Release Notes

1.19 (October 17th, 2016):

  • All OSs:
    • Fix issues raised by Quarkslab audit.
      • Remove GOST89 encryption algorithm.
      • Make PBKDF2 and HMAC code clearer and easier to analyze.
      • Add test vectors for Kuznyechik.
      • Update documentation to warn about risks of using command line switch ”tokenpin”.
    • Use SSE2 optimized Serpent algorithm implementation from Botan project (2.5 times faster on 64-bit platforms).
  • Windows:
    • Fix keyboard issues in EFI Boot Loader.
    • Fix crash on 32-bit machines when creating a volume that uses Streebog as PRF.
    • Fix false positive detection of Evil-Maid attacks in some cases (e.g. hidden OS creation)
    • Fix failure to access EFS data on VeraCrypt volumes under Windows 10.
    • Fix wrong password error in the process of copying hidden OS.
    • Fix issues raised by Quarkslab audit:
      • Fix leak of password length in MBR bootloader inherited from TrueCrypt.
      • EFI bootloader: Fix various leaks and erase keyboard buffer after password is typed.
      • Use libzip library for handling zip Rescue Disk file instead of vulnerable XUnzip library.
    • Support EFI system encryption for 32-bit Windows.
    • Perform shutdown instead of reboot during Pre-Test of EFI system encryption to detect incompatible motherboards.
    • Minor GUI and translations fixes.
  • MacOSX:
    • Remove dependency to MacFUSE compatibility layer in OSXFuse.

 

1.18a (August 17th, 2016):

  • All OSs:
    • Support Japanese encryption standard Camellia, including for Windows system encryption (MBR & EFI).
    • Support Russian encryption and hash standards Kuznyechik, Magma and Streebog, including for Windows EFI system encryption.
  • Windows:
    • Support EFI Windows system encryption (limitations: no hidden os, no boot custom message)
    • Fix TrueCrypt vulnerability allowing detection of hidden volumes presence(reported by Ivanov Aleksey Mikhailovich, alekc96 [at] mail dot ru)
    • Enhanced protection against dll hijacking attacks.
    • Fix boot issues on some machines by increasing required memory by 1 KiB
    • Add benchmarking of hash algorithms and PRF with PIM (including for pre-boot).
    • Move build system to Visual C++ 2010 for better stability.
    • Workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
    • Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit.
    • Implement passing smart card PIN as command line argument (/tokenpin) when explicitly mounting a volume.
    • When no drive letter specified, choose A: or B: only when no other free drive letter is available.
    • Reduce CPU usage caused by the option to disable use of disconnected network drives.
    • Add new volume ID mechanism to be used to identify disks/partitions instead of their device name.
    • Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
    • Add option and command line switch to hide waiting dialog when performing operations.
    • Add checkbox in "VeraCrypt Format" wizard GUI to skip Rescue Disk verification during system encryption procedure.
    • Allow files drag-n-drop when VeraCrypt is running as elevated process.
    • Minor GUI and translations fixes.
  • Linux:
    • Fix mount issue on Fedora 23.
    • Fix mount failure when compiling source code using gcc 5.x.
    • Adhere to XDG Desktop Specification by using XDG_CONFIG_HOME to determine location of configuration files.
  • MacOSX:
    • Solve compatibility issue with newer versions of OSXFuse.

 

1.17 (February 13th, 2016):

  • All OSs:
    • Support UNICODE passwords: all characters are now accepted in passwords (except Windows system encryption)
    • Cut mount/boot time by half thanks to a clever optimization of key derivation (found by Xavier de Carné de Carnavalet)
    • Optimize Whirlpool PRF speed by using assembly (25% speed gain compared to previous code).
    • Add support for creating exFAT volumes.
    • Add GUI indicator for the amount of randomness gathered using mouse movement.
    • Include new icons and graphics contributed by Andreas Becker (http://www.andreasbecker.de)
  • Windows:
    • Fix dll hijacking issue affecting installer that allows code execution with elevation of privilege (CVE-2016-1281). Reported by Stefan Kanthak (http://home.arcor.de/skanthak/)
    • Sign binaries using both SHA-1 and SHA-256 to follow new Microsoft recommendations.
    • Solve issues under Comodo/Kaspersky when running an application from a VeraCrypt volume (Reported and fixed by Robert Geisler).
    • Bootloader: Protect password/PIM length by filling the fields to maximum length with '*' after ENTER
    • Solve issue with system favorites not being able to be mounted to drive A:
    • Solve lost focus issues for after displaying the waiting dialog
    • Solve rare issue where some partitions where asscoiated with wrong disk the "Select Device" dialog.
    • Implement PIM caching, for both system encryption and normal volumes. Add option to activate it.
    • Don't try mounting using cached passwords if password and/or keyfile are specified in the command line.
    • Internal rewrite to make VeraCrypt native UNICODE application.
    • Workaround to avoid false positive detection by some anti-virus software.
    • Hide disconnected network drives in the list of available drives. Add option to make them available for mounting.
    • Solve issue that caused in some cases configuration and history XML files to be updated even when not needed.
    • Fix leak of path of selected keyfiles in RAM.
    • Fix TB unit can't be deselected in VeraCryptExpander.
    • Add Alt+i keyboard shortcut for "Use PIM" checkbox in GUI.
    • Minor GUI and translations fixes.
  • Linux/MacOSX:
    • Fix issue of --stdin option not handling correctly passwords that contain a space character (reported and fixed by Codeplex user horsley1953).
    • Fix issue creating volumes using command line with a filesystem other than FAT.
    • Support K/M/G/T suffixes for --size switch to indicate unit to use for size value.

