Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

VeraCrypt

From Wikipedia, the free encyclopedia
Free and open-source disk encryption utility
VeraCrypt
VeraCrypt 1.17 on Windows 10
DevelopersMounir Idrassi[1] via IDRIX (based inParis, France)[2] and AM Crypto (based inKobe, Japan)[3]
Initial releaseJune 22, 2013; 12 years ago (2013-06-22)
Stable release1.26.24 (May 30, 2025; 8 months ago (2025-05-30)[4]) [±]
Written inC,C++,Assembly
Operating system
PlatformIA-32,x86-64,AArch64 andarmhf
Available in43 languages[5]
TypeDisk encryption software
LicenseMulti-licensed asApache License 2.0 andTrueCrypt License 3.0[6]
Websiteveracrypt.jp Edit this on Wikidata
Repository

VeraCrypt is afree and open-sourceutility foron-the-fly encryption (OTFE).[7] The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt apartition[8] or (inWindows) the entirestorage device withpre-boot authentication.[9]

VeraCrypt is afork of the discontinuedTrueCrypt project.[10] It was initially released on 22 June 2013. Many security improvements have been implemented and concerns within the TrueCrypt codeaudits have been addressed. VeraCrypt includes optimizations to the original cryptographic hash functions and ciphers, which boost performance on modernCPUs.

Encryption scheme

[edit]

VeraCrypt employsAES,Serpent,Twofish,Camellia, andKuznyechik asciphers. Version 1.19 stopped using theMagma cipher in response to a security audit.[11] For additional security, ten different combinations ofcascaded algorithms are available:[12]

  • AES–Twofish
  • AES–Twofish–Serpent
  • Camellia–Kuznyechik
  • Camellia–Serpent
  • Kuznyechik–AES
  • Kuznyechik–Serpent–Camellia
  • Kuznyechik–Twofish
  • Serpent–AES
  • Serpent–Twofish–AES
  • Twofish–Serpent

Thecryptographic hash functions available for use in VeraCrypt areBLAKE2s-256,SHA-256,SHA-512,Streebog andWhirlpool.[13] VeraCrypt used to have support forRIPEMD-160 but it has since been removed in version 1.26.[14]

VeraCrypt'sblock cipher mode of operation isXTS.[15] It generates the header key and the secondary header key (XTS mode) usingPBKDF2 with a 512-bitsalt. By default they go through 200,000 or 500,000 iterations, depending on the underlying hash function used and whether it is system or non-system encryption.[16] The user can customize it to lower these numbers to as low as 2,048 and 16,000 respectively.[16]

Security improvements

[edit]
See also:TrueCrypt § Security audits
  • The VeraCrypt development team considered the TrueCrypt storage format too vulnerable to aNational Security Agency (NSA) attack, so it created a new format incompatible with that of TrueCrypt. VeraCrypt versions prior to 1.26.5 are capable of opening and converting volumes in the TrueCrypt format.[17][18] Since ver. 1.26.5 TrueCrypt compatibility is dropped.[19]
  • An independent security audit of TrueCrypt released 29 September 2015 found TrueCrypt includes two vulnerabilities in the Windows installation driver allowing an attackerarbitrary code execution andprivilege escalation viaDLL hijacking.[20] This was fixed in VeraCrypt in January 2016.[21]
  • While TrueCrypt uses 1,000 iterations of thePBKDF2-RIPEMD-160 algorithm for system partitions, VeraCrypt uses either 200,000 iterations (SHA-256,BLAKE2s-256,Streebog) or 500,000 iterations (SHA-512,Whirlpool) by default (which is customizable by user to be as low as 2,048 and 16,000 respectively).[16] For standard containers and non-system partitions, VeraCrypt uses 500,000 iterations by default regardless of the hashing algorithm chosen (which is customizable by user to be as low as 16,000).[16] While these default settings make VeraCrypt slower at opening encrypted partitions, it also makes password-guessing attacks slower.[22]
  • Additionally, since version 1.12, a new feature called "Personal Iterations Multiplier" (PIM) provides a parameter whose value is used to control the number of iterations used by the header key derivation function, thereby makingbrute-force attacks potentially even more difficult. VeraCrypt out of the box uses a reasonable PIM value to improve security,[23] but users can provide a higher value to enhance security. The primary downside of this feature is that it makes the process of opening encrypted archives even slower.[23][24][25][26]
  • A vulnerability in thebootloader was fixed on Windows and various optimizations were made as well. The developers added support for SHA-256 to the system boot encryption option and also fixed a ShellExecute security issue.Linux andmacOS users benefit from support for hard drives with sector sizes larger than 512. Linux also received support for theNTFS formatting of volumes.
  • Unicode passwords are supported on all operating systems since version 1.17 (except for system encryption on Windows).[17]
  • VeraCrypt added the capability to boot system partitions usingUEFI in version 1.18a.[17]
  • Option to enable/disable support for theTRIM command for both system and non-system drives was added in version 1.22.[17]
  • Erasing the system encryption keys from RAM duringshutdown/reboot helps mitigate somecold boot attacks, added in version 1.24.[17]
  • RAM encryption for keys and passwords on64-bit systems was added in version 1.24.[17]

