VeraCrypt 1.24 features massive improvements
VeraCrypt 1.24, the upcoming next version of the popular open source and cross-platform encryption software VeraCrypt, comes with a massive list of security and functionality improvements.
The new version of the encryption software is available as a beta release currently. Interested users may download it from the project's Sourceforge Nightly builds directory.
Note: It is not recommended to install the beta in production environments. Make sure to create backups of important data and a VeraCrypt rescue disk and header backup before you install the version on a supported device.
The new version installs fine on its own, as an update of a previous version of VeraCrypt, or as a portable version.
Tip: I suggest you change the default PIM used by the application to improve security further.
The majority of changes apply to the Windows version of VeraCrypt only but some apply to all supported operating systems.
The developers increased the maximum password length to 128 instead of 64 in UTF encoding for all supported operating systems. An option was added to keep on using the 64 limit in Settings > Preferences; check "use legacy maximum password length (64-characters)" to enable the option.
VeraCrypt 1.24 uses hardware random number generation instead of using a CPU-based generation. Additionally, XTS mode performance on 64-bit machines was improved by up to 10% and detection for certain CPU features has been fixed.
The bulk of changes applies to the Windows operating system only. Here are the most important changes in list format:
- Memory attack mitigations make memory used by VeraCrypt inaccessible to non-administrators.
- RAM encryption support for keys and passwords; this is not enabled by default and only available on 64-bit Windows machines. Expect about 10% memory overhead when enabling the feature. You can enable it under Settings > Preferences > More Settings > Performance and Driver Options > "Activate Encryption of keys and passwords stored in RAM".
- VeraCrypt erases the encryption keys from memory when the Windows computer is shut down or when it reboots to defend against "some" cold boot attacks.
- Option to erase all all encryption keys from memory when a new device is connected.
- New driver entry point to erase encryption keys from memory in case of emergency.
- MBR bootloader improvements and fixes.
- Fixed Windows Update issue that broke the VeraCrypt UEFI bootloader.
- Several fixes and improvements for the EFI bootloader, e.g. timeout for password input, Rescue Disk improvements, and fix for Esc-key on password prompt not starting Window.
- New mount option to mount a device without mapping it to the specified drive letter.
- Quick Format option available for file container creations.
VeraCrypt 1.24 will be the first official release of the software program in 2019 and it will be a major upgrade especially on Windows.
Now You: do you use encryption software? Which and why?
I started using VeraCrypt on Windows, and am still using it on Linux. A very good program, one of the best in its class.
Anyone know if Veracrypt was audited for security? Were any holes found?
VeraCrypt is based on TrueCrypt. The devs fixed the security issues found in the TrueCrypt audit: https://www.ghacks.net/2015/04/07/veracrypt-1-0f-2-update-fixes-truecrypt-audit-vulnerability/
I am asking for thoughts on how to encrypt my Google drive files. I would still need access from both windows desktop and my IOS devices, what is best option for that?
BoxCryptor supports that: https://www.ghacks.net/2011/02/08/boxcryptor-dropbox-realtime-encryption/
“do you use encryption software? Which and why?”
Yes, I use a variety of encryption software for a variety of purposes (including the crypto software I work on in my day job).
I use VeraCrypt for a very specific thing: I carry a large capacity USB memory stick that needs to be compatible with both Windows and Linux. It contains a hidden encrypted partition that I use to transport very sensitive data. I use VeraCrypt to encrypt that partition because it is supported in both operating systems.
Is veracrypt obsolete? Elcomsoft had a recent press release which said it can provide access to encrypted drives using veracrypt.
Awesome news !!!
â€œdo you use encryption software? Which and why?â€
Until TrueCrypt showed up, Vigenere was my favorite. :)
As Mozilla’s Thunderbird has no built-in security, I began running the PortableApps version in a TrueCrypt container many years ago; currently, the container is 1GB in VeraCrypt 1.23.8. Using TB for my critical personal and business email for almost 15 years is why that container is that size.
I use a 12 mixed case & character password, my own 3-digit PIM and… well, something other than AES.
While I would have no problem opening my email under warrant, it’s reassuring to know if some dirtbag stole my PC or laptop, that data is secure.
Having one file makes syncing between my PC and laptop a breeze. As well for daily local and weekly online backups. I keep a copy of the VeraCrypt installer in the online storage as well just in case I would find myself having to use another’s computer and once I was done I could close out VeraCrypt and delete it and the container file.
That said, my worthless email activity is done in Gmail which I’ve had since it was by invite only, long enough ago to forget when that was. Fortune City’s fcmail was the first online email I used.
Thanks for another great article. I’m looking forward to VeraCrypt v1.24.
File-level encryption (including file/directory names): EncFSMP on Windows + Encdroid on Android o cloud.
Volume/partition-level encryption: TrueCrypt 7.1a (pre-NSA? :-)
Public Service Announcement :)
If you’re feeling generous donate a few to the Veracrypt cause. Oh yea, and to ghacks for the awesome job keeping us up to date on these kind of things…
I wonder how long the French company can withstand US pressure to make a backdoor available… well in a way the US forced a backdoor into many other European systems like the Swift payment clearing system… or like to force all to use US Telco technology…. disgusting it is.
@Benjamin: “I wonder how long the French company can withstand US pressure to make a backdoor available”
Probably for a long time, when it comes to general-purpose encryption like this. Payment systems and other special-purpose things are a bit different, because if you’re in that space then you need to maintain compatibility. Things like Veracrypt have no need to be interoperable with other systems.
The US’ ability to politically pressure other nations and companies to do anything is waning as well.
I just started using Veracrypt. I took some time to think about whether or not I felt it was worth to bother with this. I decided yes, but only very particular files. I decided any kind of personally identifiable files were going to go into the encrypted container and not anything else. So for me that was photos of myself, friends or family; any kind of finance/banking related files; router config files; email archives; certain work related files and anything else I might realize later, I will move to the container. The other thing is what happens if someone hacks into your OS from the outside? Well, if you have mounted your encrypted volume, they will have access to them unencrypted as you do. So to add more security for that possible scenario, unmount the container as soon as you are done with it, don’t leave it mounted for your entire session.