VeraCrypt 1.24 encryption software update released
The developers of the open source cross-platform encryption software VeryCrypt released version 1.24 of the software on October 6, 2019 to the public.
We reviewed a beta version of VeraCrypt 1.24 in March 2019 and highlighted the major features that were integrated in the beta version already. The final version unlocks the update for production environments.
VeraCrypt does not support automatic updating which means that administrators need to download the latest client version and upgrade manually. Windows users can download a portable version or installer to their system. The installer will upgrade the current version automatically, the portable version needs to be placed in the same directory to upgrade. Linux users can check out Mike's guide on installing VeraCrypt on Linux.
Tip: check out this guide on using a PIM in VeraCrypt to improve security.
Most changes of VeraCrypt 1.24 apply to the Windows version of the client but there are some that apply to all (Windows, Linux, Mac) and some that apply to Mac OS X or Linux exclusively.
As far as changes for all clients are concerned, VeraCrypt 1.24 increased the maximum password length for non-system volumes to 128 bytes in UTF-8 encoding, improved the performance of XTS mode on 64-bit machines using SSE2 (about 10% faster according to the developers), and fixed the detection of certain CPU features.
Windows users benefit from a huge number of changes including several security improvements. The new version of the encryption software supports RAM encryption on 64-bit machines. The feature is disabled by default and needs to be enabled in Settings > Preferences > More Settings > Performance and Driver options > Activate encryption of keys and passwords stored in RAM.
Doing so adds a 10% overhead on modern CPUs according to the developers and disables hibernation of system encryption is used.
Several security improvements are active by default. VeraCrypt is configured to erase system encryption keys from memory when the machine shuts down or is rebooted; this helps mitigate certain cold boot attacks according to the developers. Mitigations protect the application's memory against memory attacks by non-admin users.
Another new security feature is the option to erase all memory-stored encryption keys if a new device is connected to the system. The option is not enabled by default and needs to be enabled under Settings > Preferences > More Settings > System Encryption Settings > Clear encryption keys from memory if a new device is inserted.
Both bootloaders, MBR and UEFI, have been improved in the new encryption software version. The MBR bootloader determines the boot loader memory segment dynamically in the new version, and it features a workaround for an issue that affected the creation of hidden operating systems on some Solid State Drives.
The UEFI bootloader features a new timeout option for password input (three minutes by default and default action set to shutdown) and several Rescue Disk improvements including an option to start the original Windows loader from the menu.
Other improvements include a new option to use CPU RDRAND or RDSEED as additional entropy sources for the random generator if available. Users may enable the option in the Preferences under Performance and Driver Options > Use CPU hardware random generator as an additional source of entropy.
Mac OS X and Linux versions feature a new --no-size-check parameter that disables that disables the new verification of available storage size when creating file containers.
VeraCrypt 1.24 is the first stable release of the encryption software in 2019. It includes several important fixes and improvements, and administrators should consider upgrading to this version as soon as possible.
As always, it is recommended to make sure that you have created a rescue disk and backed up the volume headers before you install the upgrade on the system.
Now You: which encryption software do you use, if any?Advertisement