VeraCrypt audit

[edit]

QuarksLab conducted an audit of version 1.18 on behalf of the Open Source Technology Improvement Fund (OSTIF), which took 32man-days. The auditor published the results on 17 October 2016.[17][27][28] On the same day, IDRIX released version 1.19, which resolved major vulnerabilities identified in the audit.[29]

Fraunhofer Institute for Secure Information Technology (SIT) conducted another audit in 2020, following a request by Germany'sFederal Office for Information Security (BSI), and published the results in October 2020.[30][31]

Security precautions

[edit]

There are several kinds of attacks to which all software-based disk encryption is vulnerable. As with TrueCrypt, the VeraCrypt documentation instructs users to follow various security precautions to mitigate these attacks,[32][33] several of which are detailed below.

Encryption keys stored in memory

[edit]
Main article:Cold boot attack
VeraCrypt Boot Loader

VeraCrypt stores its keys inRAM; on some personal computersDRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms may be able to recover the keys. This method, known as acold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), was successfully used to attack a file system protected byTrueCrypt versions 4.3a and 5.0a in 2008.[34] With version 1.24, VeraCrypt added the option of encrypting the in-RAMkeys and passwords onx64 editions of Windows, with a CPU overhead of less than 10%, and the option of erasing all encryption keys from memory when a new device is connected.[17]

Tampered hardware

[edit]
Main article:Evil maid attack

VeraCrypt documentation states that VeraCrypt is unable to secure data on a computer if an attacker physically accessed it and VeraCrypt is then used on the compromised computer by the user again. This does not affect the common case of a stolen, lost, or confiscated computer.[35] The attacker having physical access to a computer can, for example, install a hardware or a softwarekeylogger, abus-mastering device capturingmemory or install any other malicioushardware orsoftware, allowing the attacker to capture unencrypted data (including encryption keys and passwords) or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system.[36]

Some kinds of malware are designed tolog keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when they gain physical access to the computer.[37]

Trusted Platform Module

[edit]

VeraCrypt does not take advantage of Trusted Platform Module (TPM). VeraCrypt FAQ repeats the negative opinion of the original TrueCrypt developers verbatim.[38] The TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardwarekeystroke logger, by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. The condemning text goes so far as to claim that TPM is entirely redundant.[39]

It is true that after achieving either unrestricted physical access or administrative privileges, it is only a matter of time before other security measures in place are bypassed.[40][41] However, stopping an attacker in possession of administrative privileges has never been one of the goals of TPM. (SeeTrusted Platform Module § Uses for details.) TPM might, however, reduce the success rate of thecold boot attack described above.[42][43][44][45][46] TPM is also known to be susceptible to SPI attacks.[47]

Plausible deniability

[edit]

As with its predecessorTrueCrypt, VeraCrypt supportsplausible deniability[48] by allowing a single "hidden volume" to be created within another volume.[49] The Windows versions of VeraCrypt can create and run a hidden encrypted operating system whoseexistence may be denied.[50] The VeraCrypt documentation lists ways in which the hidden volume deniability features may be compromised (e.g., by third-party software which may leak information through temporary files or via thumbnails) and possible ways to avoid this.[32]

Performance

[edit]

VeraCrypt supportsparallelized[51]: 63  encryption formulti-core systems. On Microsoft Windows,pipelined read and write operations (a form of asynchronous processing)[51]: 63  to reduce the performance hit of encryption and decryption. On processors supporting theAES-NI instruction set, VeraCrypt supports hardware-accelerated AES to further improve performance.[51]: 64  On 64-bit CPUs VeraCrypt uses optimizedassembly implementation of Twofish, Serpent, and Camellia.[17]

License and source model

[edit]

VeraCrypt wasforked from the since-discontinuedTrueCrypt project in 2013,[10] and originally contained mostly TrueCrypt code released under the TrueCrypt License 3.0. In the years since, more and more of VeraCrypt's code has been rewritten and released under the permissiveApache License 2.0.

