VeraCrypt 1.17 fixes security issues, improves compatibility - gHacks Tech News

VeraCrypt 1.17 fixes security issues, improves compatibility

VeraCrypt 1.17 has been released on February 13, 2016. The new version fixes several security-related issues, improves compatibility, and even includes optimizations.

VeraCrypt is without doubt the TrueCrypt-based encryption program that appears to be the most active project right now.

Its developers release new versions regularly that fix security and other issues in the client, and add new functionality to it.

The new VeraCrypt 1.17 update is no exception as it introduces a whole batch of improvements to the software program.

VeraCrypt 1.17

veracrypt 1.17

The developers have fixed a dll hijacking vulnerability affecting the VeraCrypt installer on Windows machines. The issue, affecting several installers for Windows including those created by Mozilla, Microsoft or Kaspersky, affected TrueCrypt 7.1a as well.

Since VeraCrypt is based on that version, it too was affected by the vulnerability.

The executable installers "TrueCrypt Setup 7.1a.exe" and TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll from their "application directory".

If an attacker places the above named DLLs in the users "Downloads" directory (for example per drive-by download or social engineering) this vulnerability becomes a remote code execution.

The new version includes another security-related improvement that fixes path leaks of selected keyfiles in RAM.

As far as other improvements are concerned, there are quite a few

veracrypt preferences

  1. VeraCrypt 1.17 is signed using SHA-1 and SHA-256.
  2. The mount and boot time has been cut in half "thanks to a clever optimization of key derivation".
  3. Whirlpool PRF speed improved by 25%.
  4. Unicode passwords are supported across the board now with the exception of Windows system encryption.
  5. Support added for creating exFAT volumes.
  6. Solved issues with Comodo and Kaspersky programs when running applications from VeraCrypt mounted volumes.
  7. Reduction of false positives by antivirus programs.
  8. PIM caching implemented. The feature is not enabled by default and needs to be enabled under Settings > Preferences > Include PIM when caching a password (PIM stands for Personal Iterations Multiplier).

You can check out the full release notes of VeraCrypt 1.17 on the official project website. There you find download options for all supported operating systems.

Windows users can install VeraCrypt or use it as a portable program instead when they select the "extract" option after launching the installer.

To update VeraCrypt, run the installer for the new version and make sure it gets installed in the same directory as the currently installed version of the encryption software.

Summary
VeraCrypt 1.17 fixes security issues, improves compatibility
Article Name
VeraCrypt 1.17 fixes security issues, improves compatibility
Description
VeraCrypt 1.17, a new version of the encryption software, fixes security issues in the client and ships with performance improvements.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. CHEF-KOCH said on February 15, 2016 at 4:01 pm
    Reply

    I love it :)

  2. Ben said on February 16, 2016 at 1:36 pm
    Reply

    Thanks for bringing those updates to a wider audience.

  3. intelligencia said on February 17, 2016 at 10:49 pm
    Reply

    I CANNOT wait to apply this new uPdated version of VeraCrypt to my Linux machine!
    Again, Mr. Brinkmann I appreciate you so for taking care of us Online!
    . . . and as a reminder to myself . . . another Donation to http://www.ghacks.net is definitely in order.

    i

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.