After a year of development project release , which develops a fork of the TrueCrypt disk partition encryption system, its existence. VeraCrypt is notable for replacing the RIPEMD-160 algorithm used in TrueCrypt with SHA-512 and SHA-256, increasing the number of hash iterations, simplifying the build process for Linux and macOS, eliminating identified in the process TrueCrypt source code. At the same time, VeraCrypt provides a compatibility mode with TrueCrypt partitions and contains tools for converting TrueCrypt partitions to the VeraCrypt format. Code developed by the VeraCrypt project licensed under Apache 2.0, and borrowed from TrueCrypt supplied under the TrueCrypt License 3.0.
In the new release:
- For non-system partitions, the maximum length of passwords has been increased to 128 characters in UTF-8 encoding. To ensure compatibility with older systems, an option has been added to limit the maximum password size to 64 characters;
- Library support added as an alternative to the CPU RDRAND instruction , which uses jitter (jitter) for hardware generation of pseudo-random numbers, based on taking into account deviations in the re-execution time of a certain set of instructions on the CPU (CPU execution time jitter), which depends on many internal factors and is unpredictable without physical control over the CPU;
- The performance of the XTS mode has been optimized on 64-bit systems with support for SSE2 instructions. Optimizations on average allowed to increase performance by 10%;
- Added code to determine if the CPU supports RDRAND/RDSEED instructions and Hygon processors. Fixed issues with detecting AVX2/BMI2 support;
- For Linux, added "--import-token-keyfiles" option to CLI compatible with non-interactive mode;
- For Linux and macOS, added a check for free space in the FS to accommodate the created file container. To disable the check, the "--no-size-check" flag is provided;
- For Windows, the mode of storing keys and passwords in memory in encrypted form is implemented using the ChaCha12 cipher, the t1ha hash and CSPRNG based on ChaCha20. By default, this mode is disabled, as it leads to an increase in overhead by approximately 10% and does not allow you to put the system into sleep mode. For Windows, protection has also been added against some attacks on extracting data from memory, based on the implemented in method of limiting access to the memory of users who do not have administrator rights. Added clearing keys before shutting down, before rebooting or (optionally) when connecting a new device. Improvements have been made to the UEFI bootloader. Added support for using CPU instructions RDRAND and RDSEED as an additional source of entropy. Added mount mode without assigning a letter to the partition.
Source: opennet.ru