When overwriting an existing file container during volume creation, add its current size to the available free space
Add Corsican language support. Update several translations.
Update documentation
.
Windows:
Officially, the minimum supported version is now Windows 10. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.
EFI Bootloader:
Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.
Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from disk
Addition of Blake2s and removal of RIPEMD160 & GOST89
Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.
Memory protection blocks non-admin processes from reading VeraCrypt memory
It may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabled
It can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt"
Add process mitigation policy to prevent VeraCrypt from being injected by other processes
Fix Secure Desktop issues under Windows 11 22H2
Implement support for mounting partially encrypted system partitions.
Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)
Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held
Allow choosing Fast Create in Format Wizard UI when creating file containers
Fix formatting issues during volume creation on some machines.
Fix stall issue caused by Quick Format of large file containers
Add dropdown menu to Mount button to allow mounting without using the cache.
Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.
Make Expander first check file existence before proceeding further
Allow selecting size unit (KB/MB/GB) for generated keyfiles
Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes
Support drag-n-drop of files and keyfiles in Expander.
Implement translation of Expander UI
Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility
Enhancements to dependency dlls safe loading, including delay loading.
remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.
Add support for more language in the setup installer
Update LZMA library to version 23.01
Update libzip to version 1.10.0 and zlib to version 1.3.
.
Linux:
Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.
Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.
Fix compatibility issues with Ubuntu 23.04.
Fix assert messages displayed when using wxWidgets 3.1.6 and newer.
Fix issues launching fsck on Linux.
Fix privilege escalation prompts being ignored.
Fix wrong size for hidden volume when selecting the option to use all free space.
Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.
Fix various issues when running in Text mode:
Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.
Fix wrong dismount message displayed when mounting a volume.
Hide PIM during entry and re-ask PIM when user entered a wrong value.
Fix printing error when checking free space during volume creation in path doesn't exist.
Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)
Fix compatibility of generic installers with old Linux distros
Update help message to indicate that when cascading algorithms they must be separated by dash
Better compatibility with building under Alpine Linux and musl libc
.
macOS:
Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.
Last edit: Enigma2Illusion 2023-09-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My thanks to DLL125 for updating the nightly VeraCrypt build to use the new zlib version 1.3 library. There appear to be significant non-security bugfixes within it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Missing capitalization of the first word. "when overwriting an existing file container" ... instead of "When overwriting an existing file container" ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You will not be able to mount the volumes starting with 1.26 version if previously you were using the VeraCrypt application and you had to use the TrueCrypt Mode checkbox in order to mount the old TrueCrypt partitions.
Or if the old partitions were using RIPEMD160 for the hash (PKCS-5 PRF), you will not be able to mount them in VeraCrypt starting with 1.26 version.
Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.
Last edit: Enigma2Illusion 2023-07-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Does it mean that if I have old TrueCrypt volumes, then I have to keep the old version of VeraCrypt on my computer? If there is no way to convert TrueCrypt volumes to VeraCrypt ones, this is very inconvenient.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Does it mean that if I have old TrueCrypt volumes, then I have to keep the old version of VeraCrypt on my computer?
Yes.
You will need to use a version of VeraCrypt prior to 1.26 in portable mode since you cannot have two different installations of VeraCrypt installed on the PC at the same time.
If there is no way to convert TrueCrypt volumes to VeraCrypt ones, this is very inconvenient.
You can convert TrueCrypt file containers and partitions to VeraCrypt if the volumes and partitions were created using TrueCrypt versions 6.x and 7.x version. You will have to convert using VeraCrypt versions prior to 1.26.
You can convert TrueCrypt file containers and partitions to VeraCrypt if the volumes and partitions were created using TrueCrypt versions 6.x and 7.x version. You will have to convert using VeraCrypt versions prior to 1.26.
I feel naïve. After using VeraCrypt for so long I didn’t know VeraCrypt could convert containers like this! I had previously just created a new container, mounted both it and the old container and moved the contents to the new container. This is a really useful feature.
Will this documentation still stay on the website even when version 1.25.9 is discontinued? Or perhaps the documentation is placed into an Archive section? Thank you.
Last edit: AJ B 2023-07-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@DimmY, I think the easiest thing to do is to use the latest version of VeraCrypt that supports TrueCrypt file containers, or a TrueCrypt system, and then decrypt them, move the data to somewhere temporary, and make new ones under VeraCrypt. I've only used encrypted volumes, not file containers. Decrypting a VeraCrypt volume, uninstalling that version of VeraCrypt, and the installing an older version of VeraCrypt, and then encrypting the system partition, is the method I have to use if I want to downgrade my version of VeraCrypt.
