Quantcast
Channel: VeraCrypt
Viewing all 7620 articles
Browse latest View live

Updated Release: VeraCrypt version 1.0f-2 (avr. 05, 2015)

April 6, 2015, 1:04 pm
$
0
0

Changes between 1.0f-1 and 1.0f-2 (5 April 2015) :

  • All OSs:
    • Mounting speed improvement, up to 20% quicker on 64-bit (contributed by Nils Maier)
    • Add option to set default hash/TrueCryptMode used for mounting volumes.
    • Use TrueCryptMode/Hash specified in command line in password dialog.
  • Windows:
    • Solve CryptAcquireContext vulnerability reported by Open Crypto Audit Phase II.
    • Proper handling of random generator failures. Inform user in such cases.
    • TrueCrypt Mode related changes:
      • Support mounting TrueCrypt system partition (no conversion yet)
      • Support TrueCrypt volumes as System Favorites.
      • Correct displaying wrong TrueCrypt mode in volume properties when SHA-256 is used.
    • Solve PIN BLOCKED issue with smart cards in a special case.
    • Correctly handle file access errors when mounting containers.
    • Solve several issues reported by the Static Code Analysis too Coverity.
    • Bootloader: Add "Verifying Password..." message.
    • When UAC prompt fails (for example timeout), offer the user to retry the operation.
    • Uninstall link now open the standard "Add/Remove Programs" window.
    • On uninstall, remove all VeraCrypt references from registry and disk.
    • Included VeraCryptExpander in the Setup.
    • Add option to temporary cache password when mounting multiple favorites.
    • Minor fixes and enhancements (see git history for more information)
  • MacOSX:
    • Solve issue volumes not auto-dismounting when quitting VeraCrypt.
    • Solve issue VeraCrypt window not reopening by clicking dock icon
  • Linux/MacOSX:
    • Solve preferences dialog not closing when clicking on the 'X' icon.
    • Solve read-only issue when mounting non-FAT volumes in some cases.
    • Support opening/exploring mounted volumes on desktops other than Gnome/KDE.
    • Solve various installer issues when running on less common configurations
    • Minor fixes (see git history for more information)

Changes between 1.0f and 1.0f-1 (4 January 2015) :

  • All OSs:
    • Add support for old TrueCrypt 6.0.
    • Change naming of cascades algorithms in GUI for a better description.
  • Linux/MacOSX:
    • Make cancel button of the preference dialog working.
    • Solve impossibility to enter a one digit size for the volume.
    • Add wait dialog to the benchmark calculation.
  • Windows:
    • For Windows XP, correct the installer graphical artefacts.
    • Add TrueCrypt mode to the mounted volume information.

Changes between 1.0e and 1.0f (30 December 2014) :

  • All OSs:
    • Add support for mounting TrueCrypt volumes.
    • Add support for converting TrueCrypt containers and non-system partitions.
    • Add support for SHA-256 for volume encryption.
    • Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD160
    • Deprecate RIPEMD160 for non-system encryption.
    • Speedup mount operation by enabling choice of correct hash algorithm.
    • Display a wait dialog during lengthy operations to avoid freezing the GUI.
    • Implement creation of multiple keyfiles at once, with predefined or random size.
    • Always display random gathering dialog before performing sensitive operations.
    • Links in the application now points to the online resources on Codeplex
    • First version of proper VeraCrypt User Guide
  • MacOSX:
    • Implement support for hard drives with a large sector size (> 512).
    • Link against new wxWidgets version 3.0.2
    • Solve truncated text in some Wizard windows.
  • Linux:
    • Add support of NTFS formatting of volumes.
    • Correct issue on opening of the user guide PDF
    • Better support for hard drives with a large sector size (> 512).
    • Link against new wxWidgets version 3.0.2
  • Windows:
    • Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
    • Add support for SHA-256 in system boot encryption.
    • Various optimizations in bootloader.
    • Complete fix of ShellExecute security issue.
    • Kernel driver: check that the password length received from bootloader is less or equal to 64.
    • Correct a random crash when clicking the link for more information on keyfiles
    • Implement option to auto-dismount when user session is locked
    • Add self-test vectors for SHA-256
    • Modern look-and-feel by enabling visual styles.
    • few minor fixed.
Search

Updated Wiki: Home

April 6, 2015, 1:10 pm
$
0
0

Project Description

VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt.

