Software-update: VeraCrypt 1.26.7

Versie 1.26.7 van VeraCrypt is uitgekomen. VeraCrypt is ontstaan als een fork van TrueCrypt, en is een opensource-encryptieprogramma waarmee een harde schijf, partitie of een virtuele volume kan worden versleuteld. VeraCrypt gebruikt de originele broncode van TrueCrypt, maar bevat diverse verbeteringen met betrekking tot de beveiliging. Volumes die met TrueCrypt zijn aangemaakt, konden voorheen geopend en geconverteerd worden, maar dat is vanaf deze versie niet meer mogelijk. De changelog voor deze uitgave laat de volgende veranderingen en verbeteringen zien:

All OSes:

Security: Ensure that XTS primary key is different from the secondary key when creating volumesIssue unlikely to happen thanks to random generator properties but this check must be added to prevent attacksReference: CCSS, NSA comment at page 3Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.Introducing support for EMV banking smart cards as keyfiles for non-system volumes.No need for a separate PKCS#11 module configuration.Card PIN isn't required.Generates secure keyfile content from unique, encoded data present on the banking card.Supports all EMV standard-compliant banking cards.Can be enabled in settings (go to Settings->Security Tokens).Developed by a team of students from the Institut national des sciences appliquées de Rennes.More details about the team and the project are available here.When overwriting an existing file container during volume creation, add its current size to the available free spaceAdd Corsican language support. Update several translations.Update documentation

Security: Ensure that XTS primary key is different from the secondary key when creating volumesIssue unlikely to happen thanks to random generator properties but this check must be added to prevent attacksReference: CCSS, NSA comment at page 3

Issue unlikely to happen thanks to random generator properties but this check must be added to prevent attacksReference: CCSS, NSA comment at page 3

Issue unlikely to happen thanks to random generator properties but this check must be added to prevent attacks

Reference: CCSS, NSA comment at page 3

Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.

Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.

Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.

Introducing support for EMV banking smart cards as keyfiles for non-system volumes.No need for a separate PKCS#11 module configuration.Card PIN isn't required.Generates secure keyfile content from unique, encoded data present on the banking card.Supports all EMV standard-compliant banking cards.Can be enabled in settings (go to Settings->Security Tokens).Developed by a team of students from the Institut national des sciences appliquées de Rennes.More details about the team and the project are available here.

No need for a separate PKCS#11 module configuration.Card PIN isn't required.Generates secure keyfile content from unique, encoded data present on the banking card.Supports all EMV standard-compliant banking cards.Can be enabled in settings (go to Settings->Security Tokens).Developed by a team of students from the Institut national des sciences appliquées de Rennes.More details about the team and the project are available here.

No need for a separate PKCS#11 module configuration.

Card PIN isn't required.

Generates secure keyfile content from unique, encoded data present on the banking card.

Supports all EMV standard-compliant banking cards.

Can be enabled in settings (go to Settings->Security Tokens).

Developed by a team of students from the Institut national des sciences appliquées de Rennes.

More details about the team and the project are available here.

When overwriting an existing file container during volume creation, add its current size to the available free space

Add Corsican language support. Update several translations.

Update documentation

Windows:

Officially, the minimum supported version is now Windows 10. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.EFI Bootloader:Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from diskAddition of Blake2s and removal of RIPEMD160 & GOST89Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.Memory protection blocks non-admin processes from reading VeraCrypt memoryIt may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabledIt can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt"Add process mitigation policy to prevent VeraCrypt from being injected by other processesMinor enhancements to RAM Encryption implementationFix Secure Desktop issues under Windows 11 22H2Implement support for mounting partially encrypted system partitions.Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already heldAllow choosing Fast Create in Format Wizard UI when creating file containersFix formatting issues during volume creation on some machines.Fix stall issue caused by Quick Format of large file containersAdd dropdown menu to Mount button to allow mounting without using the cache.Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.Make Expander first check file existence before proceeding furtherAllow selecting size unit (KB/MB/GB) for generated keyfilesDisplay full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumesSupport drag-n-drop of files and keyfiles in Expander.Implement translation of Expander UIReplace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibilityEnhancements to dependency dlls safe loading, including delay loading.Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.Add support for more language in the setup installerUpdate LZMA library to version 23.01Update libzip to version 1.10.1 and zlib to version 1.3

Officially, the minimum supported version is now Windows 10. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.

EFI Bootloader:Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from diskAddition of Blake2s and removal of RIPEMD160 & GOST89

Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from diskAddition of Blake2s and removal of RIPEMD160 & GOST89

Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.

Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from disk

Addition of Blake2s and removal of RIPEMD160 & GOST89

Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.Memory protection blocks non-admin processes from reading VeraCrypt memoryIt may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabledIt can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt"

Memory protection blocks non-admin processes from reading VeraCrypt memoryIt may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabledIt can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt"

Memory protection blocks non-admin processes from reading VeraCrypt memory

It may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabled

It can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt"

Add process mitigation policy to prevent VeraCrypt from being injected by other processes

Minor enhancements to RAM Encryption implementation

Fix Secure Desktop issues under Windows 11 22H2

Implement support for mounting partially encrypted system partitions.

Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)

Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held

Allow choosing Fast Create in Format Wizard UI when creating file containers

Fix formatting issues during volume creation on some machines.

Fix stall issue caused by Quick Format of large file containers

Add dropdown menu to Mount button to allow mounting without using the cache.

Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.

Make Expander first check file existence before proceeding further

Allow selecting size unit (KB/MB/GB) for generated keyfiles

Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes

Support drag-n-drop of files and keyfiles in Expander.

Implement translation of Expander UI

Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility

Enhancements to dependency dlls safe loading, including delay loading.

Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.

Add support for more language in the setup installer

Update LZMA library to version 23.01

Update libzip to version 1.10.1 and zlib to version 1.3

Linux:

Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.Fix compatibility issues with Ubuntu 23.04.Fix assert messages displayed when using wxWidgets 3.1.6 and newer.Fix issues launching fsck on Linux.Fix privilege escalation prompts being ignored.Fix wrong size for hidden volume when selecting the option to use all free space.Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.Fix various issues when running in Text mode:Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.Fix wrong dismount message displayed when mounting a volume.Hide PIM during entry and re-ask PIM when user entered a wrong value.Fix printing error when checking free space during volume creation in path doesn't exist.Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)Fix compatibility of generic installers with old Linux distrosUpdate help message to indicate that when cascading algorithms they must be separated by dashBetter compatibility with building under Alpine Linux and musl libc

Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.

Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.

Fix compatibility issues with Ubuntu 23.04.

Fix assert messages displayed when using wxWidgets 3.1.6 and newer.

Fix issues launching fsck on Linux.

Fix privilege escalation prompts being ignored.

Fix wrong size for hidden volume when selecting the option to use all free space.

Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.

Fix various issues when running in Text mode:Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.Fix wrong dismount message displayed when mounting a volume.Hide PIM during entry and re-ask PIM when user entered a wrong value.Fix printing error when checking free space during volume creation in path doesn't exist.

Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.Fix wrong dismount message displayed when mounting a volume.Hide PIM during entry and re-ask PIM when user entered a wrong value.Fix printing error when checking free space during volume creation in path doesn't exist.

Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.

Fix wrong dismount message displayed when mounting a volume.

Hide PIM during entry and re-ask PIM when user entered a wrong value.

Fix printing error when checking free space during volume creation in path doesn't exist.

Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)

Fix compatibility of generic installers with old Linux distros

Update help message to indicate that when cascading algorithms they must be separated by dash

Better compatibility with building under Alpine Linux and musl libc

macOS:

Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.

Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.

Source: Tweakers.net