@idrassi, I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones.
👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones
Agreed. Another reason to keep this version for download will be for anyone who wishes to use it on Windows 7 and Windows 8.1 since I believe it will also be the last version to support them.
I’m looking forward to the upcoming 1.26 version for use on my Windows 11 systems but only when its ready, its better to take all the time necessary and great a quality update.
Many thanks as always for the hard work.
Last edit: AJ B 2023-07-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
"If there is no way to convert...this is very inconvenient." I realize that people have different workflows and what is difficult or easy for one person is not the same difficulty or easiness for another. Here is how most people deal with the "problem" of "converting":
1) Using the newest version of VeraCrypt currently available, make a new container (or remove the encryption from a volume with whatever it's encrypted with),
2) Move the data (or re-encrypt the volume) that was in the old container (or volume) into the new container (or volume), whatever the case may be,
3) Done.
It's a matter of moving data over (or re-encrypting), not "converting" anything. Veracrypt CAN convert, yes, but just make the brand new container or volume and move the data over.
I'm just trying to make a point, and that is that removing TrueCrypt (dead since 2014) support or removing possibly insecure hash algorithms* to keep VeraCrypt the premier data protection application that it is, is not the "disaster" that some seem to think it is.
I am confused about the error I am still getting when creating a test file container using the Fast Create using my only user account on my PC which by default has Administrator privileges.
You fixed the error I was getting if I opened the VeraCrypt application as "Run as Administrator" from this error report.
My question is why is my only Windows user account that is Administrator is still getting the create errors for Fast Create?
Steps to recreate:
1. Create Volume
2. Create an encrypted file container
3. Standard VeraCrypt volume
4. Volume Location: test.hc
5. Encryption Algorithm: Serpent, Hash Algorithm: Whirlpool
6. Volume Size: 500 MB
7. Volume Password: 1
8. See attachments. I did not include the third error which was the path of the file container in my Documents folder.
While you are logged as admin, the programs you execute do not run with the fullest privileges possible. This is a security measure, as most people run Windows under administrator accounts and this was meant to diminish the risk associated with that, albeit just by a small amount.
When you select "Run as Administrator" and your user is an administrator the program is launched with the original unrestricted access token. If your user is not an administrator you are prompted for an administrator account, and the program is run under that account.
Last edit: Enigma2Illusion 2023-07-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you @enigma2illusion for the feedback. I have fixed the README.TXT typo.
Regarding the Fast Create feature, it's indeed true that elevation is needed to get the necessary Windows privilege, SE_MANAGE_VOLUME_NAME. That's why the prompt suggests the user to relaunch "VeraCrypt Format" with administrator permissions.
Ideally, I would have wanted to find a way to opportunistically get the SE_MANAGE_VOLUME_NAME privilege, thereby eliminating the need for process-wide elevation. Luckily, it appears that a solution might be within reach: I'm considering leveraging the same COM-based elevation technique we currently use for certain operations, such as scanning the outer volume's filesystem bitmap during the creation of a hidden volume.
The idea is that we could let the elevated COM instance grant the SE_MANAGE_VOLUME_NAME privilege to our non-elevated instance when the need arises.
I'm planning to conduct some tests to assess the feasibility of this approach. If it proves to be successful, this could significantly enhance the user experience for the Fast Create feature.
🎉
1
👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Does this issue only occur when using the 1.26 version?
If no, then please create a new topic so discussions regarding this issue can be done in a different thread since this thread is specific to new problems or issues as a result of the 1.26 version.
Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.
In my personal opinion this is a mistake because it breaks backwards
compatibility. Consider this hypothetical example: what if one day AES and SHA2
are completely broken? In the name of security you'd remove them from VeraCrypt.
Then suddenly nobody will be able to mount their volumes anymore with the new
version of VeraCrypt. Treat the user with more respect: warn them but leave them
the choice, including the choice to convert the volumes -- with the new version.
For another example of this kind of thinking take the Microsoft Safety Scanner.
It is a virus scanner that expires in 10 days. That means that it cannot be run
to scan for viruses after the expiration date. Well thank you very much. An old
scanner that at least scans wouldn't have been nearly as useless as an old
scanner that doesn't scan at all! Warn the user, don't force the user.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Re: 1.26 and the planned dropping of support for TrueCrypt volumes and RIPEMD160 and GOST89 algorithms:
I am a casual VeraCrypt user. Pretty much "set it and forget it". I have 1 very important non-system volume which I mount daily (Windows 10).
