This is by far one of the best advertisements for LUKS/VeraCrypt I've ever seen.

pregnenolone · 2026-01-24T17:27:43 1769275663

> This is by far one of the best advertisements for LUKS/VeraCrypt I've ever seen.

LUKS isn't all rainbows and butterflies either [https://news.ycombinator.com/item?id=46708174]. This vulnerability has been known for years, and despite this, nothing has been done to address it.

Furthermore, if you believe that Microsoft products are inherently compromised and backdoored, running VeraCrypt instead of BitLocker on Windows likely won’t significantly improve your security. Implementing a VeraCrypt backdoor would be trivial for Microsoft.

jhallenworld · 2026-01-23T20:38:44 1769200724

Agree, use Linux, use LUKS.

PGP WDE was a preferred corporate solution, but now you have to trust Broadcom.

debazel · 2026-01-23T23:12:12 1769209932

Sadly VeraCrypt is not optimized for SSDs and has a massive performance impact compared to Bitlocker for full disk encryption because the SSD doesn't know what space is used/free with VeraCrypt.

Dwedit · 2026-01-24T03:17:04 1769224624

VeraCrypt can be set to pass through TRIM. It just makes it really obvious which sectors are unused within your encrypted partition (they read back as 00 bytes)

debazel · 2026-01-24T04:18:55 1769228335

Oh I did not know of this option, thanks! However, I was wrong about the reason for the performance loss on high speed SSDs and the issue is actually related to how VeraCrypt handles IRPs: https://github.com/veracrypt/VeraCrypt/issues/136#issuecomme...

tomgag · 2026-01-24T09:25:45 1769246745

Forgive me this shameless ad :) with the latest performance updates, Shufflecake ( https://shufflecake.net/ ) is blazing fast (so much, in fact, that exceeds performances of LUKS/dm-crypt/VeraCrypt in many scenarios, including SSD use.

attila-lendvai · 2026-01-24T09:15:27 1769246127

i want to see some real world numbers about that "massive" impact of trim, which is repeated regularly.

first of all trim only affects write speed (somewhat), which is not really all that important for non-server use.

it also has some impact on wear which is probably more interesting than its performance impact.

debazel · 2026-01-24T16:03:26 1769270606

The performance loss can be substantial on modern NVMe drives, up to 20 times slower. But I was wrong about the reason for the performance loss, it's not TRIM but how VeraCrypt handles I/O operations. You can see some numbers real numbers in this Github issue: https://github.com/veracrypt/VeraCrypt/issues/136

Coeur · 2026-01-23T22:30:28 1769207428

Remember when the original dev of TrueCrypt (the VeraCrypt predecessor) suddenly abandoned the project and wrote that people should use BitLocker instead? [1] [2]

We now know that BitLocker is not secure, and an intelligent open source dev saying that was probably knowingly not saying the truth.

The best explanation to me is that this was said under duress, because somebody wanted people to move away from the good TrueCrypt to something they could break.

[1] https://truecrypt.sourceforge.net

[2] https://en.wikipedia.org/wiki/TrueCrypt#End_of_life_announce...

93po · 2026-01-24T01:12:27 1769217147

alternatively, they knew truecrypt/veracrypt to be irrepairably compromised, and while bitlocker may be backdoored in the same way, it is at least maintained

everdrive · 2026-01-24T15:07:09 1769267229

Is LUKS still secure if I'm not using secureboot?

irusensei · 2026-01-24T16:36:16 1769272576

Depends on your threat level. You can have both and enroll your own secure boot keys by the way.