Germany’s BSI has published the English report of a security evaluation of #VeraCrypt done by Fraunhofer SIT. We provided feedback during the finalization of the report and version 1.24-Update7 contains changes related to the evaluation.
The report is available at https://www.bsi.bund.de/DE/Publikationen/Studien/VeraCrypt/veracrypt.html
No security flaws found but potential weakness in JitterEntropy and /dev/random random generators that were fixed in 1.24-Update7 and use of old RIPEMD160 which will be replaced by Blake2s in next version.
In order to ensure the integrity of the file VeraCrypt_1.24-Update7_Bundle.7z that contains all VeraCrypt 1.24-Update7 released files, I'm publishing its checksums and its PGP signature so that everybody can do the verification of the downloaded file in the future.
The signature and checksums are available at the following links:
Here is its SHA256 checksum: e21facc8 289a3e9a f3653e1b 8e4e9e6e fc5cae03 f1d05dc0 69f38e8c 07b7a968
#VeraCrypt 1.24-Update4 is out. It fixes regressions and brings some changes. Windows users are advised to update if they use RAM encryption to avoid issues when creating volumes or using Expander. Linux users who need to create hidden volumes should update to this version. List of changes at https://www.veracrypt.fr/en/Release%20Notes.html.
For future integrity checks, the checksums and PGP signature of the bundle file for this version are published at:
This video is also a #VeraCrypt container (password = test). You can read more on how to achieve this on the following forum post: https://sourceforge.net/p/veracrypt/discussion/general/thread/66496da807/#77d8
We are sharing an encrypted pastbin based on PrivateBin, with file upload and URL shortening (shortner on same server with no URL logging): https://bin.veracry.pt
We have been using it internally for some time and we hope it will be useful to others.
For Linux users of #VeraCrypt: a know issue exists in version 1.24 where on some distribution VeraCrypt would request the admin password for every mount or dismount. A workaround is to launch VeraCrypt form Terminal.
We are working on a fix for this.
FYI, this issue is caused by a change done in version 1.24 where we use the command "sudo -n uptime" to query if a sudo session is active instead of the method used in previous versions where VeraCrypt was authenticating with a dummy password.
Open source disk encryption based with strong security for the Paranoid
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!