Using ver. 1.25.9, I mounted the volume and opened the Volume Properties. Can anyone please tell me what I should be looking for here that would indicate my volume will no longer mount with version 1.26?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Version 1.26.6 has been released for testing on Windows and Linux and installers are available at:
https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/
Message from the developer:
https://sourceforge.net/p/veracrypt/discussion/general/thread/263a8d11aa/?page=1&limit=25#6024
Changes between 1.25.9 and 1.26.6 (21 September 2023) :
.
.
.
Last edit: Enigma2Illusion 2023-09-21
Thank you for all your hard work!!
My thanks to DLL125 for updating the nightly VeraCrypt build to use the new zlib version 1.3 library. There appear to be significant non-security bugfixes within it.
Thanks for your work! Much appreciated!
Hi @idrassi
Typo in the 1.26.4 Release Notes & README.TXT:
*Remove TrueCrypt Mode support - what does it mean for old partitions created in TroeCrypt 7?
@ziv2006
You will not be able to mount the volumes starting with 1.26 version if previously you were using the VeraCrypt application and you had to use the TrueCrypt Mode checkbox in order to mount the old TrueCrypt partitions.
Or if the old partitions were using RIPEMD160 for the hash (PKCS-5 PRF), you will not be able to mount them in VeraCrypt starting with 1.26 version.
Last edit: Enigma2Illusion 2023-07-25
Does it mean that if I have old TrueCrypt volumes, then I have to keep the old version of VeraCrypt on my computer? If there is no way to convert TrueCrypt volumes to VeraCrypt ones, this is very inconvenient.
@d-i-m-m-y
Yes.
You will need to use a version of VeraCrypt prior to 1.26 in portable mode since you cannot have two different installations of VeraCrypt installed on the PC at the same time.
You can convert TrueCrypt file containers and partitions to VeraCrypt if the volumes and partitions were created using TrueCrypt versions 6.x and 7.x version. You will have to convert using VeraCrypt versions prior to 1.26.
https://www.veracrypt.fr/en/TrueCrypt%20Support.html
https://www.veracrypt.fr/en/Converting%20TrueCrypt%20volumes%20and%20partitions.html
However, I would create new VeraCrypt volumes and partitions if the following is important to you.
Version 1.18:
The above issue required both a software update and recreating the VeraCrypt volume if plausible deniability was important to you.
Last edit: Enigma2Illusion 2023-07-25
I feel naïve. After using VeraCrypt for so long I didn’t know VeraCrypt could convert containers like this! I had previously just created a new container, mounted both it and the old container and moved the contents to the new container. This is a really useful feature.
Will this documentation still stay on the website even when version 1.25.9 is discontinued? Or perhaps the documentation is placed into an Archive section? Thank you.
Last edit: AJ B 2023-07-27
@DimmY, I think the easiest thing to do is to use the latest version of VeraCrypt that supports TrueCrypt file containers, or a TrueCrypt system, and then decrypt them, move the data to somewhere temporary, and make new ones under VeraCrypt. I've only used encrypted volumes, not file containers. Decrypting a VeraCrypt volume, uninstalling that version of VeraCrypt, and the installing an older version of VeraCrypt, and then encrypting the system partition, is the method I have to use if I want to downgrade my version of VeraCrypt.
@idrassi, I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones.
Agreed. Another reason to keep this version for download will be for anyone who wishes to use it on Windows 7 and Windows 8.1 since I believe it will also be the last version to support them.
I’m looking forward to the upcoming 1.26 version for use on my Windows 11 systems but only when its ready, its better to take all the time necessary and great a quality update.
Many thanks as always for the hard work.
Last edit: AJ B 2023-07-27
"If there is no way to convert...this is very inconvenient." I realize that people have different workflows and what is difficult or easy for one person is not the same difficulty or easiness for another. Here is how most people deal with the "problem" of "converting":
1) Using the newest version of VeraCrypt currently available, make a new container (or remove the encryption from a volume with whatever it's encrypted with),
2) Move the data (or re-encrypt the volume) that was in the old container (or volume) into the new container (or volume), whatever the case may be,
3) Done.
It's a matter of moving data over (or re-encrypting), not "converting" anything. Veracrypt CAN convert, yes, but just make the brand new container or volume and move the data over.
I'm just trying to make a point, and that is that removing TrueCrypt (dead since 2014) support or removing possibly insecure hash algorithms* to keep VeraCrypt the premier data protection application that it is, is not the "disaster" that some seem to think it is.
