I consider this a Release Candidate for the official version that will succeed 1.26.7 after nearly one year. Therefore, tests and feedback are welcome.
Of course, some ongoing issues have not been addressed in this release as they require more work (e.g., ReFS support, Windows driver).
❤️
2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@fzxx: I was planning to add it because it seemed simple, but I didn't have enough time to implement it correctly (since it must handle different decimal point values across languages). Additionally, the file container size is a multiple of 512, so if we allow any value, we need to ensure that VeraCrypt's logic is robust enough to ignore extra bytes at the end. So, after all, it's not as simple as it seems.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you Enigma2Illusion for your kind words. Indeed, it takes a lot of time to prepare all binaries for all platforms. It's been a long time since I last prepared a full release so setting up the necessary infrastructure is taking some time. I need to think of a way to automate Linux builds while still ensuring the security and integrity of the process as they are the most time-consuming part.
❤️
2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I really like VeraCrypt and have been using it for a long time. I've also been translating this application since March 2022.
Obviously, I'm happy to see new releases coming with new functions and bugs fixed. But I agree with some previous comments regarding your private life: this is the most important!
Thanks a lot for this project and take care of you and yours!
Cheers,
Patriccollu.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I noticed in the Source Code the change item:
"Windows: Only load valid XML language files (Language.xx.xml or Language.xx-yy.xml format)".
I looked in my C:\Program Files\VeraCrypt\Languages directory and found an old XML file with an install date of 7/25/2023 from the 1.26.4 version called "for_use_veracrypt_languagexml_pt_BR.xml".
Snippet of the contents of the XML file in Notepad:
VeraCrypt>
<localization prog-version= "1.26.4">
<language langid="pt-br" name="Português-Brasil" en-name="Portuguese (Brazil)" version="0.2.0" translators="Thiago C. L. Mendes, Lecidio S. Alencar , Lucas C. Ferreira, Transifex contributors" />
During upgrades, the installer should wipe and recreate the files in
C:\Program Files\VeraCrypt\Languages directory since it appears an old file was not removed during the multiple upgrades from 1.26.4 version to 1.26.13 version.
Last edit: Enigma2Illusion 2024-08-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
thank you for your great work but I'm starting to lose faith that we will ever get the nvme ssd slow speeds fixed even if the issues it's been known for more than 5 years now and it supposed to be fixed in version 1.27, there hasn't been made any progress towards it
😕
1
👎
1
Last edit: hiddengod 2024-08-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Mounir posted that his availability to work on VeraCrypt is going to be extremely limited due to personal family obligations requiring more of his time.
Hence, I would say to all VeraCrypt users that have been wanting or waiting for a certain feature are not likely going to see them implemented anytime soon unless Mounir gets coding, testing and maintenance help from other people. Kudos to @jertzukka for the many Linux code, testing and maintenance contributions. Thank you!
Mounir is a kind person and he would ideally love to address the many VeraCrypt improvements and feature requests. However, the demands of Mounir's personal life, his job and for the good of his mental health require him to greatly reduce his stress levels by stepping away from the VeraCrypt project. VeraCrypt does not reduce Mounir's stress levels nor pay the bills.
However, the main challenge lies in the Windows aspect of VeraCrypt, which is a significant portion of VeraCrypt user base and currently lacks active contributors.
.
Those complaining could help by recruiting people to contribute to the VeraCrypt coding, testing and maintenance. Try recruiting people from your universities and/or contact crypto developers.
❤️
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I donated some years ago and I'll gladly donate again IF we would have something clear on the table.
Say is required 10k $ for him to fix this issue in 3 months, then put a btc address and when it reaches 10k from donations he starts working on it, otherwise I have no use of veracrypt in this current form and donating in the blind without a clear path is not my cup of tea anymore.
😕
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@hiddengod: Thank you for your support and feedback.
I completely understand that the lack of a clear roadmap doesn't inspire confidence in donating when a specific feature is the target. While lack of funding for complex tasks like the SSD issue is a factor, another challenge is my inability to guarantee availability due to personal issues I’ve previously explained, which limit my free time.
That being said, I am working on finding a way to dedicate more day work time to VeraCrypt in addition to my free time. If things progress as I hope in the coming months, I might be able to provide more clarity about the roadmap and my availability, which, in turn, will offer more confidence to those considering donating.
❤️
2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Something to be mindful of is the xz utils backdoor a few months ago. I suspect Veracrypt would be a target for something similar, so any new contributors should be vetted carefully, and pressure on Mounir to "be faster" should be ignored, which so far has been which is good!
The developer of xz faced pressure similar to Mounir to be faster with updates.
Hi. I'd be happy to contribute some of my time, but I'm not sure where to start / what i could pick up.
I consider myself versed in IT security, but have been working only in the website space for the last 15 years or so - coding mostly in php, with a bit of python/js/java thrown in. Never done any proper crypto. Run Win10 on my own rig. Proficient in italian/english/french.
Sorry for spamming this thread ;-)
❤️
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@ggiunta: Thank you for your offer to help; I really appreciate it. VeraCrypt development is primarily in C/C++, so I'm not sure how much assistance you can provide in that area.
However, there is one task on the TODO list where your experience might be valuable. On Linux and macOS, VeraCrypt implements a crash handler to submit crash reports if the user consents. However, this functionality currently does nothing because it has never been implemented on the VeraCrypt website.
We collect technical information about the crash in a string and then invoke a URL with this string appended.
What is needed is a webpage (in PHP, for example) that would gather this information and store it in a database in a usable format. An admin interface should allow exploration of the entries in the database and the ability to export them.
Additionally, the webpage should include protection against spam and DOS attacks.
Would it be possible for you to propose a solution for this? Even a proof of concept would be helpful.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@idrassi indeed that sounds like something I could tackle. I'd start out with a discussion about the hosting infrastructure and the security / privacy implications of the data storage. Is that something ok for a forum discussion, or better to go for a chat or conf call?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@ggiunta:
Thank you for your willingness to contribute! I'm glad to hear that the task aligns with your expertise.
Regarding your question about discussing details in the forum, it is ok: we aim to keep all activities around VeraCrypt public and transparent, so any input or concerns you have can be openly discussed here.
Concerning the crash reporting mechanism, it collects the following information:
Program version: The specific version of VeraCrypt that encountered the issue.
Operating system version: The version of the OS on which the crash occurred.
Hardware architecture: Information about the CPU architecture (e.g., x86_64, ARM).
Checksum of the VeraCrypt executable: A checksum that helps verify the integrity of the executable.
Error category: The signal number indicating the type of error.
Error address: The memory address where the fault occurred.
Call stack: The sequence of function calls leading up to the error.
It's important to note that no personal information is included in the crash reports. The call stack captured is purely technical and does not contain any user data.
That being said, the server will naturally receive the user's IP address as part of the HTTP request. However, this IP address should not be stored in the database to protect user privacy. At the same time, implementing rate limiting or other mechanisms based on IP addresses would be a necessary step to protect against potential DOS attacks or spam submissions.
At this stage, I think the primary focus should be on:
Database Design: structure and format of data, without retaining IP addresses or any other personal information.
Web Application Security: Implementing measures like rate limiting or CAPTCHAs to protect against abuse.
What do you think?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Version 1.26 and newer of VeraCrypt versions has deprecated the following features:
.
See documentation below for remediation procedures.
Conversion Guide for VeraCrypt 1.26 and Later
https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/
Changes between 1.26.7 and1.26.14 (25 August 2024) :
Last edit: Enigma2Illusion 2024-08-25
I consider this a Release Candidate for the official version that will succeed 1.26.7 after nearly one year. Therefore, tests and feedback are welcome.
Of course, some ongoing issues have not been addressed in this release as they require more work (e.g., ReFS support, Windows driver).
Do you plan to implement decimal points in the next version?
https://sourceforge.net/p/veracrypt/discussion/features/thread/fefca6baa7/
@fzxx: I was planning to add it because it seemed simple, but I didn't have enough time to implement it correctly (since it must handle different decimal point values across languages). Additionally, the file container size is a multiple of 512, so if we allow any value, we need to ensure that VeraCrypt's logic is robust enough to ignore extra bytes at the end. So, after all, it's not as simple as it seems.
EDIT:
Move discussion out of the 1.26.13 thread to the feature request thread since this thread should be about any issues with 1.26.13 version.
Last edit: Enigma2Illusion 2024-08-21
Thank you Mounir. I have updated the title to Release Candidate.
Regarding the README.TXT for Linux section, did you mean to indent the last Linux item as relating to the item above?
Last edit: Enigma2Illusion 2024-08-18
I provided your requested feedback on the documentation in the ticket below.
https://sourceforge.net/p/veracrypt/tickets/561/
Thank you Enigma2Illusion for the feedback. Your suggestions have been incorporated.
@idrassi
Thank you for updating the documentation!
Also thank you for the two days of work effort to release the 1.26.13 Release Candidate.
Thank you Enigma2Illusion for your kind words. Indeed, it takes a lot of time to prepare all binaries for all platforms. It's been a long time since I last prepared a full release so setting up the necessary infrastructure is taking some time. I need to think of a way to automate Linux builds while still ensuring the security and integrity of the process as they are the most time-consuming part.
We're all rooting for you, Mounir, your family, your projects, life, work, and veracrypt
@aravaara: thank you for your kind words, they mean a lot to me.
Hi Mounir,
I really like VeraCrypt and have been using it for a long time. I've also been translating this application since March 2022.
Obviously, I'm happy to see new releases coming with new functions and bugs fixed. But I agree with some previous comments regarding your private life: this is the most important!
Thanks a lot for this project and take care of you and yours!
Cheers,
Patriccollu.
@idrassi
I noticed in the Source Code the change item:
"Windows: Only load valid XML language files (Language.xx.xml or Language.xx-yy.xml format)".
I looked in my C:\Program Files\VeraCrypt\Languages directory and found an old XML file with an install date of 7/25/2023 from the 1.26.4 version called "for_use_veracrypt_languagexml_pt_BR.xml".
Snippet of the contents of the XML file in Notepad:
During upgrades, the installer should wipe and recreate the files in
C:\Program Files\VeraCrypt\Languages directory since it appears an old file was not removed during the multiple upgrades from 1.26.4 version to 1.26.13 version.
