IIRC there were a lot more options by the time of the Truecrypt-Veracrypt shift. Truecrypt was around when drive encryption was otherwise an expensive enterprise software thing, but I think Bitlocker was included with Pro versions of Windows by the time of Veracrypt so that probably became the easiest free option - and probably with better compatibility as well.

Being able to sniff a key as it transits a local bus is a very different kind of compromise of "trust" than believing that something is preemptively backdoored by a threat actor. It is deeply mysterious that Microsoft don't simply use TPM encrypted sessions to prevent this, though.

Isn't this yet another example of if they have your physical machine, it's already game over?

No? Any modern disk encryption system with a strong passphrase (basically, anything but default-BitLocker) is very effective against "they have your physical machine and it's off" for any known, current adversary. And, the basic cryptography in use is common, robust, and proven enough that this is probably true even if your tinfoil hat is balled quite tightly.

Where modern research effort goes is into protecting against "they HAD your physical machine and they gave it back to you" or "they got your machine while it was on/running" - these are much more difficult problems to solve, and are where TEE, TPM, Secure Boot, memory encryption, DMA hardening, etc. come into play.

Disagree. If one has physical access to your machine, they also have physical access to you. Practically everyone is vulnerable to rubber hose cryptanalysis.

Right, because every stolen laptop automatically comes with an abduction of the owner? No, getting "hardware access" to a human is much harder (more expensive in the best case and riskier in terms of drastic punishment) than for a laptop, even more so if you want to go undetected.

You're talking much more hypothetical than the actual situation that was linked up stream from here. Context is crucial

How's it free if it's not available in the Home edition of Windows?

In fact it's pretty much the only difference between Home and Professional editions of Windows these days, so I'd price it as the difference between the two (about $60).

IIRC the Home editions of Windows now do have drive encryption at least if signed into with a Microsoft account, but they have almost no features for managing that encryption beyond turning it off or getting the recovery key from the MS account.

At the time I was talking about, Bitlocker drive encryption on Windows 7 required either Enterprise or Ultimate, and for a 2-5 person office with no domain and a couple laptops they wanted encrypted outside the office Truecrypt was a perfectly viable option.

> People never really trusted Veracrypt though

Can you expand on this? It was my understanding that Veracrypt is the new de-facto standard.

Bitlocker, LUKS and FileVault are the new standard(s).

Veracrypt is a curiousity, not beloved the way truecrypt was.

I’d love to see hard numbers for this, just my outside impression.

In fact, when trying to find old forums that I was part of during that era, I failed; and found only this: https://discuss.privacyguides.net/t/why-people-still-believe...

This is complete conjecture. Like Truecrypt, Veracrypt is open source, has been audited and has been actively maintained. Could it use another audit? Sure but so could Bitlocker but that isn't happening for even the first time any time soon.

I read this as intended to be some kind of rebuttal but… Where did I say it wasn't conjecture?

I was stating facts about the ecosystem. People didn't trust it at the time.

I never said there was a definite reason for that distrust.

Never heard of any credible reasons to distrust Veracrypt. Don't know who these "people" are either, none of the comments named anything more concrete than what sounds like online rumors.