Nov 22, 2014 at 1:10 PM
Edited Nov 29, 2014 at 4:23 PM
It is difficult for the users to see what has been accepted and what sort of plan you have for VeraCrypt's development.
Until there is a Trac type system and in an effort to allow users to follow your progress, I have made this thread and I will try to update it the best I can.
Many of us love VeraCrypt and all the work you are doing, this is not a complaint thread it is an enthusiastic fans attempt to track what has been accepted as requests and a rough order of implementation :)
I understand the desperate need for UEFI and GPT support. However I know this will take a very long time to work out. My fear is that all your time will be spent on UEFI and GPT support at the expense of other smaller feature requests.
I would like to suggest a different approach to priority of work done to VeraCrypt. While it is good to start work on UEFI and GPT support, I think it might be a better idea to implement smaller easier features first.
My reason for this is that the easier tasks can be completed and implemented quickly. This has many benefits.
- More people will be using the new features and so testing them for a longer period of time.
- It shows VeraCrypt is rapidly improving, adding security and convenience.
- It prevents multiple requests for the same new features as it is hard to see what has been accepted.
- Users can enjoy the extra security offered by the new features sooner.
- It reduces the job list much quicker and takes some of the pressure off so you can concentrate more clearly on UEFI and GPT.
- It allows me to demonstrate to others that VeraCrypt is the natural successor to Truecrypt.
- Reputation, Truecrypt was mocked for failing to add CD/DVD encryption after many years of it being on the "to do" list. I don't want any suggestion VeraCrypt appears to be the same with other features.
I have listed the feature requests below, I don't claim to know what has been accepted and what has been rejected.
I have placed them in an order of what I guess to be the easiest to implement. I have no idea if they are in the right order.
Mounir will you please edit my post or add a comment to tell me what has been rejected and what order I should set these requests in ?
This is not a nagging post, I am just so happy with VeraCrypt I want to know what's going on :)
Dedicated PHP MyBB Forum for better, clearer communication.
Multiple Keyfile Production and Strengthening.
Easy Drive Letter Swap
Header Deletion and or panic button.
Store boot loader on separate USB flash drive.
Like DiskCryptor does. This protects against Evil Maid attacks and allows the user to make a main system disk appear to be entirely random data. At the moment with WDE this is not possible, making plausible deniability impossible.
VeraCrypt Self Test Option
Randomise Default Hashing
Without this we have no plausible deniability at all. :(
Support for UEFI and GPT
Long term goal.
Nov 22, 2014 at 10:33 PM
Edited Dec 12, 2014 at 10:41 PM
Thanks for these suggestions and ideas. Indeed, exploring new technologies like UEFI takes a lot of time and it's difficult to manage other features in the mean time.
For the next release, the expected changes :
- some fixes that need to be done (GUI issues on MacOSX,
here) and which are not difficult.
- Add a PRF selection option in the password dialog. The user can speedup volume opening if he knows the PRF used during its creation, which is always the case. It is a waste of time for the legitimate user to try all PRFs but it is an extra cost for a potential
- Patch for tc-play in order to support VeraCrypt volumes. This is needed for BSD OSs (like FreeBSD) where VeraCrypt can't run because of the lack of fuse and also Linux for those who need an alternative and GPL friendly implementation. A full fork called
vcplay will also exist in the future.
- Add support for creating multiple key files (https://veracrypt.codeplex.com/discussions/571576)
- Add a wipe mode for single overwrite which is enough for modern harddrives since we'll write our data above it. More information:
The next release is expected to be available before the end of the year.
The next features to be implemented :
and long term features:
Concerning the other features:
- Easy Drive Letter Swap (https://veracrypt.codeplex.com/discussions/572411): This will work only if the password is cached. Otherwise, the user will be prompted for the password.
Unfortunately, at the driver level, we can't reuse the encryption key of virtual drive in another one and that's why the password is needed. Many changes are needed if we want to do this smoothly.
- Randomize hash algorithms choice: It doesn't make sens because the algorithms don't have the same security level. See my answer on
- VeraWipe: No expected date fixed to start working. We'll have a cleared idea by January.
I hope this will give a better picture about the expected roadmap.
Thank you Mounir :)
Your post has made it very clear which requests have been accepted and a rough estimation of how you are going to proceed. Hopefully this thread will answer many VeraCrypt fans questions.
I am grateful for the multiple key generation and strengthening request to be included in the next release ! However looking at what you are going to do in the release after has me VERY excited !!
Awesome work as usual Mounir, thank you.
Hi Mounir :)
I have been thinking about VeraCrypt again LOL I have some more ideas I would like to ask you to consider please.
When you get time would you please take a look and add or reject the suggestions ? It would be great if you could edit your reply above with these to keep them all in one place.
