VeraCrypt Updated to v1.24

VeraCrypt was updated to v1.24 .VeraCrypt is a free and open source disk encryption software for macOS Linux and Windows. You can download VeraCrypt 1.24 here.

If you’re new to VeraCrypt, you can check our beginner’s guide to Veracrypt.

Jump over the break to check out the changelog:

  • All OSs:
    • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
    • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
    • Use Hardware RNG based on CPU timing jitter “Jitterentropy” by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
    • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
    • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
  • Windows:
    • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
      • Available only on 64-bit machines.
      • Disabled by default. Can be enabled using option in UI.
      • Less than 10% overhead on modern CPUs.
      • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
    • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
    • New security features:
      • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
      • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
      • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
    • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
    • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
    • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
    • Several enhancements and fixes for EFI bootloader:
      • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to “shutdown”.
      • Implement new actions “shutdown” and “reboot” for EFI DcsProp config file.
      • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
      • Fix ESC on password prompt during Pre-Test not starting Windows.
      • Add menu entry in Rescue Disk that enables starting original Windows loader.
        • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
        • If “VeraCrypt” folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
          * This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its “VeraCrypt” folder.
    • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
    • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
    • Update libzip to version 1.5.2
    • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
    • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
    • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
    • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
    • Ensure that only one thread at a time can create a secure desktop.
    • Updates and corrections to translations and documentation.
    • Resize some dialogs in Format and Mount Options to to fix some text truncation issues with non-English languages.
    • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
    • Minor UI changes.
  • macOS:
    • Add check on size of file container during creation to ensure it’s smaller than available free disk space. Add CLI switch –no-size-check to disable this check.
  • Linux:
    • Make CLI switch –import-token-keyfiles compatible with Non-Interactive mode.
    • Add check on size of file container during creation to ensure it’s smaller than available free disk space. Add CLI switch –no-size-check to disable this check.