I'm wondering if it is still secure.
I know TrueCrypt closed its doors but I continue using it because the cryptoaudit didn't find any huge bugs or security issues in TrueCrypt.
But I have a bad feeling about Brute Force and Ripemd-160. I've read that it only uses 3000 Iterations. So I ask myself: How long would it take to Brute Force the password of the encrypted disk?
The use of RIPEMD-160 is not a cause for concern. It's the relatively small number of PBKDF2 iterations which is problematic. More than a decade ago, the minimum recommended number of iterations was 10,000. Nowadays, you should probably not be using less than 100,000, regardless of the hash function in use. However, even that is not ideal. If possible, you should be using a memory-hard KDF like Argon2. That limits the parallelism that an attacker can use against you with any given amount of resources.
Also, TrueCrypt used only 2000 iterations, not 3000, of RIPEMD-160 and 1000 for any other hash.
The reason for an interation count is only to make brute forcing a weak key harder. If your key would take 1 hour to crack with only 1 round of hashing, it would be pretty easy to break - but with an iteration count of 3000, the same password would take 3000 hours - ca. 125 days.
As long as your password is good enough (in the meaning of entropy) you will have no problem with "only" 3000 iterations. (Newer software should still update the iteration count to highest still acceptable amount.)