Last edit: Enigma2Illusion 2024-08-21
thank you for your great work but I'm starting to lose faith that we will ever get the nvme ssd slow speeds fixed even if the issues it's been known for more than 5 years now and it supposed to be fixed in version 1.27, there hasn't been made any progress towards it
Last edit: hiddengod 2024-08-21
@hiddengod
Mounir posted that his availability to work on VeraCrypt is going to be extremely limited due to personal family obligations requiring more of his time.
https://sourceforge.net/p/veracrypt/discussion/general/thread/6d0c0dfdc8/?page=1&limit=25#ab89
Hence, I would say to all VeraCrypt users that have been wanting or waiting for a certain feature are not likely going to see them implemented anytime soon unless Mounir gets coding, testing and maintenance help from other people. Kudos to @jertzukka for the many Linux code, testing and maintenance contributions. Thank you!
Mounir is a kind person and he would ideally love to address the many VeraCrypt improvements and feature requests. However, the demands of Mounir's personal life, his job and for the good of his mental health require him to greatly reduce his stress levels by stepping away from the VeraCrypt project. VeraCrypt does not reduce Mounir's stress levels nor pay the bills.
https://sourceforge.net/p/veracrypt/discussion/general/thread/6d0c0dfdc8/?page=1&limit=25#ab89/4f6e/f3ce
.
Those complaining could help by recruiting people to contribute to the VeraCrypt coding, testing and maintenance. Try recruiting people from your universities and/or contact crypto developers.
If it's important to you, please donate
I donated some years ago and I'll gladly donate again IF we would have something clear on the table.
Say is required 10k $ for him to fix this issue in 3 months, then put a btc address and when it reaches 10k from donations he starts working on it, otherwise I have no use of veracrypt in this current form and donating in the blind without a clear path is not my cup of tea anymore.
@hiddengod: Thank you for your support and feedback.
I completely understand that the lack of a clear roadmap doesn't inspire confidence in donating when a specific feature is the target. While lack of funding for complex tasks like the SSD issue is a factor, another challenge is my inability to guarantee availability due to personal issues I’ve previously explained, which limit my free time.
That being said, I am working on finding a way to dedicate more day work time to VeraCrypt in addition to my free time. If things progress as I hope in the coming months, I might be able to provide more clarity about the roadmap and my availability, which, in turn, will offer more confidence to those considering donating.
Something to be mindful of is the xz utils backdoor a few months ago. I suspect Veracrypt would be a target for something similar, so any new contributors should be vetted carefully, and pressure on Mounir to "be faster" should be ignored, which so far has been which is good!
The developer of xz faced pressure similar to Mounir to be faster with updates.
MOD EDIT: Here is a great write-up on Wikipedia.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Last edit: Enigma2Illusion 2024-08-22
Hi. I'd be happy to contribute some of my time, but I'm not sure where to start / what i could pick up.
I consider myself versed in IT security, but have been working only in the website space for the last 15 years or so - coding mostly in php, with a bit of python/js/java thrown in. Never done any proper crypto. Run Win10 on my own rig. Proficient in italian/english/french.
Sorry for spamming this thread ;-)
@ggiunta: Thank you for your offer to help; I really appreciate it. VeraCrypt development is primarily in C/C++, so I'm not sure how much assistance you can provide in that area.
However, there is one task on the TODO list where your experience might be valuable. On Linux and macOS, VeraCrypt implements a crash handler to submit crash reports if the user consents. However, this functionality currently does nothing because it has never been implemented on the VeraCrypt website.
You can review the relevant code here: FatalErrorHandler.cpp.
We collect technical information about the crash in a string and then invoke a URL with this string appended.
What is needed is a webpage (in PHP, for example) that would gather this information and store it in a database in a usable format. An admin interface should allow exploration of the entries in the database and the ability to export them.
Additionally, the webpage should include protection against spam and DOS attacks.
Would it be possible for you to propose a solution for this? Even a proof of concept would be helpful.
@idrassi indeed that sounds like something I could tackle. I'd start out with a discussion about the hosting infrastructure and the security / privacy implications of the data storage. Is that something ok for a forum discussion, or better to go for a chat or conf call?
@ggiunta:
Thank you for your willingness to contribute! I'm glad to hear that the task aligns with your expertise.
Regarding your question about discussing details in the forum, it is ok: we aim to keep all activities around VeraCrypt public and transparent, so any input or concerns you have can be openly discussed here.
Concerning the crash reporting mechanism, it collects the following information:
It's important to note that no personal information is included in the crash reports. The call stack captured is purely technical and does not contain any user data.
That being said, the server will naturally receive the user's IP address as part of the HTTP request. However, this IP address should not be stored in the database to protect user privacy. At the same time, implementing rate limiting or other mechanisms based on IP addresses would be a necessary step to protect against potential DOS attacks or spam submissions.
At this stage, I think the primary focus should be on:
What do you think?
I moved the discussion about crash reporting to https://sourceforge.net/p/veracrypt/discussion/technical/thread/56cbb1c443/