Donate to VeraCryptFaire un don à VeraCryptSpenden für VeraCrypt

VeraCrypt on FacebookVeraCrypt on Twitter

Coverity Status

Windows / MacOSX / Linux / Source Downloads

Online Documentation (click here for latest User Guide PDF)

Release Notes

Frequently Asked Question

Android & iOS Support

Contributed Resources & Downloads (PPA, RPM, ARM, Raspberry Pi...)

 

What does VeraCrypt bring to you?

VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt. The following post describes some of the enhancements and corrections done:https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data.

Starting from version 1.0f, VeraCrypt can load TrueCrypt volume. It also offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format.

UPDATE April 5th 2015 : VeraCrypt 1.0f-2 is out with important security and bug fixes. It also brings up to 20% speed improvement for mounting volumes. Please check the release notes for the complete list of changes. Download for Windows is here.

As usual, a MacOSX version is available in the Downloads section or by clicking on the following link. It supports MacOSX 10.6 and above and it requires OSXFUSE 2.3 and later(https://osxfuse.github.io/).MacFUSE compatibility layer must checked during OSXFUSE installation.
Also a Linux version is available in the Downloads section or by clicking on the following link. The package contains the installation scripts for 32-bit and 64-bit versions, and for GUI and console-only version (choose which script is adapted the best to your machine).

All released files are signed with a PGP key available on the following link :https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc . It's also available on major key servers with ID=0x54DDD393.
Please check that its fingerprint is 993B7D7E8E413809828F0F29EB559C7C54DDD393.

SHA256 and SHA512 sums for all released files are available in the Downloads section.

VeraCrypt on the fly encrypting the system partition :
VeraCrypt Partition Encryption


VeraCrypt creating an encrypted volume :

VeraCrypt encrypted volume creation

Changing the GUI language of VeraCrypt
VeraCrypt Language Selection Dialog

Closed Unassigned: Volumes do not auto-dismount when VeraCrypt quits on OS X [120]

April 6, 2015, 1:26 pm
$
0
0
Open volumes are not not auto-dismounted when VeraCrypt quits on OS X. Security preferences are set to enable this behavior.

I have checked VeraCrypt_1.0f-1 and VeryCrypt_1.0f-2-beta.

When VeraCrypt is restarted the volume still shows up as mounted. If the volume is unmounted in the finder while VeraCrypt is not running, it will still show up in the mounted list when the VeraCrypt until the dismount action is used.

I am using OS X 10.9.5 with OSXFUSE 2.7.5e

Comments: Thank you for reporting this issue. I have fixed it and it is included in the final 1.0f-2 version that I have just released today.

New Post: x64 whole disk encryption

April 10, 2015, 12:22 am
$
0
0
In the early days of TrueCrypt, there was a 2GB limitation for volumes but not it was overcome and the latest TrueCrypt version doesn't suffer from this.
VeraCrypt doesn't have any limitation on the disk size.

New Post: Cloud backup questions

April 10, 2015, 4:39 am
$
0
0
Hi,

1. VeraCrypt doesn't encrypt individual files but rather it creates a virtual drive backed by an encrypted container file. So, to protect your files, you need to copy them to the virtual drive mounted by VeraCrypt. To access your data from another machine, the encrypted container file that holds all the data should be copied to that machine. In your case, this would mean copying the container file to your iPhone and then use an application that supports VeraCrypt to mounted the container file and access your data. You can find such application on the app store although it is not free and it is not developed by us.
2. As explained above, VeraCrypt protects the data that is copied to the mounted virtual drive. So, if you can put your outlook files in VeraCrypt virtual drive, then it will be protected and it can't be used unless the correct password is used to mount the virtual drive again.
3. The best way to secure email exchanges is to use PGP keys. Once you create your own PGP key, share your public key with the others and they will able to encrypt emails for your. Since your are the only one to have the private key, no one other than you can read those emails. For Thunderbird, the addon Enigmail will do the job. There is also an addon for outlook (I think it is distributed by gpg4win).