1.16 (October 7th, 2015):

  • Windows:
    • Modify patch for CVE-2015-7358 vulnerability to solve side effects on Windows while still making it very hard to abuse drive letter handling.
    • Fix failure to restore volume header from an external file in some configurations.
    • Add option to disable “Evil Maid” attack detection for those encountering false positive cases (e.g. FLEXnet/Adobe issue).
    • By default, don’t try to mount using empty password when default keyfile configured or keyfile specified in command line. Add option to restore the old behavior.
      • If mounting using empty password is needed, explicitly specify so in the command line using: /p ""

1.15 (September 26th, 2015):

  • Windows:
    • Fix two TrueCrypt vulnerabilities reported by James Forshaw (Google Project
      Zero)
      • CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by
        abusing drive letter handling.
      • CVE-2015-7359: Local Elevation of Privilege on Windows caused by
        incorrect Impersonation Token Handling.
    • Fix regression in mounting of favorite volumes at user logon.
    • Fix display of some Unicode languages (e.g. Chinese) in formatting wizard.
    • Set keyboard focus to PIM field when "Use PIM" is checked.
    • Allow Application key to open context menu on drive letters list
    • Support specifying volumes size in TB in the GUI (command line already supports this)

1.14 (September 16th, 2015):

  • All OSs:
    • Mask and unmask PIM value in GUI and bootloader like the password.
  • Windows:
    • Solve Rescue Disk damaged error when using cascade ciphers and SHA256 for system encryption.
    • Solve option "Cache password in drive memory" always disabled even if checked in preferences.
    • Solve UI language change not taken into account for new install unless a preference is changed.
    • Implement creating file containers using command line.
    • Driver: disable support of IOCTL_STORAGE_QUERY_PROPERTY by default and add option to enable it.
    • Driver:  Support returning StorageDeviceProperty when queried through IOCTL_STORAGE_QUERY_PROPERTY.
    • Support setting volume label in Explorer through mount option or favorite label value.
    • Fix for Hot Keys assignment dialog issue where OEM-233 is always displayed and can't be changed.
    • Always copy both 32-bit and 64-bit executable binaries during install and in Traveler Disk Setup.
      • Traveler Disk will again use 32-bit exe by default while also offering 64-bit exe.
      • On Windows 64-bit, 32-bit exe files are now available(e.g. if needed to use 32-bit PKCS#11 dll)
    • Include Volume Expander in Traveler Disk Setup.
    • Don't offer creating a restore point if it is disabled in Windows.
    • Add possibility to verify a Rescue Disk ISO image file.
    • Minors fixes in the installer, GUI and driver.
  • Linux:
    • Support supplying password using stdin in non interactive mode (contributed by LouisTakePILLz)
      • Example: veracrypt -t ${IMAGE_PATH} ${MOUNT_PATH} --mount --non-interactive --stdin <<< "$PWD"

1.13 (August 9th, 2015):

  • Windows:
    • Solve TOR crashing when run from a VeraCrypt volume.

1.12 (August 5th, 2015):

  • All OSs:
    • Implement "Dynamic Mode" by supporting a Personal Iterations Multiplier (PIM). See documentation for more information.
  • Windows:
    • Detect Boot Loader tampering ("Evil Maid" attacks) for system encryption and propose recovery options.
    • Fix buffer overrun issue and other memory related bugs when parsing language XML files.
    • Fix wrongly reported bad sectors by chkdsk caused by a bug in IOCTL_DISK_VERIFY handling.
    • Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
    • Fix system favorites not always mounting after cold start.
    • Solve installer error when updating VeraCrypt on Windows 10.
    • Implement decryption of non-system partition/drive.
    • Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
    • Allow using drive letters A: and B: for mounting volumes
    • Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
    • Add possibility to show system encryption password in Windows GUI and bootloader
    • Solve "Class Already exists" error that was happening for some users.
    • Solve some menu items and GUI fields not translatable
    • Make volumes correctly report Physical Sector size to Windows.
    • Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
    • Add manual selection of partition when resuming in-place encryption.
    • Add command line option (/cache f) to temporarily cache password during favorites mounting.
    • Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
    • Add extra information to displayed error message in order to help analyze reported issues.
    • Disable menu entry for changing system encryption PRF since it's not yet implemented.
    • Fix failure to change password when UAC required (inherited from TrueCrypt)
    • Minor fixes and changes (see Git history for more details)
  • Linux:
    • Solve installer issue under KDE when xterm not available
    • Fix warnings on about/LegalNotice dialogs when wxWidgets linked dynamically (N/A for official binary)
    • Support hash names with '-' in command line (sha-256, sha-512 and ripemd-160)
    • Remove "--current-hash" switch and add "--new-hash" to be more coherent with existing switches.
    • When only keyfile specified in command line, don't try to mount using empty password.
      • If mounting using empty password is needed, explicitly specify so using: -p ""