The TrueCrypt license is generally considered to besource-available but notfree and open source. The Apache license is universally considered to be free and open source. The mixed VeraCrypt license is widely but not universally considered to be free and open source.

On 28 May 2014 TrueCryptceased development under unusual circumstances,[52][53][54] and there exists no way to contact the former developers.

VeraCrypt is considered to be free and open source by:

VeraCrypt is not considered free and open source by:

  • Debian[65] Debian considers all software that does not meet the guidelines of itsDFSG to be non-free.

The original TrueCrypt license (but not necessarily the current combined VeraCrypt license) is not considered free and open source by:

Legal cases

[edit]

InUnited States v Burns (M.D.N.C), the defendant had three hard drives, the first being a system partition which was later found to contain caches of deletedchild pornography and manuals for how to use VeraCrypt, with the second being encrypted, and the third having miscellaneous music files. Even though the defendant admitted to having child pornography on his second hard drive, he refused to give the password to the authorities. Despite searching for clues of previously used passwords on the first drive, and inquiries to the FBI about any weaknesses to the VeraCrypt software that could be used to access the drive partition, and brute-forcing the partition with thealphanumeric character set as potential passwords, the partition could not be accessed. Due to the defendant confessing to having child pornography on the encrypted drive, the prosecution applied to force the defendant to give away the password under the foregone conclusion doctrine in theAll Writs Act.[69]

In a search of a Californian defendant's apartment for accessing child pornography, a VeraCrypt drive that was over 900gigabytes was found as an external hard drive. TheFBI was called to assist local law enforcement, but the FBI claimed to not have found a weakness in the VeraCrypt software. The FBI also denied having a backdoor within the VeraCrypt software. It was later found that another suspect had educated the defendant into using encryption to hide his photos and videos of child pornography. Because the defendant had admitted to having child pornography on the drive as a backup anyways and chat logs relating to the other suspect educating the defendant on how to use VeraCrypt, the foregone conclusion doctrine was used again.[70]

See also

[edit]

