VeraCrypt not only enhances security over the original TrueCrypt through an increased iterations count, but it also solves all the serious security issues and weaknesses discovered so far in the source code. A good list of these weaknesses can be found
We have documented these security changes in the git commits. The important ones start with "Windows vulnerability fix" and "Static Code Analysis".
I'll use the list if the Open Crypto Audit project :
- Weak Volume Header key derivation algorithm: fixed since the birth of VeraCrypt. As of 2014, any security professional will tell you that PBKDF2 should be used with a minimum of 10000 iteration for a high security, combined with a strong
password. The 1000 count comes from 2004 and it is outdated, and that's why the Open Crypto Audit placed it as the first vulnerability. In VeraCrypt, we choose since 2013 a very high iterations count to meet the increasing security requirements, hopefully
for the next 10 years.
- Multiple issues in the bootloader decompressor : fixed in git and it will be released in version 1.0f. This was very challenging because of the size requirements of the bootloader. We had to optimize the code size of many part in order
to make room for the modifications of the decompressor.
- Windows kernel driver uses memset() to clear sensitive data: fixed since version 1.0e
- TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG kernel pointer disclosure: fixed since version 1.0e
- IOCTL_DISK_VERIFY integer overflow: fixed since version 1.0e
- MainThreadProc() integer overflow: fixed since version 1.0e
- MountVolume() device check bypass: fixed since version 1.0e
- GetWipePassCount() / WipeBuffer() can cause BSOD: fixed since version 1.0e
Moreover, the VeraCrypt source code has ben checked using two static code analyzer tools and they reported many issues that were solved (commits starting with "Static Code Analysis"). One of the most time consuming part was the complete rewrite of
string manipulation code in order to use Safe String functions instead of the vulnerable string.h ones (both in user mode and kernel mode). Other fixes included :
- correcting memory leaks
- fixing potential overflow when parsing language file that can exploited.
- fixing non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).
While we inherited much of the code of TrueCrypt, we have introduced many modifications and corrections that enhances the overall security with a big margin. Of course, most of these modifications are invisible to the general user but security experts can easily
checks the current state of the code and validate our approach.
I'm taking this opportunity to announce that we have been able to implement
key derivation for system boot encryption (200 000 iterations). TrueCrypt has been always supporting only RIPEMD-160 for system partition encryption and this clearly needed an upgrade because of the aging RIPEMD-160 even if no public attack
exists for it. Because of different limitations in the boot loader (code size, memory), this was not an easy task and we had to introduce optimizations and new bootloader management in the VeraCrypt formating program in order to be able to support RIPEMD-160
and SHA-256 at the same time.
We'll publish soon a beta version of VeraCrypt 1.0f that will include this SHA-256 in order to have feedback from users.
For those who wonder why we implemented SHA-256 and not SHA-512 for the bootloader, the answer is that it was not possible to implement SHA-512 in the 16-bit environment of the bootloader because it needs 64-bit operations which can't be decomposed efficiently
into 16-bit operations. On the other hand, SHA-256 uses 32-bit operations which adapts easily to the 16-bit environment even if we lose performance.
Voila voila...I hope I have been able to answer your questions and to show how VeraCrypt is a descent secure alternative to TrueCrypt.