安基网 首页 电脑 软件精选 查看内容

VeraCrypt 1.24 发布,开源加密软件

2019-10-9 12:45| 投稿: xiaotiger |来自: 互联网


免责声明:本站系公益性非盈利IT技术普及网,本文由投稿者转载自互联网的公开文章,文末均已注明出处,其内容和图片版权归原网站或作者所有,文中所述不代表本站观点,若有无意侵权或转载不当之处请从网站右下角联系我们处理,谢谢合作!

摘要: VeraCrypt 1.24 发布,VeraCrypt 是 TrueCrypt 的分支,于2013年6月发布,项目的主要开发者是来自法国的安全顾问 Mounir Idrassi 。Idrassi 创建 VeraCrypt 分支的动机是在 2012 年他被要求在客户产品中整合 TrueCrypt,他评估了 TrueCrypt代码后发现它存在一些问题,TrueCrypt 的主要弱点是不能防御暴 ...

VeraCrypt 1.24 发布,VeraCrypt 是 TrueCrypt 的分支,于2013年6月发布,项目的主要开发者是来自法国的安全顾问 Mounir Idrassi 。Idrassi 创建 VeraCrypt 分支的动机是在 2012 年他被要求在客户产品中整合 TrueCrypt,他评估了 TrueCrypt代码后发现它存在一些问题,TrueCrypt 的主要弱点是不能防御暴力破解攻击。在加密系统分区时,TrueCrypt 使用 PBKDF2-RIPEMD160 算法进行 1000 次迭代;对于标准容器和非系统分区,TrueCrypt 最多迭代 2000 次。相比之下,VeraCrypt 使用 PBKDF2-RIPEMD160 算法对系统分区迭代 327,661 次,对于标准容器和非系统分区,迭代次数进一步增加到 655,331 次,大幅增加暴力破解难度。结果是,VeraCrypt 打开加密分区的速度略慢,而它的加密格式也不兼容于 TrueCrypt。另一个 TrueCrypt 分支 CipherShed 项目则努力兼容 TrueCrypt 加密格式。(以上介绍内容来自 Solidot)

VeraCrypt 增强了用于系统和分区加密的算法的安全性,使其免受暴力破解攻击。VeraCrypt 还解决了TrueCryp t中发现的许多漏洞和安全问题。 以下帖子描述了一些改进和更正:https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

VeraCrypt on the fly encrypting the system partition :

VeraCrypt creating an encrypted volume :

完整改进记录包括:

  • All OSs:
  • Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
  • Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
  • Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
  • Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
  • Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
  • Windows:
  • Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
  • Available only on 64-bit machines.
  • Disabled by default. Can be enabled using option in UI.
  • Less than 10% overhead on modern CPUs.
  • Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
  • Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
  • New security features:
  • Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
  • Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
  • Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
  • MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
  • MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
  • Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
  • Several enhancements and fixes for EFI bootloader:
  • Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
  • Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
  • Enhance Rescue Disk implementation of restoring VeraCrypt loader.
  • Fix ESC on password prompt during Pre-Test not starting Windows.
  • Add menu entry in Rescue Disk that enables starting original Windows loader.
  • Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
  • If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
  • This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
  • Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
  • Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
  • Update libzip to version 1.5.2
  • Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
  • Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
  • Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
  • Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
  • Ensure that only one thread at a time can create a secure desktop.
  • Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
  • Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
  • Minor UI changes.
  • Updates and corrections to translations and documentation.
  • MacOSX:
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
  • Linux:
  • Make CLI switch --import-token-keyfiles compatible with Non-Interactive mode.
  • Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.

文章转载自 OSCHINA 社区 [http://www.oschina.net]

本文标题:VeraCrypt 1.24 发布,开源加密软件

本文地址:https://www.oschina.net/news/110407/veracrypt-1-24-released



小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!

本文出自:https://www.toutiao.com/a6745598276659069443/

免责声明:本站系公益性非盈利IT技术普及网,本文由投稿者转载自互联网的公开文章,文末均已注明出处,其内容和图片版权归原网站或作者所有,文中所述不代表本站观点,若有无意侵权或转载不当之处请从网站右下角联系我们处理,谢谢合作!


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论

 最新
返回顶部