VeraCrypt 1.24 features massive improvements

Martin Brinkmann
Mar 4, 2019
Security
|
15

VeraCrypt 1.24, the upcoming next version of the popular open source and cross-platform encryption software VeraCrypt, comes with a massive list of security and functionality improvements.

The new version of the encryption software is available as a beta release currently. Interested users may download it from the project's Sourceforge Nightly builds directory.

Note: It is not recommended to install the beta in production environments. Make sure to create backups of important data and a VeraCrypt rescue disk and header backup before you install the version on a supported device.

The new version installs fine on its own, as an update of a previous version of VeraCrypt, or as a portable version.

Tip: I suggest you change the default PIM used by the application to improve security further.

VeraCrypt 1.24

The majority of changes apply to the Windows version of VeraCrypt only but some apply to all supported operating systems.

The developers increased the maximum password length to 128 instead of 64 in UTF encoding for all supported operating systems. An option was added to keep on using the 64 limit in Settings > Preferences; check "use legacy maximum password length (64-characters)" to enable the option.

VeraCrypt 1.24 uses hardware random number generation instead of using a CPU-based generation. Additionally, XTS mode performance on 64-bit machines was improved by up to 10% and detection for certain CPU features has been fixed.

Windows changes

The bulk of changes applies to the Windows operating system only. Here are the most important changes in list format:

  • Memory attack mitigations make memory used by VeraCrypt inaccessible to non-administrators.
  • RAM encryption support for keys and passwords; this is not enabled by default and only available on 64-bit Windows machines. Expect about 10% memory overhead when enabling the feature. You can enable it under Settings > Preferences > More Settings > Performance and Driver Options > "Activate Encryption of keys and passwords stored in RAM".
  • VeraCrypt erases the encryption keys from memory when the Windows computer is shut down or when it reboots to defend against "some" cold boot attacks.
  • Option to erase all all encryption keys from memory when a new device is connected.
  • New driver entry point to erase encryption keys from memory in case of emergency.
  • MBR bootloader improvements and fixes.
  • Fixed Windows Update issue that broke the VeraCrypt UEFI bootloader.
  • Several fixes and improvements for the EFI bootloader, e.g. timeout for password input, Rescue Disk improvements, and fix for Esc-key on password prompt not starting Window.
  • New mount option to mount a device without mapping it to the specified drive letter.
  • Quick Format option available for file container creations.

Closing Words

VeraCrypt 1.24 will be the first official release of the software program in 2019 and it will be a major upgrade especially on Windows.

Now You: do you use encryption software? Which and why?

Summary
software image
Author Rating
1star1star1star1star1star
4 based on 13 votes
Software Name
VeraCrypt 1.24
Software Category
Security
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Victor said on October 9, 2019 at 9:16 pm
    Reply

    I just started using Veracrypt. I took some time to think about whether or not I felt it was worth to bother with this. I decided yes, but only very particular files. I decided any kind of personally identifiable files were going to go into the encrypted container and not anything else. So for me that was photos of myself, friends or family; any kind of finance/banking related files; router config files; email archives; certain work related files and anything else I might realize later, I will move to the container. The other thing is what happens if someone hacks into your OS from the outside? Well, if you have mounted your encrypted volume, they will have access to them unencrypted as you do. So to add more security for that possible scenario, unmount the container as soon as you are done with it, don’t leave it mounted for your entire session.

  2. Benjamin said on March 5, 2019 at 8:50 am
    Reply

    I wonder how long the French company can withstand US pressure to make a backdoor available… well in a way the US forced a backdoor into many other European systems like the Swift payment clearing system… or like to force all to use US Telco technology…. disgusting it is.

    1. John Fenderson said on March 5, 2019 at 4:54 pm
      Reply

      @Benjamin: “I wonder how long the French company can withstand US pressure to make a backdoor available”

      Probably for a long time, when it comes to general-purpose encryption like this. Payment systems and other special-purpose things are a bit different, because if you’re in that space then you need to maintain compatibility. Things like Veracrypt have no need to be interoperable with other systems.

      The US’ ability to politically pressure other nations and companies to do anything is waning as well.

  3. Darren said on March 5, 2019 at 12:18 am
    Reply

    Public Service Announcement :)
    If you’re feeling generous donate a few to the Veracrypt cause. Oh yea, and to ghacks for the awesome job keeping us up to date on these kind of things…

    1. Klaas Vaak said on March 5, 2019 at 6:50 am
      Reply

      @Darren: +10

  4. OtherOptions said on March 4, 2019 at 11:26 pm
    Reply

    File-level encryption (including file/directory names): EncFSMP on Windows + Encdroid on Android o cloud.

    Volume/partition-level encryption: TrueCrypt 7.1a (pre-NSA? :-)

  5. Haakon said on March 4, 2019 at 9:23 pm
    Reply

    “do you use encryption software? Which and why?”

    Until TrueCrypt showed up, Vigenere was my favorite. :)

    As Mozilla’s Thunderbird has no built-in security, I began running the PortableApps version in a TrueCrypt container many years ago; currently, the container is 1GB in VeraCrypt 1.23.8. Using TB for my critical personal and business email for almost 15 years is why that container is that size.

    I use a 12 mixed case & character password, my own 3-digit PIM and… well, something other than AES.

    While I would have no problem opening my email under warrant, it’s reassuring to know if some dirtbag stole my PC or laptop, that data is secure.

    Having one file makes syncing between my PC and laptop a breeze. As well for daily local and weekly online backups. I keep a copy of the VeraCrypt installer in the online storage as well just in case I would find myself having to use another’s computer and once I was done I could close out VeraCrypt and delete it and the container file.

    That said, my worthless email activity is done in Gmail which I’ve had since it was by invite only, long enough ago to forget when that was. Fortune City’s fcmail was the first online email I used.

    Thanks for another great article. I’m looking forward to VeraCrypt v1.24.

  6. Franck said on March 4, 2019 at 5:47 pm
    Reply

    Awesome news !!!

  7. John Fenderson said on March 4, 2019 at 5:26 pm
    Reply

    “do you use encryption software? Which and why?”

    Yes, I use a variety of encryption software for a variety of purposes (including the crypto software I work on in my day job).

    I use VeraCrypt for a very specific thing: I carry a large capacity USB memory stick that needs to be compatible with both Windows and Linux. It contains a hidden encrypted partition that I use to transport very sensitive data. I use VeraCrypt to encrypt that partition because it is supported in both operating systems.

    1. Jane said on April 20, 2020 at 9:35 pm
      Reply

      Is veracrypt obsolete? Elcomsoft had a recent press release which said it can provide access to encrypted drives using veracrypt.

  8. Richard said on March 4, 2019 at 4:13 pm
    Reply

    I am asking for thoughts on how to encrypt my Google drive files. I would still need access from both windows desktop and my IOS devices, what is best option for that?
    Thanks!

    1. Martin Brinkmann said on March 4, 2019 at 4:30 pm
      Reply
  9. FortFan0 said on March 4, 2019 at 3:47 pm
    Reply

    Anyone know if Veracrypt was audited for security? Were any holes found?

    1. Martin Brinkmann said on March 4, 2019 at 4:08 pm
      Reply

      VeraCrypt is based on TrueCrypt. The devs fixed the security issues found in the TrueCrypt audit: https://www.ghacks.net/2015/04/07/veracrypt-1-0f-2-update-fixes-truecrypt-audit-vulnerability/

  10. Klaas Vaak said on March 4, 2019 at 12:22 pm
    Reply

    I started using VeraCrypt on Windows, and am still using it on Linux. A very good program, one of the best in its class.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.