VeraCrypt - darmowy program szyfrujący dane
#1
Wiadomości dotyczące "tylnej furtki do TrueCrypt", które spowodowały znaczne spowolnienie rozwoju programu oraz zmniejszenie do niego zaufania tysięcy użytkowników spowodowały rozwój podobnych, alternatywnych programów. Jedne bazują na własnych rozwiązaniach, inne na zapożyczonych, a ich przykładem jest program VeraCrypt, który rozwijany jest przez firmę IDRIX, a zbudowany jest na bazie TrueCrypt właśnie.
Program jest na razie w wersji rozwojowej, więc wysoce niezalecane jest używanie go w stosunku do ważnych, wrażliwych danych.
Podobne funkcje, podobny interfejs (niemal taki sam), ale ma znacznie bardziej zaawansowane i bezpieczne algorytmy, które jak producent twierdzi mają zabezpieczać przed próbami ataków typu "brute force"
Cytat:or example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much more harder for an attacker to gain access to the encrypted data.
Program jest darmowy, posiada wiele wersji językowych (po zrzutach można przypuszczać, że polska wersja jest również), obsługuje systemy MacOSX, Linux i Windows.

[Obrazek: 20108524_140920185549_5.jpg]
[Obrazek: 20108525_140920185613_6.jpg]

Strona producenta/programu http://www.idrix.fr/Root/content/category/7/32/46/
Pobieranie https://veracrypt.codeplex.com/
"bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
https://technet.microsoft.com/library/cc722487.aspx
Odpowiedz
#2
W nawiązaniu do wcześniejszej informacji o audycie VeraCypt - są jego wyniki i równocześnie nowa wersja, która jest na audyt odpowiedzią.
Lista zmian wskazuje na sporo poprawek, bo i podatności trochę znaleziono Smile
Lista zmian

Cytat:1.19 (October 17th, 2016):
  • All OSs:
    • Fix issues raised by Quarkslab audit.
      • Remove GOST89 encryption algorithm.
      • Make PBKDF2 and HMAC code clearer and easier to analyze.
      • Add test vectors for Kuznyechik.
      • Update documentation to warn about risks of using command line switch ”tokenpin”.
    • Use SSE2 optimized Serpent algorithm implementation from Botan project (2.5 times faster on 64-bit platforms).
  • Windows:
    • Fix keyboard issues in EFI Boot Loader.
    • Fix crash on 32-bit machines when creating a volume that uses Streebog as PRF.
    • Fix false positive detection of Evil-Maid attacks in some cases (e.g. hidden OS creation)
    • Fix failure to access EFS data on VeraCrypt volumes under Windows 10.
    • Fix wrong password error in the process of copying hidden OS.
    • Fix issues raised by Quarkslab audit:
      • Fix leak of password length in MBR bootloader inherited from TrueCrypt.
      • EFI bootloader: Fix various leaks and erase keyboard buffer after password is typed.
      • Use libzip library for handling zip Rescue Disk file instead of vulnerable XUnzip library.
    • Support EFI system encryption for 32-bit Windows.
    • Perform shutdown instead of reboot during Pre-Test of EFI system encryption to detect incompatible motherboards.
    • Minor GUI and translations fixes.
  • MacOSX:
    • Remove dependency to MacFUSE compatibility layer in OSXFuse.
https://veracrypt.codeplex.com/wikipage?...se%20Notes

Pobieranie nowej wersji
https://sourceforge.net/projects/veracry...pt%201.19/

Podsumowanie adytu

Cytat:VeraCrypt 1.18 and its bootloaders were evaluated. This release included a number of new features including non-western developed encryption options, a boot loader that supports UEFI (modern BIOSes), and more.

QuarksLab found:
8 Critical Vulnerabilities
3 Medium Vulnerabilities
15 Low or Informational Vulnerabilities / Concerns

This public disclosure of these vulnerabilities coincides with the release of VeraCrypt 1.19 which fixes the vast majority of these high priority concerns. Some of these issues have not been fixed due to high complexity for the proposed fixes, but workarounds have been presented in the documentation for VeraCrypt.
The Fixes:

Because of this audit, VeraCrypt has issued a number of fixes to both the application and the bootloader in 1.19.

The fixes include:
Removal of the GOST 28147-89 encryption option entirely. The implementation was unsafe. Functionality for decryption of volumes that used this cipher is still in place, but new volumes cannot be created using this cipher.
Removal of XZip and XUnzip. These were replaced with modern and more secure zip libraries (libzip).
Fixes implemented for the vulnerability described in section 5.1 (password length can be determined in classic bootloader).
Fixes implemented for the vulnerability described in section 7.1 for the new bootloader. (keystrokes not erased after authentication)
Fixes implemented for the vulnerability described in section 7.2 for the new bootloader. (sensitive data not correctly erased)
Fixes implemented for the vulnerability described in section 7.3 for the new bootloader. (memory corruption)
Fixes implemented for the vulnerability described in section 7.4 for the new bootloader. (null pointer, dead code, inconsistent data reads by ConfigRead, bad pointer in EFIGetHandles, null pointer dereference in the graphic library.)
Updates to user documentation for other vulnerabilities that can be closed by user practices.
https://ostif.org/the-veracrypt-audit-results/

Oficjalny komunikat Quarkslab
http://blog.quarkslab.com/security-asses...crypt.html
"bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
https://technet.microsoft.com/library/cc722487.aspx
Odpowiedz
#3
VeraCrypt 1.20-BETA1

Cytat:- All OSs: Use 64-bit optimized assembly implementation of Twofish by Jussi Kivilinna (Don't use Twofish x64 assembly implementation for UEFI bootloader (for now, yasm is not integrated in EDKII framework).
- Windows: Fix bug in EFI system decryption using EFI Rescue Disk.
- Windows: Use default mount parameters when mounting multiple favorites with password caching.
- Windows: Enable specifying PRF and TrueCryptMode for favorites.
- Windows: Enhancement to favorites handling. Add PRF/TrueCryptMode fields in favorites management dialog, and use default mount parameters when mounting multiple favorites at once.
- Windows: Don't change thread priority when benchmarking encryption algorithms for more accurate results.
- Windows: Use "Temporarily" instead of "Temporary" in the text of a preference option.
Crypto: remove unnecessary alignment adjusting code in Serpent since the SIMD implementation works with unaligned data and gain negligible compared to memcpy overhead.
- Update driver files of 1.20-BETA1 release
- Document --truecrypt option
- Language XML files: Update Russian XML file by Dmitry Yerokhin.
:: DOWNLOAD ::
Anonymous is here for the people! EXPECT US.
Odpowiedz
#4
Cytat:VeraCrypt 1.21-RC1
- All OSes:
    * Use 64-bit optimized assembly implementation of Twofish and Camellia by Jussi Kivilinna.
      - Camellia 2.5 faster when AES-NI supported by CPU. 30% faster without it.
    * Use optimized implementation for SHA-512/SHA256.
      - 33% speedup on 64-bit systems.
    * Deploy local HTML documentation instead of User Guide PDF.
    * Change links in UI from ones on Codeplex to ones hosted at veracrypt.fr
    * Security: build binaries with support for Address Space Layout Randomization (ASLR).

 - Windows:
    * Fix bug in EFI system decryption using EFI Rescue Disk
    * Enable using Secure Desktop for password entry. Add preferences option and
      command line switch (/secureDesktop) to activate it.
    * Use default mount parameters when mounting multiple favorites with password caching.
    * Enable specifying PRF and TrueCryptMode for favorites.
    * Preliminary driver changes to support EFI hidden OS functionality.
    * Fix Streebog not recognized by /hash command line.
    * Add support for ReFS filesystem on Windows 10 when creating normal volumes
    * Fix high CPU usage when favorite configured to mount with VolumeID on arrival.
    * Use CHM file for User Guide instead of PDF.
    * Fix false warning in case of EFI system encryption about Windows not installed on boot drive.
    * Enhancements to driver handling of various disk IOCTL.
    * Enhancements to EFI bootloader. Add possibility to manually edit EFI configuration file.
    * Driver Security: Use enhanced protection of NX pool under Windows 8 and later.
    * Reduce performance impact of internal check for disconnected network drives.
    * Windows: fix missing resource in 64-bit build.
    * Minor fixes.
    * Fix crash on machines without SSSE3 support in CPU by correctly checking for SSSE3 before using SHA-512 SSE2 assembly which uses PSHUFB instruction.

 - MacOSX:
    * OSX 10.7 or newer is required to run VeraCrypt.
    * Make VeraCrypt default handler of .hc & .tc files.
    * Add custom VeraCrypt icon to .hc and .tc files in Finder.
    * Check TrueCryptMode in password dialog when opening container file with .tc extension.

 - Linux:
    * Check TrueCryptMode in password dialog when opening container file with .tc extension.
    * Fix executable stack in resulting binary which was caused by crypto assembly files missing the GNU-stack note.
DOWNLOADhttps://sourceforge.net/projects/veracry...e/download
Anonymous is here for the people! EXPECT US.
Odpowiedz
Podziękowania
#5
Cytat:VeraCrypt 1.21
- All OSes:
    * Fix 1.20 regression crash when running on CPU not supporting extended features.
 Windows:
    * Fix 1.20 regression that caused PIM value stored in favorites to be ignored during mount.
* Fix 1.20 regression that causes system favorites not to mount in some cases.
    * Fix some cases of "Parameter Incorrect" error during EFI system encryption wizard.
* Install PDF documents related to EFI system encryption configuration for advanced users;
  - disk_encryption_v1_2.pdf related to EFI hidden OS and full fisk encryption
  - dcs_tpm_owner_02.pdf related to TPM configuration for EFI system encryption.
 FreeBSD:
    * Add support for building on FreeBSD.
DOWNLOADhttps://sourceforge.net/projects/veracry...pt%201.21/
Anonymous is here for the people! EXPECT US.
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości