How to confirm the authenticity of updates
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
How am I able to confirm that newly-released Veracrypt updates are genuine, and not a product of an adversary that has compromised the releases?
I can think of the following methods:
None of those methods are sufficient, however. A determined adversary could still bypass those measures. Does anyone know of any additional methods I could use? Aside from reading the source code, understanding the source code, and then compiling the install.exe myself, I cannot think of any additional methods.
What concerns me most is that a compromised install .exe could either upload my password and my volume to an adversary, or decrypt the entire volume allowing anyone with local access to read the data.
Last edit: Barker James 2019-06-13
A determined adversary could, also, find the maintainer of VeraCrypt and hold a gun to his head while threatening to shoot him if he doesn't introduce changes to the code that the adversary supplies.
It is not likely that the above has happened. My point is, yes, what you say has a non-zero possibility. It is possible that all the various signatures on a VeraCrypt release could be compromised in some way. But really, if someone was determined enough to do that, and if that someone also had the required resources, then it would probably be easier just to find Mounir and threaten him until he did what they wanted.
Remember, for all you know, Mounir IS that determined adversary. I mean, it's also a non-zero chance that he is a front for an intelience agency, that he was behind the original TrueCrypt maintainers suddenly deciding to stop maintaining the project, and that he took it over as VeraCrypt in order to lull us all into a sense of security and install encryption software that has some sort of a back door.
At a certain point, you have to look at balance of probabilities and where the weak link in the chain is. The PGP and certificate signatures on VeraCrypt are good enough proof that they are not the weak link in the chain.
Thanks for the reply.
So, ultimately, unless I am willing to read the entirety of the source code, and compile the source code myself, I will have to put my faith in someone.
Are there any other things I could do to reduce the possibility of accidentally using an adversary's compromised version of Veracrypt? Presumably the more checks I perform on the install exe, the greater the chances are of finding a discrepency that may be indicative of a compromised version.
I was thinking of checking to see if Veracrypt accesses the internet. It is to my understanding that no Veracrypt exe ever accesses the internet, so I could check for internet activity within Windows Resource Monitor. Then, when I enter my password, if I see Veracrypt using bandwidth, then that may be indicative of a comrpomised version.
The developer responded to the now defunct CodePlex thread regarding internet traffic seen when using VeraCrypt:
https://veracrypt.codeplex.com/discussions/645462#post1445888
I could just block the exes within my firewall settings, then.
He wasn't saying that VeraCrypt uses the internet. He was suggesting checking for internet access on VeraCrypt as a security measure to see if VeraCrypt had been compromised. He is worried about VeraCrypt being compromised after release by a third party.
Basically yes.
There are a few different signatures on VeraCrypt. The installer is signed with a PGP key. The installer executable is signed with VeraCrypt's code signing key, and so is the actual device driver. For any organization that would be capable of compromising all of those, there are far easier ways to get to the same goal.
Sure, but if I were an attacker capable of modifying VeraCrypt to access the internet, getting it to do so directly would be the last thing I'd do. It could execute a web browser, for example, with a URL set to perform a post. Would you even notice an extra thread of your normal browser that pops into and out of existance in a quarter second?
If the adversary that wants to get at your data is of the type that has the ability to modify the VeraCrypt binary, there is likely nothing you can do to prevent it or detect it. Trust the systems that are already in place to provide you with as much protection as is viable given the likely threat model.
What benefits are there to using PGP instead of checking the digital signatures within Windows?
I have read the User Guide on this, and it only says that PGPs are less susceptible to signers being compromised.
Am I correct in saying that with PGP usage you rely on many signers, instead of only a few as with digital signatures?
And does that mean with digital signatures, as the files are signed by two separate entities, that those two separate entities would need to be compromised at the same time in order for the digital signature to not be okay?
I would use PGP, but I'd rather not have to install another program.
What worries me most isn't that someone would have the ability to remotely and directly compromise the Veracrypt installer, the Veracrypt website, and the digital signatures. Instead, I worry that the developers themselves may be targetted by an adversary. I'm guessing Mounir signs these files with either something he has, or something he knows. Both of which could be acquired by a determined adversary. And I doubt a company like GlobalSign meets their clients in person before signing each file.
Last edit: Barker James 2019-06-17
Windows digital signatures are used on the executables themselves, including the installer executables. PGP signatures are used are used for individual download files (also including installers) for the reason that they can be produced as an external signature. Also they can be used to produce signatures for any kind of download file, whereas Windows signatures are for executables only.
