Skip to content

@idrassi idrassi released this Oct 27, 2019 · 62 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.24 and 1.24-Hotfix1 (27 October 2019) :
  • All OSs:

    • Fix 1.24 regression that caused system favorites not to mount at boot if VeraCrypt freshly installed.
    • Fix failure to encrypt system if the current Windows username contains a Unicode non-ASCII character.
    • Make VeraCrypt Expander able to resume expansion of volumes whose previous expansion was aborted before it finishes.
    • Add "Quick Expand" option to VeraCrypt Expander to accelarate the expansion of large file containers.
    • Add several robustness checks and validation in case of system encryption to better handle some corner cases.
    • Minor UI and documentation changes.
  • Linux:

    • Workaround gcc 4.4.7 bug under CentOS 6 that caused VeraCrypt built under CentOS 6 to crash when Whirlpool hash is used.
    • Fix "incorrect password attempt" written to /var/log/auth.log when mounting volumes.
    • Fix dropping file in UI not showing its correct path , specifically under GTK-3.
    • Add missing JitterEntropy implementation/
  • MacOSX:

    • Fix some devices and partitions not showing in the device selection dialog under OSX 10.13 and newer.
    • Fix keyboard tab navigation between password fields in "Volume Password" page of volume creation wizard.
    • Add missing JitterEntropy implementation/
    • Support APFS filesystem for creation volumes.
    • Support Dark Mode.
Assets 2

@idrassi idrassi released this Oct 7, 2019 · 108 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.23-Hotfix-2 and 1.24 (6 October 2019) :
  • All OSs:
    • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
    • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
    • Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
    • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
    • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
  • Windows:
    • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
      • Available only on 64-bit machines.
      • Disabled by default. Can be enabled using option in UI.
      • Less than 10% overhead on modern CPUs.
      • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
    • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
    • New security features:
      • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
      • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
      • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
    • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
    • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
    • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
    • Several enhancements and fixes for EFI bootloader:
      • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
      • Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
      • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
      • Fix ESC on password prompt during Pre-Test not starting Windows.
      • Add menu entry in Rescue Disk that enables starting original Windows loader.
      • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
      • If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
        • This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
    • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
    • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
    • Update libzip to version 1.5.2
    • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
    • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
    • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
    • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
    • Ensure that only one thread at a time can create a secure desktop.
    • Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
    • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
    • Minor UI changes.
    • Updates and corrections to translations and documentation.
  • MacOSX:
    • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
  • Linux:
    • Make CLI switch --import-token-keyfiles compatible with Non-Interactive mode.
    • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
Assets 2

@idrassi idrassi released this Sep 13, 2018 · 275 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.22 and 1.23 (12 September 2018) :
  • Windows:
    • VeraCrypt is now compatible with default EFI SecureBoot configuration for system encryption.
    • Fix EFI system encryption issues on some machines (e.g. HP, Acer).
    • Support EFI system encryption on Windows LTSB.
    • Add compatibility of system encryption with Windows 10 upgrade using ReflectDrivers mechanism
    • Make EFI Rescue Disk decrypt partition correctly when Windows Repair overwrites first partition sector.
    • Add Driver option in the UI to explicitly allow Windows 8.1 and Windows 10 defragmenter to see VeraCrypt encrypted disks.
    • Add internal verification of binaries embedded signature to protect against some types to tampering attacks.
    • Fix Secure Desktop not working for favorites set to mount at logon on Windows 10 under some circumstances.
    • when Secure Desktop is enabled, use it for Mount Options dialog if it is displayed before password dialog.
    • when extracting files in Setup or Portable mode, decompress zip files docs.zip and Languages.zip in order to have ready to use configuration.
    • Display a balloon tip warning message when text pasted to password field is longer than maximum length and so it will be truncated.
    • Implement language selection mechanism at the start of the installer to make easier for international users.
    • Add check on size of file container during creation to ensure it's smaller than available free disk space.
    • Fix buttons at the bottom not shown when user sets a large system font under Window 7.
    • Fix compatibility issues with some disk drivers that don't support IOCTL_DISK_GET_DRIVE_GEOMETRY_EX ioctl.
  • MacOSX:
    • Support pasting values to password fields using keyboard (CMD+V and CMD+A now working properly).
    • Add CheckBox in mount option dialog to force the use of embedded backup header during mount.
    • When performing backup of volume header, automatically try to use embedded backup header if using the main header fails.
    • Implement benchmarking UI for Hash and PKCS-5 PRF algorithms.
  • Linux:
    • Don't allow waiting dialog to be closed before the associated operation is finished. This fix a crash under Lubuntu 16.04.
    • Add CheckBox in mount option dialog to force the use of embedded backup header during mount.
    • When performing backup of volume header, automatically try to use embedded backup header if using the main header fails.
    • Implement benchmarking UI for Hash and PKCS-5 PRF algorithms.
    • Remove limitation of hidden volume protection on disk with sector size larger than 512 bytes.
Assets 2

