VeraCrypt version 1.18a

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Codeplex

Changes between 1.17 and 1.18a (17 August 2016) :

• All OSs:
  • Support Japanese encryption standard Camellia, including for Windows system encryption (MBR & EFI).
  • Support Russian encryption and hash standards Kuznyechik, Magma and Streebog, including for Windows EFI system encryption.
• Windows:
  • Support EFI Windows system encryption (limitations: no hidden os, no boot custom message)
  • Fix TrueCrypt vulnerability allowing detection of hidden volumes presence(reported by Ivanov Aleksey Mikhailovich, alekc96 [at] mail dot ru)
  • Enhanced protection against dll hijacking attacks.
  • Fix boot issues on some machines by increasing required memory by 1 KiB
  • Add benchmarking of hash algorithms and PRF with PIM (including for pre-boot).
  • Move build system to Visual C++ 2010 for better stability.
  • Workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
  • Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit.
  • Implement passing smart card PIN as command line argument (/tokenpin) when explicitly mounting a volume.
  • When no drive letter specified, choose A: or B: only when no other free drive letter is available.
  • Reduce CPU usage caused by the option to disable use of disconnected network drives.
  • Add new volume ID mechanism to be used to identify disks/partitions instead of their device name.
  • Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
  • Add option and command line switch to hide waiting dialog when performing operations.
  • Add checkbox in "VeraCrypt Format" wizard GUI to skip Rescue Disk verification during system encryption procedure.
  • Allow files drag-n-drop when VeraCrypt is running as elevated process.
  • Minor GUI and translations fixes.
• Linux:
  • Fix mount issue on Fedora 23.
  • Fix mount failure when compiling source code using gcc 5.x.
  • Adhere to XDG Desktop Specification by using XDG_CONFIG_HOME to determine location of configuration files.
• MacOSX:
  • Solve compatibility issue with newer versions of OSXFuse.

VeraCrypt version 1.17

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Codeplex

Changes between 1.16 and 1.17 (13 February 2016) :

• All OSs:
  • Support UNICODE passwords: all characters are now accepted in passwords (except Windows system encryption)
  • Cut mount/boot time by half thanks to a clever optimization of key derivation (found by Xavier de Carné de Carnavalet)
  • Optimize Whirlpool code by using assembly (25% speed gain compared to previous code).
  • Add support for creating exFAT volumes.
  • Add GUI indicator for the amount of randomness gathered using mouse movement.
  • Include new icons and graphics contributed by Andreas Becker
• Windows:
  • Fix dll hijacking issue affecting installer that allows code execution with elevation of privilege (CVE-2016-1281). Reported by Stefan Kanthak
  • Sign binaries using both SHA-1 and SHA-256 to follow new Microsoft recommendations.
  • Solve issues under Comodo/Kaspersky when running an application from a VeraCrypt volume (Reported and fixed by Robert Geisler)
  • Bootloader: Protect password/PIM length by filling the fields to maximum length with '*' after ENTER
  • Solve issue with system favorites not being able to be mounted to drive A:
  • Solve lost focus issues for after displaying the waiting dialog
  • Solve rare issue where some partitions where associated with wrong disk the "Select Device" dialog.
  • Implement PIM caching, for both system encryption and normal volumes. Add options to activate it.
  • Don't try mounting using cached passwords if password and/or keyfile are specified in the command line.
  • Internal rewrite to make VeraCrypt native UNICODE application.
  • Workaround to avoid false positive detection by some anti-virus software.
  • Hide disconnected network drives in the list of available drives. Add option to make them available for mounting.
  • Solve issue that caused in some cases configuration and history XML files to be updated even when not needed.
  • Fix leak of path of selected keyfiles in RAM.
  • Fix TB unit can't be deselected in VeraCryptExpander.
  • Add Alt+i keyboard shortcut for "Use PIM" checkbox.
  • Minor GUI and translations fixes.
• Linux/MacOSX:
  • Fix issue of --stdin option not handling correctly passwords that contain a space character (reported and fixed by Codeplex user horsley1953).
  • Fix issue creating volumes using command line with a filesystem other than FAT.
  • Support K/M/G/T suffixes for --size switch to indicate unit to use for size value.

