VeraCrypt 1.18 was released yesterday by the development team for all supported operating systems. The new version of the encryption program fixes one vulnerability affecting the application and TrueCrypt, the encryption software it uses code from.
VeraCrypt is one of several TrueCrypt alternatives that were published shortly after development on TrueCrypt ended under mysterious circumstances.
The encryption software is based on TrueCrypt code for the most part, but has been modified in the past two years of its existence to add, change or remove functionality.
While that is the case, it is still based on TrueCrypt code for the most part. The developers of the program fixed vulnerabilities that came to light after the TrueCrypt audit, and added interesting features to it such as PIM.
The most recent version of VeraCrypt fixes a vulnerability in TrueCrypt that allows attackers to detect the presence of hidden volumes on a device.
VeraCrypt, just like TrueCrypt, support hidden volumes that are put inside regular volumes. The idea is that if users of the software are coerced into handing out the password to the encrypted data, that it only reveals the regular volume and not the hidden volume inside.
The new version of VeraCrypt improves other features of the application. The new version supports the Japanese encryption standard Camelia for Windows system encryption (MBR and EFI), and the Russian encryption and hash standards Kuznyechik, Magma and Streebog for the Windows EFI system encryption.
On Windows, VeraCrypt 1.18 introduces support for EFI system encryption. The limitation at this point is that the feature does not support hidden operating systems or custom boot messages.
The new version ships with better protection against dll hijacks on Windows. VeraCrypt 1.18 fixes boot issues that were experienced on some machines, reduces CPU usage, and has a workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
The command line version supports a new command to pass smart card PINs via the /tokenpin option, and a command line switch to hide the waiting dialog the program displays normally.
TrueCrypt users won't get the vulnerability fixed as the program is no longer in active development. While the issue may not affect all users, as it only affects encryption setups that use hidden volumes, users that are affected may want to consider migrating to VeraCrypt instead.
The release is not the only good news about VeraCrypt. The encryption software will be audited thanks to OSTIF (Open Source Technology Improvement fund). You can read the announcement here. The audit will happen over the course of the next month, with results being released publicly after they have been patched.
Now You: Which encryption software do you use primarily?