1.0f-2(April 5th, 2015):

  • All OSs:
    • Mounting speed improvement, up to 20% quicker on 64-bit (contributed by Nils Maier)
    • Add option to set default hash/TrueCryptMode used for mounting volumes.
    • Use TrueCryptMode/Hash specified in command line in password dialog.
  • Windows:
    • Solve CryptAcquireContext vulnerability reported by Open Crypto Audit Phase II.
    • Proper handling of random generator failures. Inform user in such cases.
    • TrueCrypt Mode related changes:
      • Support mounting TrueCrypt system partition (no conversion yet)
      • Support TrueCrypt volumes as System Favorites.
      • Correct displaying wrong TrueCrypt mode in volume properties when SHA-256 is used.
    • Solve PIN BLOCKED issue with smart cards in a special case.
    • Correctly handle file access errors when mounting containers.
    • Solve several issues reported by the Static Code Analysis too Coverity.
    • Bootloader: Add "Verifying Password..." message.
    • When UAC prompt fails (for example timeout), offer the user to retry the operation.
    • Uninstall link now open the standard "Add/Remove Programs" window.
    • On uninstall, remove all VeraCrypt references from registry and disk.
    • Included VeraCryptExpander in the Setup.
    • Add option to temporary cache password when mounting multiple favorites.
    • Minor fixes and enhancements (see git history for more information)
  • MacOSX:
    • Solve issue volumes not auto-dismounting when quitting VeraCrypt.
    • Solve issue VeraCrypt window not reopening by clicking dock icon.
  • Linux/MacOSX:
    • Solve preferences dialog not closing when clicking on the 'X' icon.
    • Solve read-only issue when mounting non-FAT volumes in some cases.
    • Support opening/exploring mounted volumes on desktops other than Gnome/KDE.
    • Solve various installer issues when running on less common configurations
    • Minor fixes (see git history for more information)

1.0f-1 (January 4th, 2015)

  • All OSs:
    • Add support for old TrueCrypt 6.0.
    • Change naming of cascades algorithms in GUI for a better description.
  • Linux/MacOSX:
    • Make cancel button of the preference dialog working.
    • Solve impossibility to enter a one digit size for the volume.
    • Add wait dialog to the benchmark calculation.
  • Windows:
    • Add TrueCrypt mode to the mounted volume information.
    • For Windows XP, correct the installer graphical artefacts.

1.0f (December 30, 2014)

  • All OSs:
    • Add support for mounting TrueCrypt volumes.
    • Add support for converting TrueCrypt containers and non-system partitions.
    • Add support for SHA-256 for volume encryption.
    • Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD160
    • Deprecate RIPEMD160 for non-system encryption.
    • Speedup mount operation by enabling choice of correct hash algorithm.
    • Display a wait dialog during lengthy operations to avoid freezing the GUI.
    • Implement creation of multiple keyfiles at once, with predefined or random size.
    • Always display random gathering dialog before performing sensitive operations.
    • Links in the application now points to the online resources on Codeplex
    • First version of proper VeraCrypt User Guide
  • MacOSX:
    • Implement support for hard drives with a large sector size (> 512).
    • Link against new wxWidgets version 3.0.2.
    • Solve truncated text in some Wizard windows.
  • Linux:
    • Add support of NTFS formatting of volumes.
    • Correct issue on opening of the user guide PDF.
    • Better support for hard drives with a large sector size (> 512).
    • Link against new wxWidgets version 3.0.2.
  • Windows:
    • Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
    • Add support for SHA-256 in system boot encryption.
    • Various optimizations in bootloader.
    • Complete fix of ShellExecute security issue.
    • Kernel driver: check that the password length received from bootloader is less or equal to 64.
    • Correct a random crash when clicking the link for more information on keyfiles
    • Implement option to auto-dismount when user session is locked
    • Add self-test vectors for SHA-256
    • Modern look-and-feel by enabling visual styles
    • few minor fixed.
1.0e (September 4, 2014)
  • Improvements and bug fixes:
    • Correct most of the security vulnerabilities reported by the Open Crypto Audit Project.
    • Correct security issues detected by Static Code Analysis, mainly under Windows.
    • Correct issue of unresponsiveness when changing password/key file of a volume. Reduce overall time taken for creating encrypted volume/partition.
    • Minor improvements and bug fixes (look at git history for more details).

1.0d (June 3, 2014)
  • Improvements and bug fixes:
    • Correct issue while creating hidden operating system.
    • Minor improvements and bug fixes.

Last edited Oct 17, 2016 at 6:34 PM by idrassi, version 45