AfterDawn | News | Guides | Software downloads | Tech Support | Forums | HIGH.FI
AfterDawn

Version history for VeraCrypt (Mac OSX)

<<Back to software description

Changes for v1.24-Update2 - v1.24-Update4

  • Windows:
  • Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.
  • Fix failure of Screen Readers (Accessibility support) to read UI by disabling newly introduced memory protection by default and adding a CLI switch (/protectMemory) to enable it when needed.
  • Fix side effects related to the fix for CVE-2019-19501 which caused links in UI not to open.
  • Add switch /signalExit to support notifying WAITFOR Windows command when VeraCrypt.exe exits if /q was specified in CLI (cf documentation for usage).
  • Don't display mount/dismount examples in help dialog for command line in Format and Expander.
  • Documentation and translation updates.
  • Linux:
  • Fix regression that limited the size available for hidden volumes created on disk or partition.
  • MacOSX:
  • Fix regression that limited the size available for hidden volumes created on disk or partition.
  • 1.24-Update3 (December 21nd, 2019):
  • Linux:
  • Fix console-only build to remove dependency on GTK that is not wanted on headless servers.



Changes for v1.24-Hotfix1 - v1.24-Update2

  • All OSes:
  • clear AES key from stack memory when using non-optimized implementation. Doesn't apply to VeraCrypt official build (Reported and fixed by Hanno Böck)
  • Update Jitterentropy RNG Library to version 2.2.0
  • Start following IEEE 1541 agreed naming of bytes (KiB, MiB, GiB, TiB, PiB).
  • Various documentation enhancements.
  • Windows:
  • Fix possible local privilege escalation vulnerability during execution of VeraCrypt Expander (CVE-2019-19501)
  • MBR bootloader:
  • workaround for SSD disks that don't allow write operations in BIOS mode with buffers less than 4096 bytes.
  • Don't restore MBR to VeraCrypt value if it is coming from a loader different from us or different from Microsoft one.
  • EFI bootloader:
  • Fix "ActionFailed" not working and add "ActionCancelled" to customize handling of user hitting ESC on password prompt
  • Fix F5 showing previous password after failed authentication attempt. Ensure that even wrong password value are cleared from memory.
  • Fix multi-OS boot compatibility by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.
  • Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown.
  • Allow system encrypted drive to be mounted in WindowsPE even if changing keyboard layout fails (reported and fixed by Sven Strickroth)
  • Enhancements to the mechanism preserving file timestamps, especially for keyfiles.
  • Fix RDRAND instruction not detected on AMD CPUs.
  • Detect cases where RDRAND is flawed (e.g. AMD Ryzen) to avoid using it if enabled by user.
  • Don't write extra 0x00 byte at the end of DcsProp file when modifying it through UI
  • Reduce memory usage of IOCTL_DISK_VERIFY handler used in disk verification by Windows.
  • Add switch /FastCreateFile for VeraCrypt Format.exe to speedup creation of large file container if quick format is selected.
  • Fix the checkbox for skipping verification of Rescue Disk not reflecting the value of /noisocheck switch specified in VeraCrypt Format command line.
  • check "TrueCrypt Mode" in password dialog when mounting a file container with .tc extension
  • Update XML languages files.
  • Linux:
  • Fix regression causing admin password to be requested too many times in some cases
  • Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)
  • Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck)
  • Fix passwords using Unicode characters not recognized in text mode.
  • Fix failure to run VeraCrypt binary built for console mode on headless machines.
  • Add switch to force the use of legacy maximum password length (64 UTF8 bytes)
  • Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password
  • During uninstall, output error message to STDERR instead of STDOUT for better compatibility with package managers.
  • Make sector size mismatch error when mounting disks more verbose.
  • Speedup SHA256 in 64-bit mode by using assembly code.
  • MacOSX:
  • Add switch to force the use of legacy maximum password length (64 UTF8 bytes)
  • Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)
  • Fix passwords using Unicode characters not recognized in text mode.
  • Make sector size mismatch error when mounting disks more verbose.
  • Speedup SHA256 in 64-bit mode by using assembly code.



Changes for v1.23 - v1.24-Hotfix1

  • Windows:
  • Fix 1.24 regression that caused system favorites not to mount at boot if VeraCrypt freshly installed.
  • Fix failure to encrypt system if the current Windows username contains a Unicode non-ASCII character.
  • Make VeraCrypt Expander able to resume expansion of volumes whose previous expansion was aborted before it finishes.
  • Add "Quick Expand" option to VeraCrypt Expander to accelarate the expansion of large file containers.
  • Add several robustness checks and validation in case of system encryption to better handle some corner cases.
  • Minor UI and documentation changes.
  • Linux:
  • Workaround gcc 4.4.7 bug under CentOS 6 that caused VeraCrypt built under CentOS 6 to crash when Whirlpool hash is used.
  • Fix "incorrect password attempt" written to /var/log/auth.log when mounting volumes.
  • Fix dropping file in UI not showing its correct path , specifically under GTK-3.
  • Add missing JitterEntropy implementation/
  • MacOSX:
  • Fix some devices and partitions not showing in the device selection dialog under OSX 10.13 and newer.
  • Fix keyboard tab navigation between password fields in "Volume Password" page of volume creation wizard.
  • Add missing JitterEntropy implementation/
  • Support APFS filesystem for creation volumes.
  • Support Dark Mode.
  • 1.24 (October 6th, 2019):
  • All OSs:
  • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
  • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
  • Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
  • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
  • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
  • Windows:
  • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
  • Available only on 64-bit machines.
  • Disabled by default. Can be enabled using option in UI.
  • Less than 10% overhead on modern CPUs.
  • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
  • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
  • New security features:
  • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
  • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
  • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
  • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
  • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
  • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
  • Several enhancements and fixes for EFI bootloader:
  • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
  • Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
  • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
  • Fix ESC on password prompt during Pre-Test not starting Windows.
  • Add menu entry in Rescue Disk that enables starting original Windows loader.
  • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
  • If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
  • This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
  • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
  • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
  • Update libzip to version 1.5.2
  • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
  • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
  • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
  • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
  • Ensure that only one thread at a time can create a secure desktop.
  • Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
  • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
  • Minor UI changes.
  • Updates and corrections to translations and documentation.
  • MacOSX:
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
  • Linux:
  • Make CLI switch --import-token-keyfiles compatible with Non-Interactive mode.
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.



Changes for v1.22 - v1.23

  • Support pasting values to password fields using keyboard (CMD+V and CMD+A now working properly).
  • Add CheckBox in mount option dialog to force the use of embedded backup header during mount.
  • When performing backup of volume header, automatically try to use embedded backup header if using the main header fails.
  • Implement benchmarking UI for Hash and PKCS-5 PRF algorithms.



Changes for v1.21 - v1.22

  • All OSs:
  • SIMD speed optimization for Kuznyechik cipher implementation (up to 2x speedup).
  • Add 5 new cascades of cipher algorithms: Camellia-Kuznyechik, Camellia-Serpent, Kuznyechik-AES, Kuznyechik-Serpent-Camellia and Kuznyechik-Twofish.
  • Windows:
  • MBR Bootloader: Fix failure to boot hidden OS on some machines.
  • MBR Bootloader: Reduce CPU usage during password prompt.
  • Security enhancement: Add option to block TRIM command for system encryption on SSD drives.
  • Implement TRIM support for non-system SSD drives and add option to enable it (TRIM is disabled by default for non-system volumes).
  • Better fix for "Parameter Incorrect" issues during EFI system encryption in some machines.
  • Driver: remove unnecessary dependency to wcsstr which can cause issues on some machines.
  • Driver: Fix "Incorrect Parameter" error when mounting volumes on some machines.
  • Fix failure to mount system favorites during boot on some machines.
  • Fix current application losing focus when VeraCrypt is run in command line with /quit /silent switches.
  • Fix some cases of external applications freezing during mount/dismount.
  • Fix rare cases of secure desktop for password dialog not visible which caused UI to block.
  • Update libzip to version 1.5.0 that include fixes for some security issues.
  • Extend Secure Desktop feature to smart card PIN entry dialog.
  • Fix truncated license text in installer wizard.
  • Add portable package that allows extracting binaries without asking for admin privileges.
  • Simplify format of language XML files.
  • Workaround for cases where password dialog doesn't get keyboard focus if Secure Desktop is not enabled.
  • Linux:
  • Fix failure to install GUI version under recent versions of KDE.
  • Fix wxWidgets assertion failed when backing up/restoring volume header.
  • MacOSX:
  • Fix issue preventing some local help files from opening in the browser.



Changes for v1.19 - v1.21

  • All OSs:
  • Fix 1.20 regression crash when running on CPU not supporting extended features.
  • Windows:
  • Fix 1.20 regression that caused PIM value stored in favorites to be ignored during mount.
  • Fix 1.20 regression that causes system favorites not to mount in some cases.
  • Fix some cases of "Parameter Incorrect" error during EFI system encryption wizard.
  • Install PDF documents related to EFI system encryption configuration for advanced users:
  • disk_encryption_v1_2.pdf related to EFI hidden OS and full fisk encryption
  • dcs_tpm_owner_02.pdf related to TPM configuration for EFI system encryption.
  • FreeBSD:
  • Add support for building on FreeBSD.
  • 1.20 (June 29th, 2017):
  • All OSs:
  • Use 64-bit optimized assembly implementation of Twofish and Camellia by Jussi Kivilinna.
  • Camellia 2.5 faster when AES-NI supported by CPU. 30% faster without it.
  • Use optimized implementation for SHA-512/SHA256.
  • 33% speedup on 64-bit systems.
  • Deploy local HTML documentation instead of User Guide PDF.
  • Change links in UI from ones on Codeplex to ones hosted at veracrypt.fr
  • Security: build binaries with support for Address Space Layout Randomization (ASLR).
  • Windows:
  • Several fixes and modifications for EFI System Encryption:
  • Fix bug in EFI system decryption using EFI Rescue Disk
  • Add support for TPM 1.2 and TPM 2.0 (experimental) through DCS low level configuration.
  • https://dc5.sourceforge.io/docs/dcs_tpm_owner_02.pdf
  • Add Support for EFI full disk encryption and hidden OS using manual procedure (not exposed in UI).
  • https://dc5.sourceforge.io/docs/disk_encryption_v1_2.pdf
  • Enable using Secure Desktop for password entry. Add preferences option and command line switch (/secureDesktop) to activate it.
  • Use default mount parameters when mounting multiple favorites with password caching.
  • Enable specifying PRF and TrueCryptMode for favorites.
  • Preliminary driver changes to support EFI hidden OS functionality.
  • Fix Streebog not recognized by /hash command line.
  • Add support for ReFS filesystem on Windows 10 when creating normal volumes
  • Fix high CPU usage when favorite configured to mount with VolumeID on arrival.
  • Use CHM file for User Guide instead of PDF.
  • Fix false warning in case of EFI system encryption about Windows not installed on boot drive.
  • Enhancements to driver handling of various disk IOCTL.
  • Enhancements to EFI bootloader. Add possibility to manually edit EFI configuration file.
  • Driver Security: Use enhanced protection of NX pool under Windows 8 and later.
  • Reduce performance impact of internal check for disconnected network drives.
  • Minor fixes.
  • MacOSX:
  • OSX 10.7 or newer is required to run VeraCrypt.
  • Make VeraCrypt default handler of .hc & .tc files.
  • Add custom VeraCrypt icon to .hc and .tc files in Finder.
  • Check TrueCryptMode in password dialog when opening container file with .tc extension.
  • Linux:
  • Check TrueCryptMode in password dialog when opening container file with .tc extension.
  • Fix executable stack in resulting binary which was caused by crypto assembly files missing the GNU-stack note.



Changes for v1.18 - v1.19

  • All OSs:
  • Fix issues raised by Quarkslab audit.
  • Remove GOST89 encryption algorithm.
  • Make PBKDF2 and HMAC code clearer and easier to analyze.
  • Add test vectors for Kuznyechik.
  • Update documentation to warn about risks of using command line switch ”tokenpin”.
  • Use SSE2 optimized Serpent algorithm implementation from Botan project (2.5 times faster on 64-bit platforms).
  • Windows:
  • Fix keyboard issues in EFI Boot Loader.
  • Fix crash on 32-bit machines when creating a volume that uses Streebog as PRF.
  • Fix false positive detection of Evil-Maid attacks in some cases (e.g. hidden OS creation)
  • Fix failure to access EFS data on VeraCrypt volumes under Windows 10.
  • Fix wrong password error in the process of copying hidden OS.
  • Fix issues raised by Quarkslab audit:
  • Fix leak of password length in MBR bootloader inherited from TrueCrypt.
  • EFI bootloader: Fix various leaks and erase keyboard buffer after password is typed.
  • Use libzip library for handling zip Rescue Disk file instead of vulnerable XUnzip library.
  • Support EFI system encryption for 32-bit Windows.
  • Perform shutdown instead of reboot during Pre-Test of EFI system encryption to detect incompatible motherboards.
  • Minor GUI and translations fixes.
  • MacOSX:
  • Remove dependency to MacFUSE compatibility layer in OSXFuse.