VeraCrypt version 1.16

Binaries for Windows, Linux and MacOSX are available at Launchpad, Sourceforge and Codeplex

Changes between 1.15 and 1.16 (7 October 2015) :

• Windows:
  • Modify patch for CVE-2015-7358 vulnerability to solve side effects on Windows while still making it very hard to abuse drive letter handling.
  • Fix failure to restore volume header from an external file in some configurations.
  • Add option to disable “Evil Maid” attack detection for those encountering false positive cases (e.g. FLEXnet/Adobe issue).
  • By default, don’t try to mount using empty password when default keyfile configured or keyfile specified in command line. Add option to restore the old behavior.
    • If mounting using empty password is needed, explicitly specify so in the command line using: /p ""

VeraCrypt version 1.15

Changes between 1.14 and 1.15 (26 September 2015) :

• Windows:
  • Fix two TrueCrypt vulnerabilities reported by James Forshaw (Google Project Zero)
    • CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by abusing drive letter handling.
    • CVE-2015-7359: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.
  • Fix regression in mounting of favorite volumes at user logon.
  • Fix display of some Unicode languages (e.g. Chinese) in formatting wizard.
  • Set keyboard focus to PIM field when "Use PIM" is checked.
  • Allow Application key to open context menu on drive letters list
  • Support specifying volumes size in TB in the GUI (command line already supports this)

VeraCrypt version 1.14

Changes between 1.13 and 1.14 (16 September 2015) :

• All OSs:
  • Mask and unmask PIM value in GUI and bootloader like the password.
• Windows:
  • Solve Rescue Disk damaged error when using cascade ciphers and SHA256 for system encryption.
  • Solve option "Cache password in drive memory" always disabled even if checked in preferences.
  • Solve UI language change not taken into account for new install unless a preference is changed.
  • Implement creating file containers using command line.
  • Driver: disable support of IOCTL_STORAGE_QUERY_PROPERTY by default and add option to enable it.
  • Driver: Support returning StorageDeviceProperty if IOCTL_STORAGE_QUERY_PROPERTY is supported.
  • Support setting volume label in Explorer through mount option or favorite label value.
  • Fix for Hot Keys assignment dialog issue where OEM-233 is always displayed and can't be changed.
  • Always copy both 32-bit and 64-bit executable binaries during install and in Traveler Disk Setup.
  • Traveler Disk will again use 32-bit exe by default while also offering 64-bit exe.
  • On Windows 64-bit, 32-bit exe files are now available(e.g. if needed to use 32-bit PKCS#11 dll)
  • Include Volume Expander in Traveler Disk Setup.
  • Don't offer creating a restore point if it is disabled in Windows.
  • Add possibility to verify a Rescue Disk ISO image file.
  • Minors fixes in the installer, GUI and driver.
• Linux:
  • Support supplying password using stdin in non interactive mode (contributed by LouisTakePILLz
  • Example: veracrypt -t ${IMAGE_PATH} ${MOUNT_PATH} --mount --non-interactive --stdin <<< "$PWD"

VeraCrypt version 1.13

Binaries for Windows, Linux and MacOSX are available at Sourceforge

Changes between 1.12 and 1.13 (9 August 2015) :

• Windows:
  • Solve TOR crashing when run from a VeraCrypt volume.

Changes between 1.0f-2 and 1.12 (5 August 2015) :

• All OSs:
  • Implement "Dynamic Mode" by supporting a Personal Iterations Multiplier (PIM). See documentation for more information.
• Windows:
  • Detect Boot Loader tampering ("Evil Maid" attacks) for system encryption and propose recovery options.
  • Fix buffer overrun issue and other memory related bugs when parsing language XML files.
  • Fix wrongly reported bad sectors by chkdsk caused by a bug in {"IOCTL_DISK_VERIFY"} handling.
  • Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
  • Fix system favorites not always mounting after cold start.
  • Solve installer error when updating VeraCrypt on Windows 10.
  • Implement decryption of non-system partition/drive.
  • Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
  • Allow using drive letters A: and B: for mounting volumes
  • Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
  • Add possibility to show system encryption password in Windows GUI and bootloader
  • Solve "Class Already exists" error that was happening for some users.
  • Solve some menu items and GUI fields not translatable
  • Make volumes correctly report Physical Sector size to Windows.
  • Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
  • Add manual selection of partition when resuming in-place encryption.
  • Add command line option (/cache f) to temporarily cache password during favorites mounting.
  • Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
  • Add extra information to displayed error message in order to help analyze reported issues.
  • Disable menu entry for changing system encryption PRF since it's not yet implemented.
  • Fix failure to change password when UAC required (inherited from TrueCrypt)
  • Minor fixes and changes (see Git history for more details)
• Linux:
  • Solve installer issue under KDE when xterm not available
  • Fix warnings on about/LegalNotice dialogs when wxWidgets linked dynamically (N/A for official binary)
  • Support hash names with '-' in command line (sha-256, sha-512 and ripemd-160)
  • Remove "--current-hash" switch and add "--new-hash" to be more coherent with existing switches.
  • When only keyfile specified in command line, don't try to mount using empty password.
    • If mounting using empty password is needed, explicitly specify so using: -p ""