*See @enigma2illusion post here: https://sourceforge.net/p/veracrypt/discussion/general/thread/8bf650d8ce/#2277/df44/97e1
Last edit: Thinking Monkey 2023-08-27
Hi @idrassi
I am confused about the error I am still getting when creating a test file container using the Fast Create using my only user account on my PC which by default has Administrator privileges.
You fixed the error I was getting if I opened the VeraCrypt application as "Run as Administrator" from this error report.
My question is why is my only Windows user account that is Administrator is still getting the create errors for Fast Create?
My account is an Administrator Account.
Steps to recreate:
1. Create Volume
2. Create an encrypted file container
3. Standard VeraCrypt volume
4. Volume Location: test.hc
5. Encryption Algorithm: Serpent, Hash Algorithm: Whirlpool
6. Volume Size: 500 MB
7. Volume Password: 1
8. See attachments. I did not include the third error which was the path of the file container in my Documents folder.
Last edit: Enigma2Illusion 2023-07-25
1.26.4 No error on my computer (Win 11 x64)
My PC is running Windows 10 Pro 64-bit 22H2 OS Build 19045.3208 using Windows Defender.
Last edit: Enigma2Illusion 2023-07-25
@idrassi
Never mind my Fast Create error when using an Administrator account.
I reread your explanation in your post and discovered that Administrator account is not running with full administrator privileges.
https://answers.microsoft.com/en-us/windows/forum/all/difference-between-run-as-administrator-and-just/c737fb68-a627-445c-8e79-94fcca5d8d50
Last edit: Enigma2Illusion 2023-07-25
Thank you @enigma2illusion for the feedback. I have fixed the README.TXT typo.
Regarding the Fast Create feature, it's indeed true that elevation is needed to get the necessary Windows privilege, SE_MANAGE_VOLUME_NAME. That's why the prompt suggests the user to relaunch "VeraCrypt Format" with administrator permissions.
Ideally, I would have wanted to find a way to opportunistically get the SE_MANAGE_VOLUME_NAME privilege, thereby eliminating the need for process-wide elevation. Luckily, it appears that a solution might be within reach: I'm considering leveraging the same COM-based elevation technique we currently use for certain operations, such as scanning the outer volume's filesystem bitmap during the creation of a hidden volume.
The idea is that we could let the elevated COM instance grant the SE_MANAGE_VOLUME_NAME privilege to our non-elevated instance when the need arises.
I'm planning to conduct some tests to assess the feasibility of this approach. If it proves to be successful, this could significantly enhance the user experience for the Fast Create feature.
Removed.
Made separated thread regarding this issue.
Last edit: Mikael 2023-07-26
@sorrow1
Does this issue only occur when using the 1.26 version?
If no, then please create a new topic so discussions regarding this issue can be done in a different thread since this thread is specific to new problems or issues as a result of the 1.26 version.
Thank you.
@enigma2illusion No It happens on the latest stable version of veracrypt as well, I'll make a separated thread about it.
Last edit: Mikael 2023-07-26
Planning to modularize the following features?
https://github.com/veracrypt/VeraCrypt/issues/1143
https://sourceforge.net/p/veracrypt/discussion/features/thread/ba874eea79/#5e1d/93de
In my personal opinion this is a mistake because it breaks backwards
compatibility. Consider this hypothetical example: what if one day AES and SHA2
are completely broken? In the name of security you'd remove them from VeraCrypt.
Then suddenly nobody will be able to mount their volumes anymore with the new
version of VeraCrypt. Treat the user with more respect: warn them but leave them
the choice, including the choice to convert the volumes -- with the new version.
For another example of this kind of thinking take the Microsoft Safety Scanner.
It is a virus scanner that expires in 10 days. That means that it cannot be run
to scan for viruses after the expiration date. Well thank you very much. An old
scanner that at least scans wouldn't have been nearly as useless as an old
scanner that doesn't scan at all! Warn the user, don't force the user.
You will still be able to convert TrueCrypt volumes after you upgrade to 1.26 version by using an older VeraCrypt version's portable mode.
https://sourceforge.net/p/veracrypt/discussion/general/thread/263a8d11aa/?limit=25#4f0a/d5b9/2fb1/2a1b
Re: 1.26 and the planned dropping of support for TrueCrypt volumes and RIPEMD160 and GOST89 algorithms:
I am a casual VeraCrypt user. Pretty much "set it and forget it". I have 1 very important non-system volume which I mount daily (Windows 10).
Using ver. 1.25.9, I mounted the volume and opened the Volume Properties. Can anyone please tell me what I should be looking for here that would indicate my volume will no longer mount with version 1.26?