VeraCrypt

Last updated
VeraCrypt
Developer(s) IDRIX (based in Paris, France) [1]
Initial releaseJune 22, 2013;10 years ago (2013-06-22)
Stable release 1.26.7 (October 31, 2023;6 months ago (2023-10-31) [2] ) [±]
Repository
Written in C, C++, Assembly
Operating system
Platform IA-32, x86-64, AArch64 and armhf
Available in40 languages [3]
Type Disk encryption software
License Multi-licensed as Apache License 2.0 and TrueCrypt License 3.0 [4]
Website www.veracrypt.fr/en/Home.html

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). [5] The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition [6] or (in Windows) the entire storage device with pre-boot authentication. [7]

Contents

VeraCrypt is a fork of the discontinued TrueCrypt project. [8] It was initially released on 22 June 2013. Many security improvements have been implemented and concerns within the TrueCrypt code audits have been addressed. VeraCrypt includes optimizations to the original cryptographic hash functions and ciphers, which boost performance on modern CPUs.

Encryption scheme

VeraCrypt employs AES, Serpent, Twofish, Camellia, and Kuznyechik as ciphers. Version 1.19 stopped using the Magma cipher in response to a security audit. [9] For additional security, ten different combinations of cascaded algorithms are available: [10]

The cryptographic hash functions available for use in VeraCrypt are BLAKE2s-256, SHA-256, SHA-512, Streebog and Whirlpool. [11] VeraCrypt used to have support for RIPEMD-160 but it has since been removed in version 1.26. [12]

VeraCrypt's block cipher mode of operation is XTS. [13] It generates the header key and the secondary header key (XTS mode) using PBKDF2 with a 512-bit salt. By default they go through 200,000 to 500,000 iterations, depending on the underlying hash function used and whether it is system or non-system encryption. [14] The user can customize it to start as low as 2,048 and 16,000 respectively. [14]

Security improvements

VeraCrypt audit

QuarksLab conducted an audit of version 1.18 on behalf of the Open Source Technology Improvement Fund (OSTIF), which took 32 man-days. The auditor published the results on 17 October 2016. [15] [25] [26] On the same day, IDRIX released version 1.19, which resolved major vulnerabilities identified in the audit. [27]

Fraunhofer Institute for Secure Information Technology (SIT) conducted another audit in 2020, following a request by Germany's Federal Office for Information Security (BSI), and published the results in October 2020. [28] [29]

Security precautions

There are several kinds of attacks to which all software-based disk encryption is vulnerable. As with TrueCrypt, the VeraCrypt documentation instructs users to follow various security precautions to mitigate these attacks, [30] [31] several of which are detailed below.

Encryption keys stored in memory

VeraCrypt Boot Loader Veracrypt Boot Loader.png
VeraCrypt Boot Loader

VeraCrypt stores its keys in RAM; on some personal computers DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms may be able to recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), was successfully used to attack a file system protected by TrueCrypt versions 4.3a and 5.0a in 2008. [32] With version 1.24, VeraCrypt added the option of encrypting the in-RAM keys and passwords on x64 editions of Windows, with a CPU overhead of less than 10%, and the option of erasing all encryption keys from memory when a new device is connected. [15]

Tampered hardware

VeraCrypt documentation states that VeraCrypt is unable to secure data on a computer if an attacker physically accessed it and VeraCrypt is then used on the compromised computer by the user again. This does not affect the common case of a stolen, lost, or confiscated computer. [33] The attacker having physical access to a computer can, for example, install a hardware or a software keylogger, a bus-mastering device capturing memory or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords) or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. [34]

Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when they gain physical access to the computer. [35]

Trusted Platform Module

VeraCrypt does not take advantage of Trusted Platform Module (TPM). VeraCrypt FAQ repeats the negative opinion of the original TrueCrypt developers verbatim. [36] The TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardware keystroke logger, by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. The condemning text goes so far as to claim that TPM is entirely redundant. [37]

It is true that after achieving either unrestricted physical access or administrative privileges, it is only a matter of time before other security measures in place are bypassed. [38] [39] However, stopping an attacker in possession of administrative privileges has never been one of the goals of TPM. (See Trusted Platform Module § Uses for details.) TPM might, however, reduce the success rate of the cold boot attack described above. [40] [41] [42] [43] [44] TPM is also known to be susceptible to SPI attacks. [45]

Plausible deniability

As with its predecessor TrueCrypt, VeraCrypt supports plausible deniability [46] by allowing a single "hidden volume" to be created within another volume. [47] The Windows versions of VeraCrypt can create and run a hidden encrypted operating system whose existence may be denied. [48] The VeraCrypt documentation lists ways in which the hidden volume deniability features may be compromised (e.g., by third-party software which may leak information through temporary files or via thumbnails) and possible ways to avoid this. [30]

Performance

VeraCrypt supports parallelized [49] :63 encryption for multi-core systems. On Microsoft Windows, pipelined read and write operations (a form of asynchronous processing) [49] :63 to reduce the performance hit of encryption and decryption. On processors supporting the AES-NI instruction set, VeraCrypt supports hardware-accelerated AES to further improve performance. [49] :64 On 64-bit CPUs VeraCrypt uses optimized assembly implementation of Twofish, Serpent, and Camellia. [15]

License and source model

VeraCrypt was forked from the since-discontinued TrueCrypt project in 2013, [8] and originally contained mostly TrueCrypt code released under the TrueCrypt License 3.0. In the years since, more and more of VeraCrypt's code has been rewritten and released under the permissive Apache License 2.0.

The TrueCrypt license is generally considered to be source-available but not free and open source. The Apache license is universally considered to be free and open source. The mixed VeraCrypt license is widely but not universally considered to be free and open source.

On 28 May 2014 TrueCrypt ceased development under unusual circumstances, [50] [51] [52] and there exists no way to contact the former developers.

VeraCrypt is considered to be free and open source by:

VeraCrypt is considered to not be free and open source by:

Most of these are due to Veracrypt and Truecrypt not having supported or endorsed licenses. For example, the FSF does not tolerate licenses that impose obligations on the end user for the execution of the software and therefore go against The Free Software Definition. [65] Debian considers all software that does not meet the guidelines of its DFSG to be non-free.

In US v. Burns, the defendant had three hard drives, the first being a system partition which was later found to contain caches of deleted child pornography and manuals for how to use VeraCrypt, with the second being encrypted, and the third having miscellaneous music files. Even though the defendant admitted to having child pornography on his second hard drive, he refused to give the password to the authorities. Despite searching for clues of previously used passwords on the first drive, and inquiries to the FBI about any weaknesses to the VeraCrypt software that could be used to access the drive partition, and brute-forcing the partition with the alphanumeric character set as potential passwords, the partition could not be accessed. Due to the defendant confessing to having child pornography on the encrypted drive, the prosecution applied to force the defendant to give away the password under the foregone conclusion doctrine in the All Writs Act. [66]

In a search of a Californian defendant's apartment for accessing child pornography, a VeraCrypt drive that was over 900 Gigabytes was found as an external hard drive. The FBI was called to assist local law enforcement, but the FBI claimed to not have found a weakness in the VeraCrypt software. The FBI also denied having a backdoor within the VeraCrypt software. It was later found that another suspect had educated the defendant into using encryption to hide his photos and videos of child pornography. Because the defendant had admitted to having child pornography on the drive as a backup anyways and chat logs relating to the other suspect educating the defendant on how to use VeraCrypt, the foregone conclusion doctrine was used again. [67]

See also

Related Research Articles

FileVault is a disk encryption program in Mac OS X 10.3 Panther (2003) and later. It performs on-the-fly encryption with volumes on Mac computers.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

<span class="mw-page-title-main">TrueCrypt</span> Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889. Common uses are to verify platform integrity, and to store disk encryption keys.

Encryption for the Masses (E4M) is a free disk encryption software for Windows NT and Windows 9x families of operating systems. E4M is discontinued; it is no longer maintained. Its author, former criminal cartel boss Paul Le Roux, joined Shaun Hollingworth to produce the commercial encryption product DriveCrypt for the security company SecurStar.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

<span class="mw-page-title-main">BitLocker</span> Disk encryption software for Microsoft Windows

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES) algorithm in cipher block chaining (CBC) or "xor–encrypt–xor (XEX)-based Tweaked codebook mode with ciphertext Stealing" (XTS) mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

<span class="mw-page-title-main">FreeOTFE</span> Disk encryption software application

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile, it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

<span class="mw-page-title-main">BestCrypt</span> Commercial disk encryption app available for Windows, Linux, macOS and Android

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

<span class="mw-page-title-main">Evil maid attack</span> Type of computer security breach

An evil maid attack is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it.

References

  1. "Contact Us – IDRIX" . Retrieved 16 November 2016.
  2. "Release Notes". July 2, 2023. Retrieved July 11, 2023.
  3. "VeraCrypt - Free Open source disk encryption with strong security for the Paranoid". Veracrypt. Retrieved 2022-05-07.
  4. "root/License.txt". VeraCrypt. TrueCrypt Foundation. 17 Oct 2016. Retrieved 23 Jul 2018.
  5. "VeraCrypt Official Site"
  6. "VeraCrypt Volume". VeraCrypt Official Website. Retrieved February 16, 2015.
  7. "Operating Systems Supported for System Encryption". VeraCrypt Official Website. Retrieved February 16, 2015.
  8. 1 2 Rubens, Paul (October 13, 2014). "VeraCrypt a Worthy TrueCrypt Alternative". eSecurity Planet. Quinstreet Enterprise. Archived from the original on December 3, 2018. Retrieved February 16, 2015.
  9. Pauli, Darren (October 18, 2016). "Audit sees VeraCrypt kill critical password recovery, cipher flaws". The Register . Archived from the original on November 15, 2018.
  10. "Encryption Algorithms". VeraCrypt Documentation. IDRIX. Retrieved 2018-03-31.
  11. "Hash Algorithms". VeraCrypt Documentation. IDRIX. Retrieved 2024-01-14.
  12. "Changelog". Changelog. IDRIX. Retrieved 2024-01-18.
  13. "Modes of Operation". VeraCrypt Documentation. IDRIX. Retrieved 2018-03-31.
  14. 1 2 3 4 "Header Key Derivation, Salt, and Iteration Count". VeraCrypt Documentation. IDRIX. Retrieved 2019-02-19.
  15. 1 2 3 4 5 6 7 8 9 "VeraCrypt Release Notes"
  16. Castle, Alex (March 2015). "Where Are We At With TrueCrypt?". Maximum PC . p. 59.
  17. "VeraCrypt - Free Open source disk encryption with strong security for the Paranoid". www.veracrypt.fr. Retrieved 2023-09-12.
  18. Constantin, Lucian (September 29, 2015). "Newly found TrueCrypt flaw allows full system compromise". PCWorld . Archived from the original on April 19, 2019.
  19. CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
  20. Rubens, Paul (June 30, 2016). "VeraCrypt a worthy TrueCrypt Alternative". eSecurity Planet. Archived from the original on December 3, 2018.
  21. 1 2 "PIM". veracrypt.fr. Retrieved 7 June 2017.
  22. Khandelwal, Swati (11 August 2015). "Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security". The Hacker News. Archived from the original on 10 April 2019. Retrieved 5 June 2017.
  23. Brinkmann, Martin (7 August 2015). "TrueCrypt alternative VeraCrypt 1.12 ships with interesting PIM feature". Ghacks . Archived from the original on 10 April 2019. Retrieved 5 June 2017.
  24. "Transcript of Episode #582". GRC.com. Retrieved 5 June 2017.
  25. "The VeraCrypt Audit Results". OSTIF. October 17, 2016. Archived from the original on May 12, 2019. Retrieved October 18, 2016.
  26. QuarksLab (October 17, 2016). VeraCrypt 1.18 Security Assessment (PDF) (Report). OSTIF. Archived (PDF) from the original on August 7, 2018. Retrieved October 18, 2016.
  27. Bédrune, Jean-Baptiste; Videau, Marion (October 17, 2016). "Security Assessment of VeraCrypt: fixes and evolutions from TrueCrypt". QuarksLab. Archived from the original on May 7, 2019. Retrieved October 18, 2016.
  28. "VeraCrypt / Forums / General Discussion: Germany BSI Security Evaluation of VeraCrypt". sourceforge.net. Retrieved 2021-12-01.
  29. "Security Evaluation of VeraCrypt". Federal Office for Information Security (BSI). 2020-11-30. Retrieved 2022-07-27.
  30. 1 2 "Security Requirements and Precautions Pertaining to Hidden Volumes". VeraCrypt Documentation. IDRIX. Retrieved 2018-03-31.
  31. "Security Requirements and Precautions". VeraCrypt Documentation. IDRIX. Retrieved February 16, 2015.
  32. Halderman, J. Alex; et al. (July 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys (PDF). 17th USENIX Security Symposium. Archived (PDF) from the original on May 12, 2019.
  33. "Physical Security". VeraCrypt Documentation. IDRIX. 2015-01-04. Retrieved 2015-01-04.
  34. Schneier, Bruce (October 23, 2009). ""Evil Maid" Attacks on Encrypted Hard Drives". Schneier on Security. Archived from the original on May 25, 2014. Retrieved May 24, 2014.
  35. "Malware". VeraCrypt Documentation. IDRIX. 2015-01-04. Retrieved 2015-01-04.
  36. "FAQ". veracrypt.fr. IDRIX. 2 July 2017.
  37. "TrueCrypt User Guide" (PDF). truecrypt.org. TrueCrypt Foundation. 7 February 2012. p. 129 via grc.com.