Test keyfile Randomness
As you kindly accepted my CSPRNG randomness test request, I wondered if you could extend the ability to encompass allowing the user to select a file and ask VeraCrypt to test it's suitability as a keyfile ?
Many users choose bad keyfiles (those which are not generated by VeraCrypt). Users should really choose compressed files like .rar and .mps etc, as they are more random.
A user can employ this new feature to make certain the file they have selected is "random enough" :)
Accept random input from another source.
Some pro's might have special hardware random number generators, or alternative software generators etc, it would be nice if VC accepted the output from these other sources if the user requested it.
BIOS Version Test
I'm not sure this is possible, however I thought I would mention it :)
Is it possible for VC to take mote of the currently installed BIOS version ? If so it might be good to alert the user on logging in to VC if the BIOS has been updated. If the user is aware and have done this themselves then they can clear the warning.
If the user has not updated their BIOS they are at least aware their password may have been compromised.
Auto Generate Key Presses.
Once you have more room in the bootloader is it possible to simulate key presses before asking user for the boot password ? If VC could generate text in this way it may fill up the tiny amount of spare memory in BIOS based attacks.
Password Input Box
Please make it larger which is great for dragging keyfiles into.
Another benefit is less windows or box's to open. The box should be large enough to display all keyfiles and mount options without the user having to drill down. Less clicking is always better as currently the multiple boxes are like a maze.
Cosmetic / Usability.
Resizeable main window.
Text on main window "Encryption algorithm" should be capitol "A" Algorithm as it is a title.
I would like to increase my knowledge by understanding your latest requests from your above post by asking questions and providing feedback. :)
Test Keyfile Randomness
I like your idea for this request. Given that VC uses the first 1 KB of the file and the VC keyfile generator creates non-standard keyboard characters, what method would you recommend to test the randomness of keyboard characters?
I am going-off in a slight tangent from your request with comments for other users considering keyfiles. I have noticed that some people prefer to use certain phrases in their keyfiles in order to rebuild them if they are lost or damaged. This allows you to
use text files that can appear to be recipes, instructions for performing some task or some other usage. In other words, hiding in plain sight.
For those not familiar with keyfiles or are new to VC, you must be careful that nothing modifies the first 1 KB of the file(s) you are using for keyfile(s) or you will lose access to the volume’s created using those keyfiles as stated in the manual.
Accept random input from another source
Could you explain when this feature request would be used while using VC? Is it during the create volume phase when it is recommended that you move your mouse within the VC window during the creation of the header and master keys?
Would this expose VC brand name to be damaged by someone choosing a weaker random generator that could unknowingly compromise the security of the volume being created?
Are there concerns with VC’s random generator that need to be fixed or replaced to maintain confidence in the volume security?
BIOS Version Test
I would expect that a malicious BIOS infection would keep the same version number to avoid tipping off the user to any changes made to the BIOS.
I remember reading a post from the CipherShed forum and it appears that other peripherals can be infected to implement the infection against the BIOS even if the BIOS is installed again from a clean source as noted from the article below in 2012.
Researcher Creates Proof-of-Concept Malware that Infects BIOS
One tool to detect changes in the BIOS is to compare BIOS to a known good/clean BIOS using Copernicus.
Not sure if this is in the scope of VC.
Auto Generate Key Presses
Could you elaborate what type of attack or threat you are trying to thwart in the BIOS?
Password Input Box
An additional request is to have a wider screen to show the entire 64 characters of the password would be nice in addition to your keyfile screen request. I wonder if the reason for the fixed screen size is in case you have to boot into safe mode. Resizable
screens would help in either scenario of normal or safe mode.
AAARRGGHHH I have written this out but somehow lost the post !! I hate it when that happens ! :(
I am sorry but the rest is written quickly and in a huff, you know what it's like when you have to retype something :)
I am pleased you are interested in my suggestions, but this thread was not really intended to be a discussion thread. It was an effort to try to diminish messages between requests and reduce reading time for Mounir as there is no ticket system or central task
This codeplex messaging is not like a forum where it is easy to make quotes and set things out nicely. Perhaps after you have read my reply Mounir could possibly delete our messages here ?
As previously mentioned, I'm typing this all out again so I am sorry for the lack of depth :)
Test Keyfile Randomness
I suppose it would be the same method as described by Mounir in the original request thread for it.
"DieHard test suite is a good start. There is also the NIST Statistical Test Suite that is popular in the industry."
Accept random input from another source
Yes you need a good random source when creating volumes and master keys.
No weakness is known for the inbuilt CSPRNG.
I would assume this would be an advanced option so it is unlikely someone without a hardware generator would try it.
The idea is to avoid possible hardware attacks / deliberate weakening of processor code etc.
There are some other interesting generators available and this feature adds further diversity to VC volumes. The more uncertainty between VC users the attacker faces, the better.
BIOS Version Test
Yes, I am just throwing the idea out there, as I said I'm not even sure it is possible but it is something everyone needs to be aware of. If an inbuilt check could be incorporated it may help someone who is unaware of Copernicus.
Auto Generate Key Presses
Custom built keylogger in BIOS saving keystrokes to a limited portion of BIOS memory.
Thanks for your explanations L0ck. I appreciate you taking the time to type out your responses again. :)
Based on your reply, one suggestion I have for you is to create a new topic for your additional request features and leave this thread for accept/deny by Mounir so that other people can discuss your requested features. :)
I started by doing exactly that, making a thread, posting 1 idea and then Mounir accepting / denying it. These threads dropped down as more were added and requests were being repeated by new members. A lot of my suggestion above do have threads of their
own, ...see first post.
This thread is really a place for members to look and see what has been accepted before making a new thread asking for their features.
I am not a fan of this codeplex forum, it's not as well laid out as a PHPBB forum for example.
I am reluctant to fill out multiple tickets like I was doing before, it looks like I am spamming the board LOL :D
There is no problem with you creating a new topic to ask questions about any new feature added. The hard part is doing so without cluttering the forum, which is what I was trying not to do.
I suspect as most features are already accepted I won't be posting many new ideas, so hopefully things will calm down a bit. :)
Dec 11, 2014 at 8:31 PM
Edited Dec 11, 2014 at 8:33 PM
Mounir, will you please add these requests to your post above (second in this thread) ?
Could you also please mark them as accepted or rejected so we know what will be happening to VeraCrypt.
Please mark "Add support for creating multiple key files" as DONE or remove it from the to do list, thank you it works great, a brilliant addition :)
Abort function after wrong password is entered.
In order to reduce the waiting time when a wrong password is entered it would be expedient if by pressing say the ESC key we could stop the process that causes Veracrypt to go through the process of checking all hash types.
After much discussion :)
A summarised version of the request.
Please can we have the following ?
Allow user to run panic button from GUI.
Allow user to create "Hot Keys" to run the panic button.
Allow pre-configuration of the actions performed by the panic button.
Options in the pre-configuration page...
Wipe the header and backup header locations on all attached drives.
Wipe only user defined drives header and backup header locations.
Unencrypted Drives Options ( if it is possible to work out which are unencrypted )
After header and backup header areas are wiped on all drives attempt to reduce data exposure on unencrypted drives.
Wipe MFT / GPT first.
Attempt full wipe of drive, time permitting.
I notice you want members to post their ideas on the ticket system now. I have migrated the accepted requests from this thread. :)
I have relatively recently discovered this project and am very convinced that it is urgently needed in todays times.
Have there already been "shut up and take my donation" offers, and if yes, could you kindly let me know where they were posed (and answered with an explanation about how to financially support the project)?
Unfortunately I can't code for shit.
I am more than willing to help though, i.e. if you eed german localization for language strings. Beta-testing? I have administered a few forums (phpbb and invision powerboard systems) in the past, so if this is still an unresolved issue I am more than happy
to give some aid in that. Or even do the full admin thing and day to day moderation.
Just let me know... I am a PITA with things like these, throwing out a lot of ideas, many of the probably harebrained from a developers point of view, but I am also more than happy to help within the frame of my skills...
...you kindly let me know where they were posed (and answered with an explanation about how to financially support the project)?
On the home page, you can find the donate options to provide a monetary donation to VeraCrypt to show your appreciation to Mounir's efforts which he performs in his free time from his day job and family life.
You can review the issues tickets and vote-up the tickets that are important to you.
May 24, 2015 at 10:09 AM
Thank you randomname0815 for proposing your help.
As for donations, they can given through PayPal or Bitcoins (like are on the home page as explained by Enigma2Illusion). It is also possible to use bank transfer, just send a message using the various options proposed here:
Help for translation is welcomed. You can find all the XML files on Git (for example here:
). Just look for fields with lang="en", translate them and send the modified file.
Beta testing is also welcomed. I added in the 1.11-BETA the possibility to decrypt non system partitions and I'll publish soon the dynamic mode implementation. Tests using different configurations will be helpful. The best version and its changelog is here:
Concerning the forums, for now I'm sticking with Codeplex and Sourceforge ones, Sourceforge one being interesting for those who wish to post anonymously. Help is needed to answer users questions and try to help them as I obviously can't do the development and
support at the same time. So, if you can contribute by helping users on the forums, this will be very much appreciated.
I already saw you other posts and I appreciate your willing to make VeraCrypt a better security software. Such project needs fresh ideas and proposals from interested users to drive its development positively.