-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add VeraCrypt support #65
Conversation
…in Big Endian: MSB is for major version, LSB is for minor version.
…FDE). This void testing non-applicable PRF algorithms.
…pt support and versions without
bump version number to make it easy to separate versions with VeraCrypt support and those without. Remove several compilation warnings.
…t by adding a missing comma
fix a build issue when trying to compile while "DEBUG" variable is set by adding a missing comma
fix a potential memory leak
any progress on merge? |
looks like tc-play is dead. |
Upstream seems to no longer care about it but it lives on with zuluCrypt[1] where all these patches are already in. tc-play in zuluCrypt for example can create and unlock VeraCrypt volumes that use a PIM value.This ability is not among patches above. [1] https://github.com/mhogomchungu/zuluCrypt/tree/master/external_libraries/tc-play |
As someone currently evaluating cross-platform disk encryption options, I'd really like to see VeraCrypt support in tcplay. Not least because the TrueCrypt Security Assessment specifically calls out the weak volume header key derivation "iteration count is too small to prevent password guessing attacks for even moderately complex passwords" which is addressed by VeraCrypt. Perhaps now that a few more years have passed, the other TrueCrypt forks are dead or stagnant, VeraCrypt has undergone its own security audit, and VeraCrypt support has been added to cryptsetup and other similar tools, it's worth re-evaluating the merits of including support for VeraCrypt? If this PR in its current form is not acceptable, is there any form which would be accepted? |
VeraCrypt support is now merged as a simple selection of PBKDF2 PRFs, without the need of any additional flags or API changes. |
These patches implement support for VeraCrypt (https://veracrypt.codeplex.com), a fork of TrueCrypt.
The first two patches are not related to VeraCrypt but are needed by the third patch which implement VeraCrypt support.
The first patch corrects the encoding of the minimum version field in the volume header.
The second patch brings a better handling of PRF algorithms by separating those used in system encryption from those used in standard containers encryption.
The third patch adds a switch ("veracrypt-mode") to tc-play that will activated VeraCrypt support in the used commands. The differences between normal mode and VeraCrypt mode are:
VeraCrypt documentation that is derived from TrueCrypt one (without the mistakes): https://veracrypt.codeplex.com/documentation
Differences between VeraCrypt and TrueCrypt : https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325