AfterDawn | News | Guides | Software downloads | Tech Support | Forums | HIGH.FI
AfterDawn.com

Version history for VeraCrypt (Portable)

<<Back to software description

Changes for v1.23-Hotfix-2 - v1.24-Hotfix1

  • Windows:
  • Fix 1.24 regression that caused system favorites not to mount at boot if VeraCrypt freshly installed.
  • Fix failure to encrypt system if the current Windows username contains a Unicode non-ASCII character.
  • Make VeraCrypt Expander able to resume expansion of volumes whose previous expansion was aborted before it finishes.
  • Add "Quick Expand" option to VeraCrypt Expander to accelarate the expansion of large file containers.
  • Add several robustness checks and validation in case of system encryption to better handle some corner cases.
  • Minor UI and documentation changes.
  • Linux:
  • Workaround gcc 4.4.7 bug under CentOS 6 that caused VeraCrypt built under CentOS 6 to crash when Whirlpool hash is used.
  • Fix "incorrect password attempt" written to /var/log/auth.log when mounting volumes.
  • Fix dropping file in UI not showing its correct path , specifically under GTK-3.
  • Add missing JitterEntropy implementation/
  • MacOSX:
  • Fix some devices and partitions not showing in the device selection dialog under OSX 10.13 and newer.
  • Fix keyboard tab navigation between password fields in "Volume Password" page of volume creation wizard.
  • Add missing JitterEntropy implementation/
  • Support APFS filesystem for creation volumes.
  • Support Dark Mode.
  • 1.24 (October 6th, 2019):
  • All OSs:
  • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
  • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
  • Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
  • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
  • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
  • Windows:
  • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
  • Available only on 64-bit machines.
  • Disabled by default. Can be enabled using option in UI.
  • Less than 10% overhead on modern CPUs.
  • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
  • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
  • New security features:
  • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
  • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
  • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
  • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
  • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
  • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
  • Several enhancements and fixes for EFI bootloader:
  • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
  • Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
  • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
  • Fix ESC on password prompt during Pre-Test not starting Windows.
  • Add menu entry in Rescue Disk that enables starting original Windows loader.
  • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
  • If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
  • This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
  • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
  • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
  • Update libzip to version 1.5.2
  • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
  • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
  • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
  • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
  • Ensure that only one thread at a time can create a secure desktop.
  • Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
  • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
  • Minor UI changes.
  • Updates and corrections to translations and documentation.
  • MacOSX:
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
  • Linux:
  • Make CLI switch --import-token-keyfiles compatible with Non-Interactive mode.
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.



Changes for v1.22 - v1.23-Hotfix-2

  • Windows:
  • Fix low severity vulnerability inherited from TrueCrypt that allowed reading 3 bytes of kernel stack memory (with a rare possibility of 25 additional bytes).
  • Reported by Tim Harrison.
  • Disable quick format when creating file containers from command line. Add /quick switch to enable it in this case if needed.
  • Add /nosizecheck switch to disable checking container size against available free space during its creation.
  • This enables to workaround a bug in Microsoft Distributed File System (DFS).
  • 1.23 (September 12th, 2018):
  • Windows:
  • VeraCrypt is now compatible with default EFI SecureBoot configuration for system encryption.
  • Fix EFI system encryption issues on some machines (e.g. HP, Acer).
  • Support EFI system encryption on Windows LTSB.
  • Add compatibility of system encryption with Windows 10 upgrade using ReflectDrivers mechanism
  • Make EFI Rescue Disk decrypt partition correctly when Windows Repair overwrites first partition sector.
  • Add Driver option in the UI to explicitly allow Windows 8.1 and Windows 10 defragmenter to see VeraCrypt encrypted disks.
  • Add internal verification of binaries embedded signature to protect against some types to tampering attacks.
  • Fix Secure Desktop not working for favorites set to mount at logon on Windows 10 under some circumstances.
  • when Secure Desktop is enabled, use it for Mount Options dialog if it is displayed before password dialog.
  • when extracting files in Setup or Portable mode, decompress zip files docs.zip and Languages.zip in order to have ready to use configuration.
  • Display a balloon tip warning message when text pasted to password field is longer than maximum length and so it will be truncated.
  • Implement language selection mechanism at the start of the installer to make easier for international users.
  • Add check on size of file container during creation to ensure it's smaller than available free disk space.
  • Fix buttons at the bottom not shown when user sets a large system font under Window 7.
  • Fix compatibility issues with some disk drivers that don't support IOCTL_DISK_GET_DRIVE_GEOMETRY_EX ioctl.
  • MacOSX:
  • Support pasting values to password fields using keyboard (CMD+V and CMD+A now working properly).
  • Add CheckBox in mount option dialog to force the use of embedded backup header during mount.
  • When performing backup of volume header, automatically try to use embedded backup header if using the main header fails.
  • Implement benchmarking UI for Hash and PKCS-5 PRF algorithms.



<<Back to software description