[German]The developers of the open source encryption software VeraCrypt have released version 1.24. VerScrypt is available for free for Windows as for other platforms as well.
Advertising
Version 1.24 of the software was released on October 6 , 2019 – I became aware of the update through the following tweet by Martin Brinkmann..
VeraCrypt 1.24 encryption software update released #veracrypt #encryption #opensourcehttps://t.co/rgaXKnGhgB pic.twitter.com/pKuxPxg5U0
— ghacksnews (@ghacks) October 8, 2019
VeraCrypt is the successor of TrueCrypt and is offered as open source encryption software for various platforms. The release notes for version 1.24 contain the following new features:
- All OSs:
- Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
- Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
- Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
- Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
- Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
- Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
- Windows:
- Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
- Available only on 64-bit machines.
- Disabled by default. Can be enabled using option in UI.
- Less than 10% overhead on modern CPUs.
- Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
- Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
- New security features:
- Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
- Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
- Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
- MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
- MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
- Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
- Several enhancements and fixes for EFI bootloader:
- Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
- Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
- Enhance Rescue Disk implementation of restoring VeraCrypt loader.
- Fix ESC on password prompt during Pre-Test not starting Windows.
- Add menu entry in Rescue Disk that enables starting original Windows loader.
- Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
- If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
- This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
- Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
- Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
- Update libzip to version 1.5.2
- Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
- Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
- Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
- Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
- Ensure that only one thread at a time can create a secure desktop.
- Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
- Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
- Minor UI changes.
- Updates and corrections to translations and documentation.
- Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
- MacOSX:
- Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch –no-size-check to disable this check.
- Linux:
- Make CLI switch –import-token-keyfiles compatible with Non-Interactive mode.
- Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch –no-size-check to disable this check.
On the website you can still find the note for users who created volumes with VeraCrypt version 1.17 or earlier:
In order not to indicate whether your volumes contain a hidden volume or not, or if you rely on plausible denial when using hidden volumes/OS, you must re-create both the outer and hidden volumes, including system encryption and hidden operating system, and discard existing volumes created before version 1.18a of VeraCrypt.
Currently the download of the portable .exe version (is the unpacker) triggers a warning of the smartscreen filter in the browser.
Advertising
Advertising