@idrassi idrassi released this Apr 4, 2018 · 380 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.21 and 1.22 (30 March 2018) :
  • All OSs:

    • SIMD speed optimization for Kuznyechik cipher implementation (up to 2x speedup).
    • Add 5 new cascades of cipher algorithms: Camellia-Kuznyechik, Camellia-Serpent, Kuznyechik-AES, Kuznyechik-Serpent-Camellia and Kuznyechik-Twofish.
  • Windows:

    • MBR Bootloader: Fix failure to boot hidden OS on some machines.
    • MBR Bootloader: Reduce CPU usage during password prompt.
    • Security enhancement: Add option to block TRIM command for system encryption on SSD drives.
    • Implement TRIM support for non-system SSD drives and add option to enable it (TRIM is disabled by default for non-system volumes).
    • Better fix for "Parameter Incorrect" issues during EFI system encryption in some machines.
    • Driver: remove unnecessary dependency to wcsstr which can cause issues on some machines.
    • Driver: Fix "Incorrect Parameter" error when mounting volumes on some machines.
    • Fix failure to mount system favorites during boot on some machines.
    • Fix current application losing focus when VeraCrypt is run in command line with /quit /silent switches.
    • Fix some cases of external applications freezing during mount/dismount.
    • Fix rare cases of secure desktop for password dialog not visible which caused UI to block.
    • Update libzip to version 1.5.0 that include fixes for some security issues.
    • Extend Secure Desktop feature to smart card PIN entry dialog.
    • Fix truncated license text in installer wizard.
    • Add portable package that allows extracting binaries without asking for admin privileges.
    • Simplify format of language XML files.
    • Workaround for cases where password dialog doesn't get keyboard focus if Secure Desktop is not enabled.
  • Linux:

    • Fix failure to install GUI version under recent versions of KDE.
    • Fix wxWidgets assertion failed when backing up/restoring volume header.
  • MacOSX:

    • Fix issue preventing some local help files from opening in the browser.
Assets 2

@idrassi idrassi released this Jan 3, 2018 · 523 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.20 and 1.21 (9 July 2017) :
  • All OSs:
    • Fix 1.20 regression crash when running on CPU not supporting extended features.
  • Windows:
    • Fix 1.20 regression that caused PIM value stored in favorites to be ignored during mount.
    • Fix 1.20 regression that causes system favorites not to mount in some cases.
    • Fix some cases of "Parameter Incorrect" error during EFI system encryption wizard.
    • Install PDF documents related to EFI system encryption configuration for advanced users:
      • disk_encryption_v1_2.pdf related to EFI hidden OS and full fisk encryption
      • dcs_tpm_owner_02.pdf related to TPM configuration for EFI system encryption.
  • FreeBSD:
    • Add support for building on FreeBSD.
Assets 2

@idrassi idrassi released this Jan 3, 2018 · 575 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.19 and 1.20 (29 June 2017) :
  • All OSs:
    • Use 64-bit optimized assembly implementation of Twofish and Camellia by Jussi Kivilinna.
      • Camellia 2.5 faster when AES-NI supported by CPU. 30% faster without it.
    • Use optimized implementation for SHA-512/SHA256.
      • 33% speedup on 64-bit systems.
    • Deploy local HTML documentation instead of User Guide PDF.
    • Change links in UI from ones on Codeplex to ones hosted at veracrypt.fr
    • Security: build binaries with support for Address Space Layout Randomization (ASLR).
  • Windows:
    • Several fixes and modifications for EFI System Encryption:
    • Enable using Secure Desktop for password entry. Add preferences option and command line switch (/secureDesktop) to activate it.
    • Use default mount parameters when mounting multiple favorites with password caching.
    • Enable specifying PRF and TrueCryptMode for favorites.
    • Preliminary driver changes to support EFI hidden OS functionality.
    • Fix Streebog not recognized by /hash command line.
    • Add support for ReFS filesystem on Windows 10 when creating normal volumes
    • Fix high CPU usage when favorite configured to mount with VolumeID on arrival.
    • Use CHM file for User Guide instead of PDF.
    • Fix false warning in case of EFI system encryption about Windows not installed on boot drive.
    • Enhancements to driver handling of various disk IOCTL.
    • Enhancements to EFI bootloader. Add possibility to manually edit EFI configuration file.
    • Driver Security: Use enhanced protection of NX pool under Windows 8 and later.
    • Reduce performance impact of internal check for disconnected network drives.
    • Minor fixes.
  • MacOSX:
    • OSX 10.7 or newer is required to run VeraCrypt.
    • Make VeraCrypt default handler of .hc & .tc files.
    • Add custom VeraCrypt icon to .hc and .tc files in Finder.
    • Check TrueCryptMode in password dialog when opening container file with .tc extension.
  • Linux:
    • Check TrueCryptMode in password dialog when opening container file with .tc extension.
    • Fix executable stack in resulting binary which was caused by crypto assembly files missing the GNU-stack note.
Assets 2

@idrassi idrassi released this Oct 17, 2016 · 744 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Codeplex

Changes between 1.18 and 1.19 (17 October 2016) :
  • All OSs:
    • Fix issues raised by Quarkslab audit.
      • Remove GOST89 encryption algorithm.
      • Make PBKDF2 and HMAC code clearer and easier to analyze.
      • Add test vectors for Kuznyechik.
      • Update documentation to warn about risks of using command line switch ”tokenpin”.
    • Use SSE2 optimized Serpent algorithm implementation from Botan project (2.5 times faster on 64-bit platforms).
  • Windows:
    • Fix keyboard issues in EFI Boot Loader.
    • Fix crash on 32-bit machines when creating a volume that uses Streebog as PRF.
    • Fix false positive detection of Evil-Maid attacks in some cases (e.g. hidden OS creation)
    • Fix failure to access EFS data on VeraCrypt volumes under Windows 10.
    • Fix wrong password error in the process of copying hidden OS.
    • Fix issues raised by Quarkslab audit:
      • Fix leak of password length in MBR bootloader inherited from TrueCrypt.
      • EFI bootloader: Fix various leaks and erase keyboard buffer after password is typed.
      • Use libzip library for handling zip Rescue Disk file instead of vulnerable XUnzip library.
    • Support EFI system encryption for 32-bit Windows.
    • Perform shutdown instead of reboot during Pre-Test of EFI system encryption to detect incompatible motherboards.
    • Minor GUI and translations fixes.
  • MacOSX:
    • Remove dependency to MacFUSE compatibility layer in OSXFuse.
Assets 2

@idrassi idrassi released this Aug 18, 2016 · 808 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Codeplex

Changes between 1.17 and 1.18a (17 August 2016) :
  • All OSs:
    • Support Japanese encryption standard Camellia, including for Windows system encryption (MBR & EFI).
    • Support Russian encryption and hash standards Kuznyechik, Magma and Streebog, including for Windows EFI system encryption.
  • Windows:
    • Support EFI Windows system encryption (limitations: no hidden os, no boot custom message)
    • Fix TrueCrypt vulnerability allowing detection of hidden volumes presence(reported by Ivanov Aleksey Mikhailovich, alekc96 [at] mail dot ru)
    • Enhanced protection against dll hijacking attacks.
    • Fix boot issues on some machines by increasing required memory by 1 KiB
    • Add benchmarking of hash algorithms and PRF with PIM (including for pre-boot).
    • Move build system to Visual C++ 2010 for better stability.
    • Workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
    • Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit.
    • Implement passing smart card PIN as command line argument (/tokenpin) when explicitly mounting a volume.
    • When no drive letter specified, choose A: or B: only when no other free drive letter is available.
    • Reduce CPU usage caused by the option to disable use of disconnected network drives.
    • Add new volume ID mechanism to be used to identify disks/partitions instead of their device name.
    • Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
    • Add option and command line switch to hide waiting dialog when performing operations.
    • Add checkbox in "VeraCrypt Format" wizard GUI to skip Rescue Disk verification during system encryption procedure.
    • Allow files drag-n-drop when VeraCrypt is running as elevated process.
    • Minor GUI and translations fixes.
  • Linux:
    • Fix mount issue on Fedora 23.
    • Fix mount failure when compiling source code using gcc 5.x.
    • Adhere to XDG Desktop Specification by using XDG_CONFIG_HOME to determine location of configuration files.
  • MacOSX:
    • Solve compatibility issue with newer versions of OSXFuse.
Assets 2

@idrassi idrassi released this Aug 19, 2016 · 808 commits to master since this release

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Codeplex

Changes between 1.17 and 1.18a (17 August 2016) :
  • All OSs:
    • Support Japanese encryption standard Camellia, including for Windows system encryption (MBR & EFI).
    • Support Russian encryption and hash standards Kuznyechik, Magma and Streebog, including for Windows EFI system encryption.
  • Windows:
    • Support EFI Windows system encryption (limitations: no hidden os, no boot custom message)
    • Fix TrueCrypt vulnerability allowing detection of hidden volumes presence(reported by Ivanov Aleksey Mikhailovich, alekc96 [at] mail dot ru)
    • Enhanced protection against dll hijacking attacks.
    • Fix boot issues on some machines by increasing required memory by 1 KiB
    • Add benchmarking of hash algorithms and PRF with PIM (including for pre-boot).
    • Move build system to Visual C++ 2010 for better stability.
    • Workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
    • Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit.
    • Implement passing smart card PIN as command line argument (/tokenpin) when explicitly mounting a volume.
    • When no drive letter specified, choose A: or B: only when no other free drive letter is available.
    • Reduce CPU usage caused by the option to disable use of disconnected network drives.
    • Add new volume ID mechanism to be used to identify disks/partitions instead of their device name.
    • Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
    • Add option and command line switch to hide waiting dialog when performing operations.
    • Add checkbox in "VeraCrypt Format" wizard GUI to skip Rescue Disk verification during system encryption procedure.
    • Allow files drag-n-drop when VeraCrypt is running as elevated process.
    • Minor GUI and translations fixes.
  • Linux:
    • Fix mount issue on Fedora 23.
    • Fix mount failure when compiling source code using gcc 5.x.
    • Adhere to XDG Desktop Specification by using XDG_CONFIG_HOME to determine location of configuration files.
  • MacOSX:
    • Solve compatibility issue with newer versions of OSXFuse.
Assets 2
Aug 16, 2016
Increment version to 1.18. Update user guide PDF file.
You can’t perform that action at this time.