Sure, it means it's more robust against bruteforce attack, but for those who use 40+ char random password, how much value it has.I don't say no value, but bruteforcing 40+ password is impossible at least for several years (probably much more), and remember, such adversary can attack key directly where hashing doesn't help.īut why they disregard serious, yeah, quite BIG performance delay many ppl discussing here? They should make user can choose iteration count rather than hardcode it.Ĭlick to expand.On Windows, there are several advantages to using BitLocker over TrueCrypt. As to increased iteration count, it's moot. I have never posted about Veracrypt except some of those Wilders posts and only 1 or 2 positive posts in another forum probably they don't know and can't read, never tried to make VC looks bad nor found someone doing that.ĭefinite advantage of VC is it fixed vuln found in 1st audit and will fix vuln in final audit. SHA1's disadvantage is only faster calcuration, but collision or even preimage vulnerability do not affect security of password hashing or key derivation.Īnd.this can look like as if persecution mania. As some anonymous poster noted, this is not correct, as long as properly implemented only aspect of hash which affects security in this kind of encryption is time to calculate. Yes I use, but I have some concern about dev's attitude.įirst, regarding hash algorithm, he speaks as if "SHA1 is bad BECAUSE it is broken hash".