Fin dal responsabile del progetto ... (credito a questo thread )
VeraCrypt not only enhances security over the original TrueCrypt
through an increased iterations count, but it also solves all the
serious security issues and weaknesses discovered so far in the source
code. A good list of these weaknesses can be found in the
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
We have documented these security changes in the git commits. The
important ones start with "Windows vulnerability fix" and "Static Code
Analysis". I'll use the list if the Open Crypto Audit project :
Weak Volume Header key derivation algorithm: fixed since the birth of VeraCrypt. As of 2014, any security professional will tell you that
PBKDF2 should be used with a minimum of 10000 iteration for a high
security, combined with a strong password. The 1000 count comes from
2004 and it is outdated, and that's why the Open Crypto Audit placed
it as the first vulnerability. In VeraCrypt, we choose since 2013 a
very high iterations count to meet the increasing security
requirements, hopefully for the next 10 years.
Multiple issues in the bootloader decompressor : fixed in git and it will be released in version 1.0f. This was very challenging because
of the size requirements of the bootloader. We had to optimize the
code size of many part in order to make room for the modifications of
the decompressor.
Windows kernel driver uses memset() to clear sensitive data: fixed since version 1.0e
TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG kernel pointer disclosure: fixed since version 1.0e
IOCTL_DISK_VERIFY integer overflow: fixed since version 1.0e
- MainThreadProc() integer overflow: fixed since version 1.0e
- MountVolume() device check bypass: fixed since version 1.0e
- GetWipePassCount() / WipeBuffer() can cause BSOD: fixed since version 1.0e
Moreover, the VeraCrypt source code has ben checked using two static
code analyzer tools and they reported many issues that were solved
(commits starting with "Static Code Analysis"). One of the most time
consuming part was the complete rewrite of string manipulation code in
order to use Safe String functions instead of the vulnerable string.h
ones (both in user mode and kernel mode). Other fixes included :
- correcting memory leaks
- fixing potential overflow when parsing language file that can exploited.
- fixing non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).
While we inherited much of the code of TrueCrypt, we have introduced
many modifications and corrections that enhances the overall security
with a big margin. Of course, most of these modifications are
invisible to the general user but security experts can easily checks
the current state of the code and validate our approach.
I'm taking this opportunity to announce that we have been able to
implement SHA-256 key derivation for system boot encryption (200 000
iterations). TrueCrypt has been always supporting only RIPEMD-160 for
system partition encryption and this clearly needed an upgrade because
of the aging RIPEMD-160 even if no public attack exists for it.
Because of different limitations in the boot loader (code size,
memory), this was not an easy task and we had to introduce
optimizations and new bootloader management in the VeraCrypt formating
program in order to be able to support RIPEMD-160 and SHA-256 at the
same time.
We'll publish soon a beta version of VeraCrypt 1.0f that will include
this SHA-256 in order to have feedback from users.
For those who wonder why we implemented SHA-256 and not SHA-512 for
the bootloader, the answer is that it was not possible to implement
SHA-512 in the 16-bit environment of the bootloader because it needs
64-bit operations which can't be decomposed efficiently into 16-bit
operations. On the other hand, SHA-256 uses 32-bit operations which
adapts easily to the 16-bit environment even if we lose performance.
Voila voila...I hope I have been able to answer your questions and to
show how VeraCrypt is a descent secure alternative to TrueCrypt.
Cheers,