Tuesday, October 21, 2014

Making VeraCrypt better

When I started VeraCrypt back in 2013, the project attracted little attention but after the collapse of the TrueCrypt the number of users started to grow.
This prompted me to publish Linux and MacOSX version of VeraCrypt as requested by many, and to add other security enhancements by fixing a long list of vulnerabilities in the original TrueCrypt source, either discovered by the Open Crypto Audit project (https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf), found by running Static Code Analysis tools or found by internal review of the source.

The result was VeraCrypt 1.0e which was published on September 4th 2014. It can be downloaded on CodePlex or Sourceforce.

After the publication of the interview I had with Paul Rubens from "eSecurity Planet", many people started asking about the list of enhancement implemented so far in VeraCrypt. I posted an answer to that in the Codeplex discussion forum : https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

And what's next? The next target is to deprecate the aging RIPEMD-160 especially in boot encryption and to replace it with SHA-256. This requires a lot of work because of the bootloader constraints but hopefully I'll be able to publish a beta version soon.

Also, in order to give the users the freedom of choosing the security level they need and for those who complain about the slowness of VeraCrypt, a security level choice will be introduced : when creating VeraCrypt encrypted containers or when encryption the system partition, the user can choose between a high security level (equivalent to what VeraCrypt does now), a medium level and a low security level.
Hopefully, this will help accelerate the adoption of VeraCrypt among a wider segment of users.