VeraCrypt 1.26.7 update brings major changes: read this before updating
It took the developers of the open source encryption software VeraCrypt more than 18 months to release VeraCrypt 1.26.7. It is a big release that addresses several issues and makes other important changes, including support for new features.
Some of the changes affect backwards compatibility significantly. VeraCrypt came to be after the developers of TrueCrypt, another encryption software, called it quits over dubious circumstances. It supported TrueCrypt volumes and, more or less, felt like a new version of TrueCrypt in the beginning.
The developers have improved the software, fixed security issues and introduced new features since its release back in 2014.
VeraCrypt 1.26.7: Compatibility changes
The official release notes list the following compatibility changes:
- TrueCrypt Mode support is removed in this version. There is no option anymore to mount TrueCrypt volumes in VeraCrypt 1.26.7 and future releases.
- Removed support for RIPEMD160 and GOST89 algorithms. Volumes that use these algorithms can't be mounted anymore in VeraCrypt 1.26.7 and future releases.
The developers suggest to use the previous version, 1.25.9, to convert volumes before upgrading.
On Windows, VeraCrypt releases are only tested on Windows 10 and Windows 11 systems. While the software may still run on Windows 7 and 8 devices, there is no guarantee anymore.
VeraCrypt 1.26.7: new features
The developers of VeraCrypt introduce several new features in the encryption software. One of the main additions is support for EMV banking smart cards, which users may use as keyfiles for non-system volumes.
EMV, which stands for Europay, MasterCard and Visa, is a "secure payment software". The EMV Standard is a security technology used to make payments with credit, debit and prepaid cards.
The implementation in VeraCrypt supports all EMV standard-compliant banking cards. The system does not require a card PIN or separate PKCS#11 module configuration. The secure keyfile is generated from "unique, encoded data present on the banking card".
VeraCrypt users who have upgraded their software to the latest version may enable the functionality under Settings > Security Tokens. This enables the functionality to encrypt the hard drives of the computer with a credit card or other compatible card. A compatible card reader is required to make use of the new security feature.
Additional information on the implementation is available on the website of Institut national des sciences appliquées de Rennes.
Another new feature in VeraCrypt 1.26.7 is support for the PRF algorithm BLAKE2s for encrypting standard and system volumes. BLAKE2 is a cryptographic hash function that claims to be faster than MD5, SHA-1, SHA-2, and SHA-3 and at least "as secure as the latest standard SHA-3". BLAKE2s is a variant that is optimized "for 8- to 32-bit platforms". BLAKE3 is also already available and, according to the developers, faster than BLAKE2 and its variants.
The developers of VeraCrypt have improved security by adding a check to make sure that the XTS primary key is different from the secondary key when creating volumes.
On Windows, VeryCrypt uses memory protection by default now, which has the following security benefits:
- Non-admin processes are blocked from reading VeraCrypt memory.
Screen readers by be affected by the security feature in a negative way. Administrators may disable it either under Settings > More Settings > Performance / Driver Configuration, or by adding the Dword VeraCryptEnableMemoryProtection with the value 0 to the Windows Registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt.
A new process mitigation policy is now also in effect on Windows to "prevent VeraCrypt from being injected by other processes".
The remaining changes are fixes for the most part. VeraCrypt addresses a Secure Desktop issue under windows 11 version 22H2, fixes compatibility with Ubuntu 23.04, and address a number of issues when running in text mode on Linux systems.
VeryCrypt users need to make sure that they don't run into incompatibility issues when upgrading to the latest version. Most users won't be affected by the changes, but those who still use TrueCrypt volumes or volumes with the dropped algorithms may want to convert these to supported formats before running the upgrade.
Now You: do you use VeraCrypt?