I have never trusted Windows signatures as much more than "mommy medicine". Microsoft never took security seriously. For example they used MD5 hashing until it was so broken that people were actually making collisions. From my experience this is the general consensus.
PGP signatures have no centralized trust mechanism that can be breached. On paper the PGP security model is the "web of trust" (keys signed by other keys in a web of cross signatures). In reality, though, the de facto "trust" of a PGP key is just time and the principal of 'by their fruits you will know them". In other words, when a key has been around for a while, when it has been long associated with a person or a project then over that time it becomes trusted. VeraCrypt releases were signed by Mounir's PGP key from the beginning. That key is as trustworthy as VeraCrypt is.
Nothing you can do about this except trust the developers to take every precaution that is prudent. The question isn't "can VeraCrypt be 100% guaranteed to be uncompromised" (btw, the answer to that is always no), the question is "is it better to use something with a low chance of being compromised than it is to use nothing at all"? Or, in other words "does it make sense to risk leaving your data unencrypted because you can't guarantee 100% that the encryption software doesn't have a back door somewhere that was maliciously added".
Thanks for the reply, and thank you for your patience. You explain things well.
I would love to use PGP, but I would hate to install another program on my computer. One that would keep me awake at night in case it's stealing information.
Would I be able to accomplish the same results as verifying a PGP signature by doing the following?:
Is there perhaps a way I can verify PGP signatures of files on a website within my browser? That way I would not need to install anything.
And is there any benefit to checking the signatures of the files that are extracted during installation? For example, if VeraCrypt Setup.exe passes the signature check, is there any added security in checking the signature of VeraCrypt.exe? I would assume checking VeraCrypt.exe offers no additional security, as VeraCrypt.exe is derivative of VeraCrypt Setup.exe. Or could it be possible for VeraCrypt Setup.exe to pass a signature check, but not VeraCrypt.exe?
Last edit: Barker James 2019-06-20
Your process is sound. When I need a sandbox, though, I tend to use virtual machines, Self contained, and safe. I use VirtualBox to give me a Linux Mint and a ReactOS VM. ReactOS I tend to use only for sandboxing - for testing out stuff I don't trust. My Linux VM is for general use, but I can also use it for sandboxing by simply taking a backup of the virtual drive and restoring from it after. PM me if you're interested in setting this up, I can give you some tips.
You can Check PGP signatures with Gnu Privacy Guard (GnuPG or GPG). For someone like you, who is extra vigilent about software checking, I would suggest it is almost a must to have this installed somewhere. If not on Windows, then inside a Linux VM might be the perfect thing for you.
This is basically asking a stranger to check your security signature for you. I haven't checked whether this is something anyone does - I trust installing GnuPG on my computer far more than I trust a random third party to check a signature for me. I would personally hold in significant distrust anyone who even set up that kind of service.
Sure. For any executable or device driver, right click on it and select "properties" then go to the signatures tab. For normal executables they are all signed by Idrix with SHA and SHA256 hashes. For the device driver, it is also signed by the Microsoft hardware compatibility key.
Thanks, again, for the replies.
I've always figured that several websites reporting the same information is fairly safe. When I hash files I pop them into a few websites and check they all produce the same hash. I don't trust one site, but I do trust two or three. The odds of several independent websites being shady and producing the same incorrect hashes is very unlikely. I would sooner trust two hashing websites than one hashing program.
I'm still a little unsure about the security benefits to checking the signatures of any files other than the install exe. The way I see it is that if the install exe's signature passes, then so too will any and all files that derive from that install exe. Am I correct in assuming that to change the contents of one of the files that the install exe extracts, you must also change the install exe itself, and in doing so invalidate the install exe's genuine signature? Analogous, perhaps, to why there is only a need to hash the install exe, and not every single file the install exe installs. As, after all, two identical install exes will extract identical files.
And this is getting a little off-topic, but let's say I download the checksum txt file for the Veracrypt installer, and then check the PGP signature of that txt file. Would there then be any need to check anything other than the hash of the Veracrypt installer? As I have validated the signature of the checksum txt file, I have confirmed that the checksum within that file is indeed representative of the hash of the Veracrypt installer. I could then hash the Veracrypt installer, and if both hashes are equal, I will have in turn essentially validated the Veracrypt installer.
Sorry to ask so many questions, but this plays on my mind. I feel like the more I understand all of this, the easier I will sleep at night.
Last edit: Barker James 2019-06-21