The casual user stumbling on this article is going to think that TrueCrypt or VeraCrypt has been broken. There’s a big difference between attacks on a live system when a volume is being used, versus cases in which an encrypted volume is lost, stolen, or copied.
It needs to be firmly said that there is still no known way to recover plaintext from an unmounted TrueCrypt or VeraCrypt volume on a powered-off system without knowing the pass phrase. TrueCrypt and VeraCrypt are still totally secure for the standard use-case of protecting your powered-off laptop being stolen, or your backup drives being lost, or an encrypted volume that you’ve copied over to Dropbox being compromised.
>The casual user stumbling on this article is going to think that TrueCrypt or VeraCrypt has been broken.
And why should the casual user use TrueCrypt/VeraCrypt when Bitlocker/Filevault works out of the box and is built into the operating system? I feel like that most people using veracrypt do so because it's open source, and they're distrustful of the software vendors. For that threat model, you need to have protections against evil maid attacks, which TrueCrypt/VeraCrypt does not have.
It needs to be firmly said that there is still no known way to recover plaintext from an unmounted TrueCrypt or VeraCrypt volume on a powered-off system without knowing the pass phrase. TrueCrypt and VeraCrypt are still totally secure for the standard use-case of protecting your powered-off laptop being stolen, or your backup drives being lost, or an encrypted volume that you’ve copied over to Dropbox being compromised.