Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Concept
VeraCrypt
Summary
VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or (in Windows) the entire storage device with pre-boot authentication.
VeraCrypt is a fork of the discontinued TrueCrypt project. It was initially released on 22 June 2013. Many security improvements have been implemented and concerns within the TrueCrypt code audits have been addressed. VeraCrypt includes optimizations to the original cryptographic hash functions and ciphers, which boost performance on modern CPUs.
VeraCrypt employs AES, Serpent, Twofish, Camellia, and Kuznyechik as ciphers. Version 1.19 stopped using the Magma cipher in response to a security audit. For additional security, ten different combinations of cascaded algorithms are available:
AES–Twofish
AES–Twofish–Serpent
Camellia–Kuznyechik
Camellia–Serpent
Kuznyechik–AES
Kuznyechik–Serpent–Camellia
Kuznyechik–Twofish
Serpent–AES
Serpent–Twofish–AES
Twofish–Serpent
The cryptographic hash functions available for use in VeraCrypt are RIPEMD-160, SHA-256, SHA-512, Streebog and Whirlpool.
VeraCrypt's block cipher mode of operation is XTS. It generates the header key and the secondary header key (XTS mode) using PBKDF2 with a 512-bit salt. By default they go through 200,000 to 655,331 iterations, depending on the underlying hash function used. The user can customize it to start as low as 2,048.
TrueCrypt#Security audits
The VeraCrypt development team considered the TrueCrypt storage format too vulnerable to a National Security Agency (NSA) attack, so it created a new format incompatible with that of TrueCrypt. VeraCrypt is still capable of opening and converting volumes in the TrueCrypt format.
An independent security audit of TrueCrypt released 29 September 2015 found TrueCrypt includes two vulnerabilities in the Windows installation driver allowing an attacker arbitrary code execution and privilege escalation via DLL hijacking.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.