Skip to content

VeraCrypt version 1.24
Compare
Choose a tag to compare
@idrassi idrassi released this 07 Oct 16:41
· 1093 commits to master since this release
VeraCrypt_1.24
6d7f752
This commit was signed with the committer’s verified signature.
idrassi Mounir IDRASSI
GPG key ID: 02C30AE90FAE4A6F
Verified
Learn about vigilant mode.

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Bitbucket

Changes between 1.23-Hotfix-2 and 1.24 (6 October 2019) :
  • All OSs:
    • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
    • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
    • Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
    • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
    • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
  • Windows:
    • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
      • Available only on 64-bit machines.
      • Disabled by default. Can be enabled using option in UI.
      • Less than 10% overhead on modern CPUs.
      • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
    • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
    • New security features:
      • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
      • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
      • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
    • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
    • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
    • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
    • Several enhancements and fixes for EFI bootloader:
      • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
      • Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
      • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
      • Fix ESC on password prompt during Pre-Test not starting Windows.
      • Add menu entry in Rescue Disk that enables starting original Windows loader.
      • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
      • If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
        • This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
    • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
    • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
    • Update libzip to version 1.5.2
    • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
    • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
    • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
    • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
    • Ensure that only one thread at a time can create a secure desktop.
    • Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
    • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
    • Minor UI changes.
    • Updates and corrections to translations and documentation.
  • MacOSX:
    • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
  • Linux:
    • Make CLI switch --import-token-keyfiles compatible with Non-Interactive mode.
    • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
Assets 2
Loading