References

[edit]
  1. ^"Mounir Idrassi (idrassi)".Archived from the original on 2025-06-02. Retrieved2025-06-07.
  2. ^"Contact Us – IDRIX".Archived from the original on 2025-06-04. Retrieved2025-06-07.
  3. ^"AM Crypto – Mounir IDRASSI – Cybersecurity & Cryptography Expert".Archived from the original on 2025-06-06. Retrieved2025-06-07.
  4. ^"Release Notes". 2025-05-30. Retrieved2025-06-07.
  5. ^"VeraCrypt Files – Source Code". VeraCrypt. English (default) + 42 languages listed in "Translations" folder inside VeraCrypt_1.26.24_Source.zip archive. Retrieved2025-06-26.
  6. ^"root/License.txt".VeraCrypt. TrueCrypt Foundation. 17 Oct 2016. Archived fromthe original on 22 March 2020. Retrieved23 Jul 2018.
  7. ^"VeraCrypt Official Site"
  8. ^"VeraCrypt Volume".VeraCrypt Official Website. RetrievedFebruary 16, 2015.
  9. ^"Operating Systems Supported for System Encryption".VeraCrypt Official Website. RetrievedFebruary 16, 2015.
  10. ^abRubens, Paul (October 13, 2014)."VeraCrypt a Worthy TrueCrypt Alternative".eSecurity Planet. Quinstreet Enterprise.Archived from the original on December 3, 2018. RetrievedFebruary 16, 2015.
  11. ^Pauli, Darren (October 18, 2016)."Audit sees VeraCrypt kill critical password recovery, cipher flaws".The Register.Archived from the original on November 15, 2018.
  12. ^"Encryption Algorithms".VeraCrypt Documentation. IDRIX. Retrieved2018-03-31.
  13. ^"Hash Algorithms".VeraCrypt Documentation. IDRIX. Retrieved2024-01-14.
  14. ^"Changelog". IDRIX.Archived from the original on 2022-04-07. Retrieved2024-01-18.
  15. ^"Modes of Operation".VeraCrypt Documentation. IDRIX. Retrieved2018-03-31.
  16. ^abcd"Header Key Derivation, Salt, and Iteration Count".VeraCrypt Documentation. IDRIX. Retrieved2019-02-19.
  17. ^abcdefghi"VeraCrypt Release Notes"
  18. ^Castle, Alex (March 2015). "Where Are We At With TrueCrypt?".Maximum PC. p. 59.
  19. ^"VeraCrypt - Free Open source disk encryption with strong security for the Paranoid".www.veracrypt.fr. Retrieved2023-09-12.
  20. ^Constantin, Lucian (September 29, 2015)."Newly found TrueCrypt flaw allows full system compromise".PCWorld.Archived from the original on April 19, 2019.
  21. ^CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
  22. ^Rubens, Paul (June 30, 2016)."VeraCrypt a worthy TrueCrypt Alternative".eSecurity Planet.Archived from the original on December 3, 2018.
  23. ^ab"PIM".veracrypt.fr. Retrieved7 June 2017.
  24. ^Khandelwal, Swati (11 August 2015)."Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security".The Hacker News.Archived from the original on 10 April 2019. Retrieved5 June 2017.
  25. ^Brinkmann, Martin (7 August 2015)."TrueCrypt alternative VeraCrypt 1.12 ships with interesting PIM feature".Ghacks.Archived from the original on 10 April 2019. Retrieved5 June 2017.
  26. ^"Transcript of Episode #582".GRC.com. Retrieved5 June 2017.
  27. ^"The VeraCrypt Audit Results". OSTIF. October 17, 2016.Archived from the original on May 12, 2019. RetrievedOctober 18, 2016.
  28. ^QuarksLab (October 17, 2016).VeraCrypt 1.18 Security Assessment(PDF) (Report). OSTIF.Archived(PDF) from the original on August 7, 2018. RetrievedOctober 18, 2016.
  29. ^Bédrune, Jean-Baptiste; Videau, Marion (October 17, 2016)."Security Assessment of VeraCrypt: fixes and evolutions from TrueCrypt". QuarksLab.Archived from the original on May 7, 2019. RetrievedOctober 18, 2016.
  30. ^"VeraCrypt / Forums / General Discussion: Germany BSI Security Evaluation of VeraCrypt".sourceforge.net. Retrieved2021-12-01.
  31. ^"Security Evaluation of VeraCrypt".Federal Office for Information Security (BSI). 2020-11-30. Retrieved2022-07-27.
  32. ^ab"Security Requirements and Precautions Pertaining to Hidden Volumes".VeraCrypt Documentation. IDRIX. Retrieved2018-03-31.
  33. ^"Security Requirements and Precautions".VeraCrypt Documentation. IDRIX. RetrievedFebruary 16, 2015.
  34. ^Halderman, J. Alex; et al. (July 2008).Lest We Remember: Cold Boot Attacks on Encryption Keys(PDF). 17th USENIX Security Symposium.Archived(PDF) from the original on May 12, 2019.
  35. ^"Physical Security".VeraCrypt Documentation. IDRIX. 2015-01-04. Retrieved2015-01-04.
  36. ^Schneier, Bruce (October 23, 2009).""Evil Maid" Attacks on Encrypted Hard Drives".Schneier on Security.Archived from the original on May 25, 2014. RetrievedMay 24, 2014.
  37. ^"Malware".VeraCrypt Documentation. IDRIX. 2015-01-04. Retrieved2015-01-04.
  38. ^"FAQ".veracrypt.fr. IDRIX. 2 July 2017.
  39. ^"TrueCrypt User Guide"(PDF).truecrypt.org. TrueCrypt Foundation. 7 February 2012. p. 129 – via grc.com.
  40. ^Culp, Scott (2000)."Ten Immutable Laws Of Security (Version 2.0)".TechNet Magazine.Microsoft. Archived fromthe original on 9 December 2015 – viaMicrosoft TechNet.