  38. Culp, Scott (2000). "Ten Immutable Laws Of Security (Version 2.0)". TechNet Magazine . Microsoft. Archived from the original on 9 December 2015 via Microsoft TechNet.
  39. Johansson, Jesper M. (October 2008). "Security Watch Revisiting the 10 Immutable Laws of Security, Part 1". TechNet Magazine . Microsoft. Archived from the original on 10 April 2017 via Microsoft TechNet.
  40. "LUKS support for storing keys in TPM NVRAM". github.com. 2013. Archived from the original on September 16, 2013. Retrieved December 19, 2013.
  41. Greene, James (2012). "Intel Trusted Execution Technology" (PDF) (white paper). Intel. Archived (PDF) from the original on June 11, 2014. Retrieved December 18, 2013.
  42. Autonomic and Trusted Computing: 4th International Conference (Google Books). ATC. 2007. ISBN   9783540735465. Archived from the original on August 19, 2020. Retrieved May 31, 2014.
  43. Pearson, Siani; Balacheff, Boris (2002). Trusted computing platforms: TCPA technology in context. Prentice Hall. ISBN   978-0-13-009220-5. Archived from the original on March 25, 2017. Retrieved July 21, 2016.
  44. "SetPhysicalPresenceRequest Method of the Win32_Tpm Class". Microsoft. Archived from the original on May 19, 2009. Retrieved June 12, 2009.
  45. "TPM Sniffing Attacks Against Non-Bitlocker Targets". secura.com. 2022. Archived from the original on June 30, 2022. Retrieved November 30, 2022.
  46. "Plausible Deniability". VeraCrypt Documentation. IDRIX. Retrieved 2018-03-31.
  47. "Hidden Volume". VeraCrypt Documentation. IDRIX. Retrieved 2018-03-31.
  48. "Hidden Operating System". VeraCrypt Documentation. IDRIX. Retrieved 2018-03-31.
  49. 1 2 3 "VeraCrypt User Guide" (1.0f ed.). IDRIX. 2015-01-04.
  50. Buchanan, Bill (May 30, 2014). "Encryption software TrueCrypt closes doors in odd circumstances". The Guardian . Retrieved April 9, 2022.
  51. Ratliff, Evan (March 30, 2016). "The Strange Origins of TrueCrypt, ISIS's Favored Encryption Tool". The New Yorker. Retrieved April 9, 2022.
  52. Buchanan, Bill (Nov 5, 2018). "The Fall of TrueCrypt and Rise of VeraCrypt". medium.com. Medium. Retrieved April 9, 2022.
  53. Constantin, Lucian (October 18, 2016). "Critical flaws found in open-source encryption software VeraCrypt". pcworld.com. PC World. Retrieved April 9, 2022.
  54. Long, Heinrich (August 3, 2020). "How to Encrypt Files, Folders and Drives on Windows". techspot.com. Techspot. Retrieved April 9, 2022.
  55. Hall, Christine (May 4, 2016). "DuckDuckGo Gives $225,000 to Open Source Projects". fossforce.com. FOSS Force. Retrieved April 9, 2022.
  56. "A Special Thank You to DuckDuckGo for Supporting OSTIF and VeraCrypt". ostif.org. Open Source Technology Fund. May 3, 2016. Retrieved April 9, 2022.
  57. "Need strong security? VeraCrypt is an open source disk encryption software that gives extra security against brute-force attacks". sourceforge.net. SourceForge. February 8, 2020. Retrieved April 9, 2022.
  58. McDevitt, Dan (July 18, 2018). "Privacy and anonymity-enhancing operating system Tails continued the implementation of open-source disk encryption software VeraCrypt into the GNOME user interface". opentech.fund. Open Technology Fund. Retrieved April 9, 2022.
  59. "VeraCrypt is a free, open source disk encryption program". fosshub.com. FOSSHub. Jan 17, 2021. Retrieved April 9, 2022.
  60. Kenlon, Seth (April 12, 2021). "VeraCrypt offers open source file-encryption with cross-platform capabilities". opensource.com. opensource.com. Retrieved April 9, 2022.
  61. Afolabi, Jesse (March 5, 2021). "Veracrypt – An Open Source Cross-Platform Disk Encryption Tool". fossmint.com. FOSSMINT. Retrieved April 9, 2022.
  62. "Debian Bug report logs - #814352: ITP: veracrypt -- Cross-platform on-the-fly encryption". bugs.debian.org. 10 February 2016.
  63. Phipps, Simon (2013-11-15), "TrueCrypt or false? Would-be open source project must clean up its act", InfoWorld , archived from the original on 2019-03-22, retrieved 2014-05-20
  64. "Nonfree Software Licenses". gnu.org. Free Software Foundation Licensing and Compliance Lab. January 12, 2022. Retrieved April 9, 2022.
  65. "Various Licenses and Comments about Them". Free Software Foundation. Archived from the original on 2022-12-30.
  66. US v. Burns, May 10, 2019, retrieved 2023-08-22
  67. In the Matter of the Search of a Residence in Aptos, California 95003, 2018-03-20, retrieved 2023-08-22