Voilà voilà...I encourage you to read the documentation and follow the tutorials to understand how VeraCrypt works in real situations.

New Post: Newbie: How do I "know" my files are encrypted & how to move encrypted files to Google Drive

April 10, 2015, 12:31 pm
$
0
0
I'm a newbie to encryption - many heartfelt thanks to idrassi for his labor (& countless hours) of love and to all the others who support VeraCrypt - thank you!

First, the beginner tutorial for setting up VeraCrypt is excellent. Over the past 2 weeks I've played with my volume(s), moving files, working with files, etc, in the mounted volume(s). I fully understand files are encrypted/decrypted in RAM on the fly, thus I always see "normal" files, not "garbage". Question: how do I "KNOW" my files are encrypted when all I see are "normal" files? I'd like to know how to export an encrypted file and prove to myself the file truly is encrypted.

Second, I've studied this discussion board & documentation but haven't figured out how to get encrypted files moved to Google Drive. I know it can be done because of this prior post:
https://veracrypt.codeplex.com/discussions/581487

I've tried moving my mounted volume to GD but the test files are in plain unencrypted format - I'm not doing something right...

Thanks to all for helping a newbie!

New Post: TrueCrypt Phase II Audit

April 10, 2015, 1:24 pm
$
0
0
When these issues are addressed, do headers need to be updated and re-created on data volumes? I just converted all my drive headers over from TrueCrypt. I would think the headers would need to be replaced again after reading the changelog. If the random generator had issues then how would one know if their keys and volume headers were created correctly.

By the way, thank you idrassi for all your efforts and contributions to this prodject this far and forward. Keep up the great work!

New Post: Newbie: How do I "know" my files are encrypted & how to move encrypted files to Google Drive

April 10, 2015, 3:25 pm
$
0
0
Hello Don,

TrueCrypt and VeraCrypt are disk encryption utilities that allow you to encrypt an entire disk, a disk partition or virtual disk called file container. The generic term used is disk volume.

Hence, your files are encrypted within the volume. When you dismount the volume, the files are locked-up in the volume encrypted. You cannot extract files within the dismounted volume to export as encrypted files. And when the volume is mounted, per the design of on-the-fly encryption/decryption will prevent copying the files in the volume as encrypted files to a target drive like Google Drive.

There are hex editors that can confirm that once the volume is unmounted that the data is encrypted. Be careful not to make any changes using the hex editor to the volume or you will corrupt the data or prevent the volume from being mounted in VeraCrypt.

Help this helps explain at a high level the difference between VeraCrypt and other utilities that encrypt selected files but not the disk.

Regards.
Search

Source code checked in, #de7798ce9c2d36e71e94c176d6747683954b3fb2

April 10, 2015, 3:31 pm
$
0
0
Windows: add a test code-signing certificate and a batch file to sign binaries and the installer with it.

New Post: Cloud usage: Store a volume like a file by unencripted file

April 11, 2015, 1:54 am
$
0
0
Currently, veracrypt/truecrypt is not cloud-friendly: If we wish to store a volume in a cloud, this force to sync all volume with the cloud although only one of the encrypted file has been modified. For example, if we have a encrypted volume of 2gb with 1000 files and we modify a 1kb file, we must synchronize the 2gb.

I suggest create a new volume type to store a physical file per encrypted file, similar like to encfs does.

I sorry by my bad english.