  41. ^Johansson, Jesper M. (October 2008)."Security Watch Revisiting the 10 Immutable Laws of Security, Part 1".TechNet Magazine.Microsoft. Archived fromthe original on 10 April 2017 – viaMicrosoft TechNet.
  42. ^"LUKS support for storing keys in TPM NVRAM".github.com. 2013.Archived from the original on September 16, 2013. RetrievedDecember 19, 2013.
  43. ^Greene, James (2012)."Intel Trusted Execution Technology"(PDF) (white paper). Intel.Archived(PDF) from the original on June 11, 2014. RetrievedDecember 18, 2013.
  44. ^Autonomic and Trusted Computing: 4th International Conference(Google Books). ATC. 2007.ISBN 9783540735465.Archived from the original on August 19, 2020. RetrievedMay 31, 2014.
  45. ^Pearson, Siani; Balacheff, Boris (2002).Trusted computing platforms: TCPA technology in context. Prentice Hall.ISBN 978-0-13-009220-5.Archived from the original on March 25, 2017. RetrievedJuly 21, 2016.
  46. ^"SetPhysicalPresenceRequest Method of the Win32_Tpm Class".Microsoft.Archived from the original on May 19, 2009. RetrievedJune 12, 2009.
  47. ^"TPM Sniffing Attacks Against Non-Bitlocker Targets".secura.com. 2022.Archived from the original on June 30, 2022. RetrievedNovember 30, 2022.
  48. ^"Plausible Deniability".VeraCrypt Documentation. IDRIX. Retrieved2018-03-31.
  49. ^"Hidden Volume".VeraCrypt Documentation. IDRIX. Retrieved2018-03-31.
  50. ^"Hidden Operating System".VeraCrypt Documentation. IDRIX. Retrieved2018-03-31.
  51. ^abc"VeraCrypt User Guide" (1.0f ed.). IDRIX. 2015-01-04.
  52. ^Buchanan, Bill (May 30, 2014)."Encryption software TrueCrypt closes doors in odd circumstances".The Guardian. RetrievedApril 9, 2022.
  53. ^Ratliff, Evan (March 30, 2016)."The Strange Origins of TrueCrypt, ISIS's Favored Encryption Tool".The New Yorker. RetrievedApril 9, 2022.
  54. ^Buchanan, Bill (Nov 5, 2018)."The Fall of TrueCrypt and Rise of VeraCrypt".medium.com. Medium. RetrievedApril 9, 2022.
  55. ^Constantin, Lucian (October 18, 2016)."Critical flaws found in open-source encryption software VeraCrypt".pcworld.com. PC World. RetrievedApril 9, 2022.
  56. ^Long, Heinrich (August 3, 2020)."How to Encrypt Files, Folders and Drives on Windows".techspot.com. Techspot. RetrievedApril 9, 2022.
  57. ^Hall, Christine (May 4, 2016)."DuckDuckGo Gives $225,000 to Open Source Projects".fossforce.com. FOSS Force. RetrievedApril 9, 2022.
  58. ^"A Special Thank You to DuckDuckGo for Supporting OSTIF and VeraCrypt".ostif.org. Open Source Technology Fund. May 3, 2016. RetrievedApril 9, 2022.
  59. ^"Need strong security? VeraCrypt is an open source disk encryption software that gives extra security against brute-force attacks".sourceforge.net. SourceForge. February 8, 2020. RetrievedApril 9, 2022.
  60. ^McDevitt, Dan (July 18, 2018)."Privacy and anonymity-enhancing operating system Tails continued the implementation of open-source disk encryption software VeraCrypt into the GNOME user interface".opentech.fund. Open Technology Fund. RetrievedApril 9, 2022.
  61. ^"VeraCrypt is a free, open source disk encryption program".fosshub.com. FOSSHub. Jan 17, 2021. RetrievedApril 9, 2022.
  62. ^Kenlon, Seth (April 12, 2021)."VeraCrypt offers open source file-encryption with cross-platform capabilities".opensource.com. RetrievedApril 9, 2022.
  63. ^Afolabi, Jesse (March 5, 2021)."Veracrypt – An Open Source Cross-Platform Disk Encryption Tool".fossmint.com. FOSSMINT. RetrievedApril 9, 2022.
  64. ^"VeraCrypt: Source Code".veracrypt.io. RetrievedDecember 20, 2025.
  65. ^"Debian Bug report logs - #814352: ITP: veracrypt -- Cross-platform on-the-fly encryption".bugs.debian.org. 10 February 2016.
  66. ^"Nonfree Software Licenses".gnu.org. Free Software Foundation Licensing and Compliance Lab. January 12, 2022. RetrievedApril 9, 2022.
  67. ^"Various Licenses and Comments about Them".Free Software Foundation.Archived from the original on 2022-12-30.
  68. ^Phipps, Simon (2013-11-15),"TrueCrypt or false? Would-be open source project must clean up its act",InfoWorld,archived from the original on 2019-03-22, retrieved2014-05-20
  69. ^US v. Burns, May 10, 2019, retrieved2023-08-22
  70. ^In the Matter of the Search of a Residence in Aptos, California 95003, 2018-03-20, retrieved2023-08-22

External links

[edit]
Wikimedia Commons has media related toVeraCrypt.
General
Mathematics
Email clients
Secure
communication
OTR
SSH
TLS & SSL
VPN
ZRTP
P2P
DRA
Disk encryption
(Comparison)
Anonymity
File systems(List)
Security-focused
operating system
Service providers
Educational
Anti–computer forensics
Related topics
Retrieved from "https://en.wikipedia.org/w/index.php?title=VeraCrypt&oldid=1337127469"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp