VeraCrypt, free disk encryption software bought from IDRIX, is now accepting Bitcoin donations. Based on TrueCrypt, VeraCrypt adds enhanced security to the algorithms used for system and partition encryption, which supposedly makes it immune to new developments in brute-force attacks. VeraCrypt decided to accept Bitcoin donations upon request from members of the Bitcoin community.
is a source-available freeware utility used for on-the-fly encryption (OTFE) to create a virtual encrypted disk within a file or to encrypt a partition. Earlier in 2014, VeraCrypt started receiving appreciation among those who were reluctant to continue using TrueCrypt or did not want to wait for the CipherShed fork to mature. Later on, it was found that the people behind TrueCrypt abandoned the project itself. Thus, VeraCrypt hopes to ease the disappointment TrueCrypt users felt upon the project’s abandonment.
Worthy Alternative to TrueCrypt?
VeraCrypt, a fork of the original TrueCrypt code, was launched in June 2013 by IT security consultant Mounir Idrassi. The French consultant got the idea of developing VeraCrypt in 2012 when he was asked to integrate TrueCrypt with a client’s product. While he was working on this project, he carried out a security audit of the code and discovered some issues. Though these were no big issues, there were some small things that he wanted to address, prompting him to start VeraCrypt.
According to Idrassi, TrueCrypt was not secure; the main weakness in program was that the software did not adequately transform passwords to derive keys. Idrassi found that TrueCrypt’s transformation was not very complex, and did not provide efficient security — especially with cloud cracking systems. Idrassi also said that, for the past 10 years, government agencies like the NSA have developed infrastructure and tools to do forensic analysis of TrueCrypt volumes.
Enhanced Security Compared to TrueCrypt
Comparing the security features between the erstwhile TrueCrypt and VeraCrypt, the website explains:
“When the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool. This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner, but it makes it much harder for an attacker to gain access to the encrypted data.”
No Protection if Malware Installed
VeraCrypt documentation makes it clear that it cannot secure data on a computer if it has any kind of malware installed. Clarifying the point further, the documentation says that some kinds of malware are designed to log keystrokes. For instance, typed passwords may be sent to the attacker over the Internet or saved to an unencrypted local drive, from which the attacker might be able to read the passwords upon gaining physical access to the computer.
Independent Researchers Have Reviewed VeraCrypt’s Source Code
When a Reddit user posted the decision by VeraCrypt to accept Bitcoin, some users showed their concern over the auditing of the source code. However, visiting VeraCrypt’s FAQ page claims that the software’s source code is constantly being reviewed by many independent researchers and users.
To support this claim, the FAQ page says that many bugs and several security issues have been discovered by independent researchers while reviewing the source code. Additionally, VeraCrypt claims to have fixed all major issues found in TrueCrypt by the Open Crypto Audit project.
Image source: PixaBay
No comments:
Post a Comment