VeraCrypt is a free disk encryption software based on TrueCrypt. It adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
For example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.
This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much more harder for an attacker to gain access to the encrypted data.
VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.
Changes between 1.17 and 1.18:
- Support Japanese encryption standard Camellia, including for Windows system encryption (MBR & EFI).
- Support Russian encryption and hash standards Kuznyechik, Magma and Streebog, including for Windows EFI system encryption.
- Solve compatibility issue with newer versions of OSXFuse.
- Fix mount issue on Fedora 23.
- Fix mount failure when compiling source code using gcc 5.x.
- Adhere to XDG Desktop Specification by using XDG_CONFIG_HOME to determine location of configuration files.
- Support EFI Windows system encryption (limitations: no hidden os, no boot custom message)
- Fix TrueCrypt vulnerability allowing detection of hidden volumes presence(reported by Ivanov Aleksey Mikhailovich, alekc96 [at] mail dot ru)
- Enhanced protection against dll hijacking attacks.
- Fix boot issues on some machines by increasing required memory by 1 KiB
- Add benchmarking of hash algorithms and PRF with PIM (including for pre-boot).
- Move build system to Visual C++ 2010 for better stability.
- Workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
- Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit.
- Implement passing smart card PIN as command line argument (/tokenpin) when explicitly mounting a volume.
- When no drive letter specified, choose A: or B: only when no other free drive letter is available.
- Reduce CPU usage caused by the option to disable use of disconnected network drives.
- Add new volume ID mechanism to be used to identify disks/partitions instead of their device name.
- Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
- Add option and command line switch to hide waiting dialog when performing operations.
- Add checkbox in "VeraCrypt Format" wizard GUI to skip Rescue Disk verification during system encryption procedure.
- Allow files drag-n-drop when VeraCrypt is running as elevated process.
- Minor GUI and translations fixes.