Changes for v1.15 - v1.16

  • Windows:
  • Modify patch for CVE-2015-7358 vulnerability to solve side effects on Windows while still making it very hard to abuse drive letter handling.
  • Fix failure to restore volume header from an external file in some configurations.
  • Add option to disable “Evil Maid” attack detection for those encountering false positive cases (e.g. FLEXnet/Adobe issue).
  • By default, don’t try to mount using empty password when default keyfile configured or keyfile specified in command line. Add option to restore the old behavior.
  • If mounting using empty password is needed, explicitly specify so in the command line using: /p ""



Changes for v1.13 - v1.14

  • All OSs:
  • Mask and unmask PIM value in GUI and bootloader like the password.
  • Windows:
  • Solve Rescue Disk damaged error when using cascade ciphers and SHA256 for system encryption.
  • Solve option "Cache password in drive memory" always disabled even if checked in preferences.
  • Solve UI language change not taken into account for new install unless a preference is changed.
  • Implement creating file containers using command line.
  • Driver: disable support of IOCTL_STORAGE_QUERY_PROPERTY by default and add option to enable it.
  • Driver: Support returning StorageDeviceProperty when queried through IOCTL_STORAGE_QUERY_PROPERTY.
  • Support setting volume label in Explorer through mount option or favorite label value.
  • Fix for Hot Keys assignment dialog issue where OEM-233 is always displayed and can't be changed.
  • Always copy both 32-bit and 64-bit executable binaries during install and in Traveler Disk Setup.
  • Traveler Disk will again use 32-bit exe by default while also offering 64-bit exe.
  • On Windows 64-bit, 32-bit exe files are now available(e.g. if needed to use 32-bit PKCS#11 dll)
  • Include Volume Expander in Traveler Disk Setup.
  • Don't offer creating a restore point if it is disabled in Windows.
  • Add possibility to verify a Rescue Disk ISO image file.
  • Minors fixes in the installer, GUI and driver.



Changes for v1.0f-1 - v1.12

  • All OSs:
  • Implement "Dynamic Mode" by supporting a Personal Iterations Multiplier (PIM). See documentation for more information.
  • Windows:
  • Detect Boot Loader tampering ("Evil Maid" attacks) for system encryption and propose recovery options.
  • Fix buffer overrun issue and other memory related bugs when parsing language XML files.
  • Fix wrongly reported bad sectors by chkdsk caused by a bug in IOCTL_DISK_VERIFY handling.
  • Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
  • Fix system favorites not always mounting after cold start.
  • Solve installer error when updating VeraCrypt on Windows 10.
  • Implement decryption of non-system partition/drive.
  • Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
  • Allow using drive letters A: and B: for mounting volumes
  • Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
  • Add possibility to show system encryption password in Windows GUI and bootloader
  • Solve "Class Already exists" error that was happening for some users.
  • Solve some menu items and GUI fields not translatable
  • Make volumes correctly report Physical Sector size to Windows.
  • Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
  • Add manual selection of partition when resuming in-place encryption.
  • Add command line option (/cache f) to temporarily cache password during favorites mounting.
  • Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
  • Add extra information to displayed error message in order to help analyze reported issues.
  • Disable menu entry for changing system encryption PRF since it's not yet implemented.
  • Fix failure to change password when UAC required (inherited from TrueCrypt)
  • Minor fixes and changes (see Git history for more details)



Changes for v1.0f - v1.0f-1

  • All OSs:
  • Add support for old TrueCrypt 6.0.
  • Change naming of cascades algorithms in GUI for a better description.
  • Linux/MacOSX:
  • Make cancel button of the preference dialog working.
  • Solve impossibility to enter a one digit size for the volume.
  • Add wait dialog to the benchmark calculation.
  • Windows:
  • Add TrueCrypt mode to the mounted volume information.
  • For Windows XP, correct the installer graphical artefacts.



<<Back to software description

Latest user reviews