VeraCrypt version 1.12

There is compatibility issue between this version and Tor Browser. Subsequent version 1.13 corrects this and it should be used instead.

Changes between 1.0f-2 and 1.12 (5 August 2015) :

• All OSs:
  • Implement "Dynamic Mode" by supporting a Personal Iterations Multiplier (PIM). See documentation for more information.
• Windows:
  • Detect Boot Loader tampering ("Evil Maid" attacks) for system encryption and propose recovery options.
  • Fix buffer overrun issue and other memory related bugs when parsing language XML files.
  • Fix wrongly reported bad sectors by chkdsk caused by a bug in {"IOCTL_DISK_VERIFY"} handling.
  • Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
  • Fix system favorites not always mounting after cold start.
  • Solve installer error when updating VeraCrypt on Windows 10.
  • Implement decryption of non-system partition/drive.
  • Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
  • Allow using drive letters A: and B: for mounting volumes
  • Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
  • Add possibility to show system encryption password in Windows GUI and bootloader
  • Solve "Class Already exists" error that was happening for some users.
  • Solve some menu items and GUI fields not translatable
  • Make volumes correctly report Physical Sector size to Windows.
  • Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
  • Add manual selection of partition when resuming in-place encryption.
  • Add command line option (/cache f) to temporarily cache password during favorites mounting.
  • Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
  • Add extra information to displayed error message in order to help analyze reported issues.
  • Disable menu entry for changing system encryption PRF since it's not yet implemented.
  • Fix failure to change password when UAC required (inherited from TrueCrypt)
  • Minor fixes and changes (see Git history for more details)
• Linux:
  • Solve installer issue under KDE when xterm not available
  • Fix warnings on about/LegalNotice dialogs when wxWidgets linked dynamically (N/A for official binary)
  • Support hash names with '-' in command line (sha-256, sha-512 and ripemd-160)
  • Remove "--current-hash" switch and add "--new-hash" to be more coherent with existing switches.
  • When only keyfile specified in command line, don't try to mount using empty password.
    • If mounting using empty password is needed, explicitly specify so using: -p ""

VeraCrypt version 1.0f-2

Binaries for Windows, Linux and MacOSX are available at Sourceforge and Codeplex

Changes between 1.0f-1 and 1.0f-2 (5 April 2015) :

• All OSs:
  • Mounting speed improvement, up to 20% quicker on 64-bit (contributed by Nils Maier)
  • Add option to set default hash/TrueCryptMode used for mounting volumes.
  • Use TrueCryptMode/Hash specified in command line in password dialog.
• Windows:
  • Solve CryptAcquireContext vulnerability reported by Open Crypto Audit Phase II.
  • Proper handling of random generator failures. Inform user in such cases.
  • TrueCrypt Mode related changes:
  • Support mounting TrueCrypt system partition (no conversion yet)
  • Support TrueCrypt volumes as System Favorites.
  • Correct displaying wrong TrueCrypt mode in volume properties when SHA-256 is used.
  • Solve PIN BLOCKED issue with smart cards in a special case.
  • Correctly handle file access errors when mounting containers.
  • Solve several issues reported by the Static Code Analysis too Coverity.
  • Bootloader: Add "Verifying Password..." message.
  • When UAC prompt fails (for example timeout), offer the user to retry the operation.
  • Uninstall link now open the standard "Add/Remove Programs" window.
  • On uninstall, remove all VeraCrypt references from registry and disk.
  • Included VeraCryptExpander in the Setup.
  • Add option to temporary cache password when mounting multiple favorites.
  • Minor fixes and enhancements (see git history for more information)
• MacOSX:
  • Solve issue volumes not auto-dismounting when quitting VeraCrypt.
  • Solve issue VeraCrypt window not reopening by clicking dock icon
• Linux/MacOSX:
  • Solve preferences dialog not closing when clicking on the 'X' icon.
  • Solve read-only issue when mounting non-FAT volumes in some cases.
  • Support opening/exploring mounted volumes on desktops other than Gnome/KDE.
  • Solve various installer issues when running on less common configurations
  • Minor fixes (see git history for more information)

VeraCrypt version 1.0f-1

Binaries for Windows, Linux and MacOSX are available at Sourceforge

Changes between 1.0f and 1.0f-1 (4 January 2015) :

• All OSs:
  • Add support for old TrueCrypt 6.0.
  • Change naming of cascades algorithms in GUI for a better description.
• Linux/MacOSX:
  • Make cancel button of the preference dialog working.
  • Solve impossibility to enter a one digit size for the volume.
  • Add wait dialog to the benchmark calculation.
• Windows:
  • For Windows XP, correct the installer graphical artefacts.
  • Add TrueCrypt mode to the mounted volume information.

Changes between 1.0e and 1.0f (30 December 2014) :

• All OSs:
  • Add support for mounting TrueCrypt volumes.
  • Add support for converting TrueCrypt containers and non-system partitions.
  • Add support for SHA-256 for volume encryption.
  • Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD160
  • Deprecate RIPEMD160 for non-system encryption.
  • Speedup mount operation by enabling choice of correct hash algorithm.
  • Display a wait dialog during lengthy operations to avoid freezing the GUI.
  • Implement creation of multiple keyfiles at once, with predefined or random size.
  • Always display random gathering dialog before performing sensitive operations.
  • Links in the application now points to the online resources on Codeplex
  • First version of proper VeraCrypt User Guide
• MacOSX:
  • Implement support for hard drives with a large sector size (> 512).
  • Link against new wxWidgets version 3.0.2
  • Solve truncated text in some Wizard windows.
• Linux:
  • Add support of NTFS formatting of volumes.
  • Correct issue on opening of the user guide PDF
  • Better support for hard drives with a large sector size (> 512).
  • Link against new wxWidgets version 3.0.2
• Windows:
  • Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
  • Add support for SHA-256 in system boot encryption.
  • Various optimizations in bootloader.
  • Complete fix of ShellExecute security issue.
  • Kernel driver: check that the password length received from bootloader is less or equal to 64.
  • Correct a random crash when clicking the link for more information on keyfiles
  • Implement option to auto-dismount when user session is locked
  • Add self-test vectors for SHA-256
  • Modern look-and-feel by enabling visual styles.
  • few minor fixed.

VeraCrypt version 1.0f

Binaries for Windows, Linux and MacOSX are available at Sourceforge and CodePlex.

Changes between 1.0e and 1.0f (30 December 2014) :

• All OSs:
  • Add support for mounting TrueCrypt volumes.
  • Add support for converting TrueCrypt containers and non-system partitions.
  • Add support for SHA-256 for volume encryption.
  • Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD160
  • Deprecate RIPEMD160 for non-system encryption.
  • Speedup mount operation by enabling choice of correct hash algorithm.
  • Display a wait dialog during lengthy operations to avoid freezing the GUI.
  • Implement creation of multiple keyfiles at once, with predefined or random size.
  • Always display random gathering dialog before performing sensitive operations.
  • Links in the application now points to the online resources on Codeplex
  • First version of proper VeraCrypt User Guide
• MacOSX:
  • Implement support for hard drives with a large sector size (> 512).
  • Link against new wxWidgets version 3.0.2
  • Solve truncated text in some Wizard windows.
• Linux:
  • Add support of NTFS formatting of volumes.
  • Correct issue on opening of the user guide PDF
  • Better support for hard drives with a large sector size (> 512).
  • Link against new wxWidgets version 3.0.2
• Windows:
  • Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
  • Add support for SHA-256 in system boot encryption.
  • Various optimizations in bootloader.
  • Complete fix of ShellExecute security issue.
  • Kernel driver: check that the password length received from bootloader is less or equal to 64.
  • Correct a random crash when clicking the link for more information on keyfiles
  • Implement option to auto-dismount when user session is locked
  • Add self-test vectors for SHA-256
  • Modern look-and-feel by enabling visual styles.
  • few minor fixed.