VeraCrypt 1.24 freigegeben

[English]Die Entwickler der Open Source-Verschlüsselungssoftware VeraCrypt haben nach langer Zeit die Version 1.24 freigegeben. Bisher war die Version 1.23 verfügbar.

Die Freigabe der Software in der Version 1.24 erfolgte bereits am 6. Oktober 2019 – ich bin durch den folgenden Tweet von Martin Brinkmann auf das Update aufmerksam geworden.

VeraCrypt 1.24 encryption software update released #veracrypt #encryption #opensourcehttps://t.co/rgaXKnGhgB pic.twitter.com/pKuxPxg5U0

— ghacksnews (@ghacks) October 8, 2019

VeraCrypt ist der Nachfolger von TrueCrypt und wird als Open Source-Verschlüsselungssoftware für verschiedene Plattformen angeboten. Die Release Notes geben für die Version 1.24 folgende Neuerungen an:

• All OSs:
  • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
    • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
  • Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
  • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
  • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
• Windows:
  • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
    • Available only on 64-bit machines.
    • Disabled by default. Can be enabled using option in UI.
    • Less than 10% overhead on modern CPUs.
    • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
  • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
  • New security features:
    • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
    • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
    • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
  • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
  • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
  • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
  • Several enhancements and fixes for EFI bootloader:
    • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
    • Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
    • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
    • Fix ESC on password prompt during Pre-Test not starting Windows.
    • Add menu entry in Rescue Disk that enables starting original Windows loader.
    • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
    • If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
      • This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
  • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
  • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
  • Update libzip to version 1.5.2
  • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
  • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
  • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
  • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
  • Ensure that only one thread at a time can create a secure desktop.
  • Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
  • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
  • Minor UI changes.
  • Updates and corrections to translations and documentation.
• MacOSX:
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch –no-size-check to disable this check.
• Linux:
  • Make CLI switch –import-token-keyfiles compatible with Non-Interactive mode.
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch –no-size-check to disable this check.

Auf der Webseite findet sich noch der Hinweis für Benutzer, die Volumes mit der Version 1.17 von VeraCrypt oder früher erstellt haben:

Um nicht darauf hinzuweisen, ob Ihre Volumes ein verstecktes Volume enthalten oder nicht, oder wenn Sie bei der Verwendung von versteckten Volumes/OS auf eine plausible Ablehnbarkeit angewiesen sind, müssen Sie sowohl das äußere als auch das versteckte Volume einschließlich Systemverschlüsselung und verstecktes Betriebssystem neu erstellen und vorhandene Volumes, die vor der Version 1.18a von VeraCrypt erstellt wurden, verwerfen.

Aktuell löst der Download der portablen .exe-Version (ist der Entpacker) eine Warnung des Smartscreen-Filters im Browser aus.