Password Cache Seems Different

Topics: Technical Issues
Apr 15, 2015 at 1:57 PM
This may be just happening to me, or it may be something specific to my system, but I have noticed that the new version of VeraCrypt does not seem to cache the passwords like the previous version did.

Previous version 1.0f

Current version 1.0f-2

Win 7 Ulti SP1 64bit

Using VeraCrypt in portable mode.

I have cache passwords enabled.



Originally using version 1.0f I used to be able to open an encrypted flash drive which contains my scripts and keyfiles for opening my slave hard drives.

The slave hard disks use a different password / keyfile than the flash drive.

I could then dismount my flash drive after opening my slave hard drives and remove it. If I later needed to open my flash drive again I could simply plug it back in and mount it without having to enter the password again.

Now using version 1.0f-2 I don't seem to be able to do this, I am not 100% certain but it seems to be almost hit and miss if it asks me for the password again or not.

Has anyone else noticed this ?
Apr 15, 2015 at 2:23 PM
The auto temporary password caching has changed for 1.0f-2 version as explained in the thread link below. You may need to adjust your scripts.

https://veracrypt.codeplex.com/discussions/622427
Apr 15, 2015 at 3:28 PM
Thank you for the link.

I have "Cache passwords in driver memory" and "Temporary cache passwords during mount favourite volume operations" checked.

The first password is manually typed in, this opens my flash drive which contains my keyfiles and scripts to open the other drives.

It is the first manually typed password which is being lost, not the scripted ones. I assume the options I have configured above would have cached my first manually typed password.

I do already have /c y in my scripts for the slave hard drives. These passwords are retained, but the original one, for the flash drive, is lost.

Thanks again.
Apr 15, 2015 at 3:44 PM
Edited Apr 15, 2015 at 3:44 PM
Is the first password performed via the GUI or the command line?
Apr 15, 2015 at 3:54 PM
The first password to open the flash drive is typed into the GUI. It is a typed password combined with a keyfile.

The slave drives are opened using scripts and keyfiles within the opened flash drive.
Apr 15, 2015 at 5:32 PM
Edited Apr 15, 2015 at 5:45 PM
I wonder if the oddity you see is due to the following behavior for "Cache passwords in driver memory" from repeated mounting, unmounting and then re-mounting.

From the manual:
Cache passwords in driver memory

When checked, passwords and/or processed keyfile contents for up to last four successfully mounted VeraCrypt volumes are cached. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. VeraCrypt never saves any password to a disk (however, see the chapter Security Requirements and Precautions). Password caching can be enabled/disabled in the Preferences (Settings -> Preferences) and in the password prompt window. If the system partition/drive is encrypted, caching of the pre-boot authentication password can be enabled or disabled in the system encryption settings (Settings > ‘System Encryption’).
Apr 15, 2015 at 8:48 PM
Again, thanks for your help.

I don't mount 4 I only need 3. Here's what I do in more detail.

I boot my computer.

I open a portable version of VeraCrypt.

I select my whole encrypted flash drive.

I mount the flash drive using a typed password and keyfile, using the GUI.

Once the flash drive is unencrypted, I use a script which decrypts 2 slave hard drives and check to make sure they are the correct drive letter etc.

I then usually un-mount the flash drive and put it away.

Only sometimes I need to return to the flash drive, in previous versions of VeraCrypt I could just mount it without having to type the password again. As of the recent version I am no longer able to cache the flash drive password.

So I only mount 3 drives in total, 1 flash drive and 2 slave hard drives. The flash drive password is different to the 2 slave drives. The 2 slave drives have the same keyfile as password.

I hope I have explained everything properly. If not please say, I would really like to retain the cache functionality.

Thanks.
Apr 15, 2015 at 9:13 PM
Sorry, I do not have any other ideas to provide. Can you verify using the procedures above that the problem occurs every time as you described above? This would help Mounir duplicate the issue.
Apr 15, 2015 at 9:23 PM
No need to apologise :)

Yes, I would say it happens all the time. I did think for a while that it seemed intermittent, but I may have done things in a different way as described above.

But for me, on a day to day basis doing the above seems to repeatedly produce the problem.
Apr 15, 2015 at 9:26 PM
A copy of my config file in case it helps.

<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
<configuration>
    <config key="OpenExplorerWindowAfterMount">0</config>
    <config key="UseDifferentTrayIconIfVolumesMounted">1</config>
    <config key="SaveVolumeHistory">0</config>
    <config key="CachePasswords">1</config>
    <config key="CachePasswordDuringMultipleMount">1</config>
    <config key="WipePasswordCacheOnExit">0</config>
    <config key="WipeCacheOnAutoDismount">0</config>
    <config key="StartOnLogon">0</config>
    <config key="MountDevicesOnLogon">0</config>
    <config key="MountFavoritesOnLogon">0</config>
    <config key="MountVolumesReadOnly">0</config>
    <config key="MountVolumesRemovable">0</config>
    <config key="PreserveTimestamps">1</config>
    <config key="EnableBackgroundTask">1</config>
    <config key="CloseBackgroundTaskOnNoVolumes">0</config>
    <config key="DismountOnLogOff">1</config>
    <config key="DismountOnSessionLocked">0</config>
    <config key="DismountOnPowerSaving">0</config>
    <config key="DismountOnScreenSaver">0</config>
    <config key="ForceAutoDismount">1</config>
    <config key="MaxVolumeIdleTime">-60</config>
    <config key="HiddenSectorDetectionStatus">0</config>
    <config key="UseKeyfiles">0</config>
    <config key="LastSelectedDrive">K:</config>
    <config key="CloseSecurityTokenSessionsAfterMount">0</config>
    <config key="DisableSystemCrashDetection">0</config>
    <config key="HotkeyModAutoMountDevices">0</config>
    <config key="HotkeyCodeAutoMountDevices">0</config>
    <config key="HotkeyModDismountAll">0</config>
    <config key="HotkeyCodeDismountAll">0</config>
    <config key="HotkeyModWipeCache">0</config>
    <config key="HotkeyCodeWipeCache">0</config>
    <config key="HotkeyModDismountAllWipe">0</config>
    <config key="HotkeyCodeDismountAllWipe">0</config>
    <config key="HotkeyModForceDismountAllWipe">0</config>
    <config key="HotkeyCodeForceDismountAllWipe">0</config>
    <config key="HotkeyModForceDismountAllWipeExit">0</config>
    <config key="HotkeyCodeForceDismountAllWipeExit">0</config>
    <config key="HotkeyModMountFavoriteVolumes">0</config>
    <config key="HotkeyCodeMountFavoriteVolumes">0</config>
    <config key="HotkeyModShowHideMainWindow">0</config>
    <config key="HotkeyCodeShowHideMainWindow">0</config>
    <config key="HotkeyModCloseSecurityTokenSessions">0</config>
    <config key="HotkeyCodeCloseSecurityTokenSessions">0</config>
    <config key="PlaySoundOnHotkeyMountDismount">1</config>
    <config key="DisplayMsgBoxOnHotkeyDismount">1</config>
    <config key="Language"></config>
    <config key="SecurityTokenLibrary"></config>
    <config key="DefaultPRF">0</config>
    <config key="DefaultTrueCryptMode">0</config>
</configuration>
</VeraCrypt>
Apr 15, 2015 at 9:57 PM
Can you provide your mount scripts for review by removing any sensitive information (passwords)?
Apr 15, 2015 at 10:23 PM
VeraCrypt.exe /v \Device\Harddisk1\Partition0 /whirlpool /k K:\keyfile.txt /l N /c y /q
Apr 16, 2015 at 5:21 PM
Hello DBKray,

I am wondering if the new option for "Temporary Cache password during Mount Favorite Volumes operations" being checked is clearing the password when mounting the USB flash drive.

Can you try uncheck this option to see if it makes any difference?

Leave the "Cache passwords in driver memory" checked.
Apr 16, 2015 at 6:07 PM
Thanks for the suggestion, I unchecked "Temporary Cache password during Mount Favorite Volumes operations" but I had the same result.

I then re-booted, with the new setting and tried again to see if that helped, but it the problem still remains.
Apr 16, 2015 at 6:37 PM
Can you try merely mounting the USB flash drive in VeraCrypt, unmount, pull USB from PC, plug-in PC, VeraCrypt mount to see if it prompts for password without running your mount script?

This test would eliminate the variables of the mount script and possible settings of the command line clearing the password.
Apr 17, 2015 at 2:10 PM
Yes I have done what you said..

I booted.

I inserted my flash drive.

I decrypted the flash drive.

I un-mounted it.

I physically removed it.

I plugged it back in.

I selected it and pressed mount.

It mounted successfully without me having to re-type my password.
Apr 17, 2015 at 2:35 PM
Thank you DBKray! I appreciate your willingness to help find the problem.

I performed some tests this morning using file containers and opened the following issues:

https://veracrypt.codeplex.com/workitem/125

https://veracrypt.codeplex.com/workitem/126
Apr 17, 2015 at 6:34 PM
I am pleased you were able to reproduce it and thanks for making a ticket for me.
Coordinator
Apr 17, 2015 at 10:46 PM
I have closed both tickets since this is a case of wrong usage of the command line. As explained in the documentation, you must use /hash to specify the PRF algorithm, so in your case it should be /hash whirpool.

/hash is documented the same way as the /letter switch so I don't know why you made the mistake with the /hash switch and not the /letter switch.

Any way, you can read my comments on the tickets:
https://veracrypt.codeplex.com/workitem/125
https://veracrypt.codeplex.com/workitem/126

Should I change the documentation of /hash and /letter?
Apr 17, 2015 at 11:05 PM
Thank you Mounir for the explanation and sorry for the false report.

I would recommend that the documentation be updated for command line parameters that expect values use some type of notation and in the detail column section for those parameters, an example is provided. This should prevent future misunderstandings of the command line syntax's.

Examples:

/letter or /l <Windows Drive Letter>

In the detail/description column, also provide an example.

Example: Mount volume to the R drive letter as shown below.
/l R

/cache or /c <y, no parm=y, n>

Example: Cache password to volume (max four volumes) mount as shown below.
/c or c y

What are your thoughts?

Thank you!
Apr 18, 2015 at 11:56 AM
Thank you for putting me straight, I am sorry it was my fault in the end.
Apr 18, 2015 at 10:03 PM
While improving the documentation would provide better guidance to users for the proper usage of the various command line parameters, another issue is that the TrueCrypt developers did not put enough effort into validation of the parameters and the values provided to the various parameters.

I have created the following enhancement request for command line parameter and value validations with appropriate error messages.

You can read the details and vote-up the enhancement request at the link below.

https://veracrypt.codeplex.com/workitem/127

Thank you.
Apr 28, 2015 at 12:10 AM
Many thanks to Mounir for completing issue 127 "Command Line Parameters & Values Validation w/Error Messages". You can download the 1.11 beta version at the link below.

https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/