VeraCrypt

Encryption scheme

VeraCrypt employs AES, Serpent), Twofish, Camellia), and Kuznyechik as ciphers. Version 1.19 stopped using the Magma) cipher in response to a security audit. For additional security, ten different combinations of cascaded algorithms are available:

Encryption scheme

• AES–Twofish • AES–Twofish–Serpent • Camellia–Kuznyechik • Camellia–Serpent • Kuznyechik–AES • Kuznyechik–Serpent–Camellia • Kuznyechik–Twofish • Serpent–AES • Serpent–Twofish–AES • Twofish–Serpent

Security improvements

• The VeraCrypt development team considered the TrueCrypt storage format too vulnerable to a National Security Agency (NSA) attack, so it created a new format incompatible with that of TrueCrypt. VeraCrypt versions prior to 1.26.5 are capable of opening and converting volumes in the TrueCrypt format. Since ver. 1.26.5 TrueCrypt compatibility is dropped. • An independent security audit of TrueCrypt released 29 September 2015 found TrueCrypt includes two vulnerabilities in the Windows installation driver allowing an attacker arbitrary code execution and privilege escalation via DLL hijacking. This was fixed in VeraCrypt in January 2016. • While TrueCrypt uses 1,000 iterations of the PBKDF2-RIPEMD-160 algorithm for system partitions, VeraCrypt uses either 200,000 iterations (SHA-256, BLAKE2s-256#BLAKE2), Streebog) or 500,000 iterations (SHA-512, Whirlpool)) by default (which is customizable by user to be as low as 2,048 and 16,000 respectively). For standard containers and non-system partitions, VeraCrypt uses 500,000 iterations by default regardless of the hashing algorithm chosen (which is customizable by user to be as low as 16,000). While these default settings make VeraCrypt slower at opening encrypted partitions, it also makes password-guessing attacks slower. • Additionally, since version 1.12, a new feature called "Personal Iterations Multiplier" (PIM) provides a parameter whose value is used to control the number of iterations used by the header key derivation function, thereby making brute-force attacks potentially even more difficult. VeraCrypt out of the box uses a reasonable PIM value to improve security, but users can provide a higher value to enhance security. The primary downside of this feature is that it makes the process of opening encrypted archives even slower. • A vulnerability in the bootloader was fixed on Windows and various optimizations were made as well. The developers added support for SHA-256 to the system boot encryption option and also fixed a ShellExecute security issue. Linux and macOS users benefit from support for hard drives with sector sizes larger than 512. Linux also received support for the NTFS formatting of volumes. • Unicode passwords are supported on all operating systems since version 1.17 (except for system encryption on Windows). • VeraCrypt added the capability to boot system partitions using UEFI in version 1.18a. • Option to enable/disable support for the TRIM) command for both system and non-system drives was added in version 1.22. • Erasing the system encryption keys from RAM during shutdown)/reboot helps mitigate some cold boot attacks, added in version 1.24. • RAM encryption for keys and passwords on 64-bit systems was added in version 1.24.

WikTok | Your Personalised Encyclopedia

Train your feed. Demystify any topic with AI. Read with friends.

Follow what fascinates you, crack open any topic with AI, save favourites, share great finds, and level up as you go.

Swipe left and right to improve your feed!