or distributed core team.
- Kernel-mode driver on Windows requires a valid code signing certificate from a CA; certificate expiry or CA policy changes could disrupt official builds.
- Security audits are periodic, not continuous; the codebase (descended from TrueCrypt, written in C) may contain latent vulnerabilities between audit cycles.
- Platform-specific complexity (EFI bootloader, FUSE on macOS, signed drivers on Windows) means bugs in one platform can linger without expertise in that environment.
- License ambiguity ('NOASSERTION' on GitHub) reflects the complex dual TrueCrypt/Apache licensing heritage, which may create friction for downstream redistribution in some jurisdictions.
VeraCrypt is likely to remain the reference open-source disk encryption tool for privacy-sensitive end users and journalists for the foreseeable future. Slow, steady maintenance is the expected trajectory unless a well-funded successor emerges.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Website
- https://veracrypt.jp
- Language
- C
- License
- NOASSERTION
- Last updated
- 2d ago
- Created
- 142mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
Is this VeraCrypt site genuine?
Add "Encrypt a non-system partition/drive" support for OpenBSD (low priority)
VeraCrypt locks file after closing the volume so that Dropbox can't sync
VeraCrypt 1.26.29 hangs with "--auto-mount=favorites" when mounting multiple favorite volumes on Fedora
Argon2id resume fails with ResumeInPlaceEncWaitThreadProc:408 on non-system volume
Top contributors
Similar repos
cryptomator/cryptomator
Cryptomator is a client-side encryption tool for cloud storage that works...
Velocidex/velociraptor
Velociraptor is an endpoint visibility and host-state collection tool that uses...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
10.7k | +596 | C | 8/10 | 2d ago |
|
|
15.6k | — | Java | 8/10 | 3d ago |
|
|
4.1k | — | Go | 8/10 | 2w ago |
|
|
35.9k | — | Go | 9/10 | 12h ago |
|
|
1.2k | — | Kotlin | 7/10 | 3d ago |
|
|
2.3k | — | Rust | 6/10 | 4d ago |
Cryptomator encrypts individual files in cloud-synced vaults rather than full disk or container volumes. It is simpler to use and better suited for cloud storage scenarios, but does not offer full-disk encryption, hidden volumes, or pre-boot authentication. Different use case rather than direct replacement.
BitLocker offers full-disk encryption on Windows but is closed-source, tied to Microsoft's TPM ecosystem, and lacks plausible deniability/hidden volumes. VeraCrypt is the go-to alternative for users who cannot trust platform-vendor encryption or need cross-platform containers.
LUKS is the standard full-disk encryption mechanism on Linux, kernel-native and widely trusted. It lacks hidden volumes and cross-platform portability. VeraCrypt complements rather than replaces LUKS for Linux-only full-disk use, but dominates for cross-platform encrypted containers and hidden volume scenarios.
git-crypt is narrowly scoped to encrypting specific files in git repositories. It does not overlap with VeraCrypt's disk/volume encryption use case.
Vault addresses secrets management and encryption-as-a-service for distributed infrastructure. Completely different domain — no meaningful overlap with VeraCrypt's personal and endpoint disk encryption focus.