New Post: Newbie: How do I "know" my files are encrypted & how to move encrypted files to Google Drive

April 11, 2015, 8:15 am
$
0
0
Thank you! I foresee the loss of my laptop in an unsettled part of the world so VeraCrypt works great for that context. However, I'm still looking for a solution to encrypting files in Google Drive and/or Dropbox. For uploading/encrypting individual files to Google Drive, I've run across Boxcryptor. Would appreciate any other suggestions/comments from the VC community on other possible alternatives for my second context. Thanks again!

New Post: uefi bios

April 11, 2015, 2:15 pm
$
0
0
movingkey wrote:
Just out of curiosity. What happens when UEFI is not supported? Does that just mean you can't run system encryption? I’m using a 4TB drive in Win7 under GPT, that seems to work. But my M-board is about 5 years old now.
It bricks the computer and you usually need to format the computer and reinstall windows. I tried to use a different full disk encryption product on my parents new laptop, only to find out later when it stopped working that it was UEFI and not a classic bios. So I had to use the restore feature to make the laptop work again. It might be possible to mount the drive in another computer and decrypt the system from the running copy of veracrypt on that local system from the System menu. That might allow the computer to function again, but no guarantees.

I have a feeling VeraCrypt might defend against this (not sure since I am not going to risk it) by when the initial check is performed when you reboot to find out if you were able to successfully authenticate at bootup or not, then when windows starts up it would detect that it was unsuccessful and hopefully not allow you to even attempt the encryption. Maybe the developer can shed some more light on that.

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 2:21 pm
$
0
0
I am moving all my crypto over from DiskCryptor to VeraCrypt since I always liked TrueCrypt and by all accounts and my own experience with having actual email contact with the developer I believe VeraCrypt is a worthy successor.

If I encrypt my operating system, should I choose Whole Drive? I mean, that would cover the 100mb boot partition as well as the Windows system partition but how would that effect over-provisioning? Would there be any problems?

Over-provisioning is essentially unused space at the very end of the disk, no partitions created, that is used for internal workings of the drive to improve reliability etc. So since there is no actual partition there I am just unsure of how that plays into the "Whole Disk" mode.

Thanks.

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 2:47 pm
$
0
0
Currently, you cannot encrypt the entire system disk that has Windows OS boot partition called System Reserved which has no drive letter and is used as part of the boot-up process. Also avoid whole disk option, if your PC came with other partitions on the system drive for OS installation or recovery tools. Instead, select encrypt OS option which will only encrypt the C partition.

Regarding the "unused" portion of your SSD, read the following from the documentation.

https://veracrypt.codeplex.com/wikipage?title=Trim%20Operation

https://veracrypt.codeplex.com/wikipage?title=Wear-Leveling

https://veracrypt.codeplex.com/wikipage?title=Reallocated%20Sectors


The above topics and many others can be found in the link below.

https://veracrypt.codeplex.com/wikipage?title=Security%20Requirements%20and%20Precautions

Regards.

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 3:01 pm
$
0
0
Enigma2Illusion wrote:
Currently, you cannot encrypt the entire system disk that has Windows OS boot partition called System Reserved which has no drive letter and is used as part of the boot-up process. Also avoid whole disk option, if your PC came with other partitions on the system drive for OS installation or recovery tools. Instead, select encrypt OS option which will only encrypt the C partition.

Regarding the "unused" portion of your SSD, read the following from the documentation.

https://veracrypt.codeplex.com/wikipage?title=Trim%20Operation

https://veracrypt.codeplex.com/wikipage?title=Wear-Leveling

https://veracrypt.codeplex.com/wikipage?title=Reallocated%20Sectors


The above topics and many others can be found in the link below.

https://veracrypt.codeplex.com/wikipage?title=Security%20Requirements%20and%20Precautions

Regards.
Are you entirely sure about your statement about not being possible to whole disk encrypt when the boot and system are on the same drive? I had a warning earlier when my boot was on my old hard drive and windows was on my new SSD. After I fixed that and reformatted so that both are on my new SSD I have no complaints from VeraCrypt about my drive/boot configuration... Nor did I have any problems with DiskCryptor either beacuse the bootloader then enables the OS to boot. I have a feeling you are wrong about that.

Thanks for the links. I am going to check those out.
Search

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 3:08 pm
$
0
0
I am still unsure about how over-provisioning is effected by whole disk encryption. Those links just explain the mechanics and precautions about privacy leaks. They do not explain if it is ok to use whole disk encryption on an SSD with over-provisioning, which as I said is just unused space that "could" be turned into a partition but you just leave it alone so the drive can work with it to keep the drive healthy. I can't help thinking that ignoring the boot partition would open you up to exploit by an attacker with physical access to the system. If the windows partition is encrypted and the boot partition is not, surely they could do some jiggery pokery on that partition and cause problems for you?

So I would like some clarification before I go ahead with this system encryption. If I cannot get the clear info I will end up doing just the windows partition for safety reasons (I do not want to format a second time...).

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 5:34 pm
$
0
0
Only the SSD controller has access to the "extra" drive space to use for bad blocks. Hence, VeraCrypt cannot access this extra space reserved by the SSD manufacturer.

A quick Google search confirms my statement.

http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/whitepaper/whitepaper05.html

.
Are you entirely sure about your statement about not being possible to whole disk encrypt when the boot and system are on the same drive?
.
Yes, I am sure if you are talking about Windows System Reserved partition.

http://helpdeskgeek.com/help-desk/hdg-explains-what-is-the-system-reserved-partition/

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 5:40 pm
$
0
0
With my Samsung SSD the OP is not set in stone, nor hidden. It is user-configurable. It just appears as unused space. I can make it into a partition if I wanted. So it is not hidden for access only to the drive as far as I can tell.

Is there any VeraCrypt page that documents you cannot perform Whole Disk encryption on a drive that has the system and boot (100mb) partition on the same drive? I was getting warnings earlier that a drive that doesn't have the boot partition on the same one that windows is on is not supported and gave me the choice to ignore the warning. After I formatted and arranged to have the 100mb created on the same drive, now I do not get that error any longer. Also, when I was using DiskCryptor I had both encrypted and it booted fine because the actual bootloader (which is not encrypted with either software) is what lets the other partitions boot.

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 11, 2015, 6:30 pm
$
0
0
Can you point me to the Samsung documentation for your model saying that you can use this SSD "reserved" partition as a user data partition instead of SSD reserved partition?

As the link I provided stated, some models allow you to configure the size of the over-provisioning, however the SSD controller controls the usage of the reserved partition and not the user or the OS.
OP is a way to set aside a minimum amount of free space, inaccessible to the user or the OS, which the SSD controller can utilize as a kind of “work bench.”
.

The error you were getting as you stated was due to the System Reserved partition was not on the same drive as the OS.


https://veracrypt.codeplex.com/wikipage?title=System%20Encryption
Note: By default, Windows 7 and later boot from a special small partition. The partition contains files that are required to boot the system. Windows allows only applications that have administrator privileges to write to the partition (when the system is running). VeraCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).
.
I know the above is confusing. Trust me when I say, do not encrypt the Windows System Reserved partition with TrueCrypt/VeraCrypt. Here is the last example I will provide regarding this subject. :)

http://www.hacker10.com/encryption-software-2/diskcryptor-vs-truecrypt-comparison/
Windows 7 system reserved partition contains some necessary boot files, do not attempt to encrypt Windows 7 system reserved partition like I did because the computer will not boot!

New Post: System encryption on SSD. Would "Whole Drive" mess up over-provisioning?

April 12, 2015, 2:17 am
$
0
0
I know this may not be he right place, but:
  • I read enough about "... 100mb boot partition can't be encrypted..." or "... you have to encrypt C only...".
  • Doing a new, clean install of Win7, you can delete the 100mb "system" partition, there'll be no problems using Win7; there weren't any problems with encryption (TrueCrypt), I didn't have to make a clean new install using VeryCrypt up to now.
  • Works with Vista as well, and no, I don't have or ever had any problems using Vista.
Viewing all 7620 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>