New VeraCrypt Version Released

Discussion in 'privacy technology' started by JRViejo, Oct 17, 2016.

  1. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    23,142
    Location:
    U.S.A.
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,140
    Thanks for mentioning the audit results. FTA:
    https://ostif.org/wp-content/uploads/2016/10/VeraCrypt-Audit-Final-for-Public-Release.pdf (PDF)

    Interesting:
     
    Last edited by a moderator: Oct 17, 2016
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,385
    VeraCrypt 1.19 fixes security vulnerabilities

    -- Tom
     
  4. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    116
    Location:
    France
  5. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,277
    There is a serious bug which affects the rescue disk.
    If the rescue disk (created with VeraCrypt 1.19) is being used to decrypt the system partition, it doesn't decrypt the first 50 MB (this affects only EFI system decryption)
    This is fixed with VeraCrypt 1.20 Beta:
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,788
    Perfectly functioning EFI code is a brutal task for non-paid teams to finish. Its a definite work in progress. I don't use VC for system disks anymore so I can only report on what I read about.
     
  7. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,277
    [QUOTE"]Perfectly functioning EFI code is a brutal task for non-paid teams to finish. Its a definite work in progress[/QUOTE]
    The EFI-Code was added with v1.18, only some months ago. And support for EFI hidden OS functionality was added recently (latest beta).
    Yes, it's really a work in progress. I think the EFI-Code needs some time to be "mature enough".

    But nevertheless VeraCrypt is a good choice.
    Algorithms are optimized from time to time, it will have less "TrueCrypt vulnerabilities" with each new released version, the password can be entered on a Secure Desktop now (v1.20Beta 2), etc.

    Edit: If the user decrypted the EFI system partition with the Rescue Disk of VeraCrypt v1.19 and now has 50MB not decrypted data, there is a patch available. Instructions and download links are below:
     
    Last edited: Jan 10, 2017
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,788
    Mood,

    I agree with your VC code assessment. Frankly, and like a broken record at times, its not VC code that I have a problem with. Trying to make the Windows OS secure is where I come up with "migraines".
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,272
    Location:
    UK
    Very happy to hear they're looking at Secure Desktop, that's worthwhile, and it's been available on KeePass a while.

    I have developed for using Secure Desktop, it's one of the weirdest things you ever did see from a UI point of view, and won't run directly from a WPF application. But well worthwhile to raise the bar on KSL, I also have it set in group policy for any privilege escalation, so you enter it from Ctrl-Alt-Del, and then enter any passwords in the Secure Desktop only.
     
  10. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,277
    The future of the project is not clear:
    Edit: The main developer is back and the release of VeraCrypt v1.20 is near:
     
    Last edited: Apr 18, 2017
  11. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,277
    VeraCrypt v1.20 Released (June 29, 2017)
    The binaries are now supporting ASLR, passwords can be entered using the Secure Desktop and there are a lot more changes (regarding MacOSX: OSX 10.7 or newer is now required to run VeraCrypt)
    Download / Download (CodePlex) / Download (SourceForge)
    Edit: The VeraCrypt Installer for Windows has been removed. Reason:
    Release Notes
    1.20 (June 29th, 2017):

    • All OSes:
      • Use 64-bit optimized assembly implementation of Twofish and Camellia by Jussi Kivilinna.
        • Camellia 2.5 faster when AES-NI supported by CPU. 30% faster without it.
      • Use optimized implementation for SHA-512/SHA256.
        • 33% speedup on 64-bit systems.
      • Deploy local HTML documentation instead of User Guide PDF.
      • Change links in UI from ones on Codeplex to ones hosted at veracrypt.fr
      • Security: build binaries with support for Address Space Layout Randomization (ASLR).
    • Windows:
      • Fix bug in EFI system decryption using EFI Rescue Disk
      • Enable using Secure Desktop for password entry. Add preferences option and command line switch (/secureDesktop) to activate it.
      • Use default mount parameters when mounting multiple favorites with password caching.
      • Enable specifying PRF and TrueCryptMode for favorites.
      • Preliminary driver changes to support EFI hidden OS functionality.
      • Fix Streebog not recognized by /hash command line.
      • Add support for ReFS filesystem on Windows 10 when creating normal volumes
      • Fix high CPU usage when favorite configured to mount with VolumeID on arrival.
      • Use CHM file for User Guide instead of PDF.
      • Fix false warning in case of EFI system encryption about Windows not installed on boot drive.
      • Enhancements to driver handling of various disk IOCTL.
      • Enhancements to EFI bootloader. Add possibility to manually edit EFI configuration file.
      • Driver Security: Use enhanced protection of NX pool under Windows 8 and later.
      • Reduce performance impact of internal check for disconnected network drives.
      • Minor fixes.
    • MacOSX:
      • OSX 10.7 or newer is required to run VeraCrypt.
      • Make VeraCrypt default handler of .hc & .tc files.
      • Add custom VeraCrypt icon to .hc and .tc files in Finder.
      • Check TrueCryptMode in password dialog when opening container file with .tc extension.
    • Linux:
      • Check TrueCryptMode in password dialog when opening container file with .tc extension.
      • Fix executable stack in resulting binary which was caused by crypto assembly files missing the GNU-stack note.
     
    Last edited: Jul 2, 2017
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,853
    Location:
    Outer space
    1.21 released:

    Changes between 1.20 and 1.21 (9 July 2017) :
    - All OSes:
    * Fix 1.20 regression crash when running on CPU not supporting extended features.

    Windows:
    * Fix 1.20 regression that caused PIM value stored in favorites to be ignored during mount.
    * Fix 1.20 regression that causes system favorites not to mount in some cases.
    * Fix some cases of "Parameter Incorrect" error during EFI system encryption wizard.
    * Install PDF documents related to EFI system encryption configuration for advanced users;
    - disk_encryption_v1_2.pdf related to EFI hidden OS and full fisk encryption
    - dcs_tpm_owner_02.pdf related to TPM configuration for EFI system encryption.

    FreeBSD:
    * Add support for building on FreeBSD.
     
  13. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,308
Loading...