Installing Version on Win7 that's Offered for Win8
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hi,
I'm running Veracrypt on Windows 7 Pro 32bit.
I noticed that a new update was available.
On the Downloads page one of the options that I have is to download the latest stable release Installer for Windows 8 and later.
I decided to try it and it seems to have installed without any problems.
I only use VC to encrypt containers.
My question is am I still protected and have created something that will cause me problems in the future.
Thank you.
The only difference between the normal installer and the legacy installer is how the binaries are digitally signed with Microsoft Authenticode without any difference if implementation:
In your case, you installed the normal installer on Windows 7 and this is fine: if you didn't receive any error during installation, then your Windows 7 has received recents Windows Updates that made it compatible with SHA256.
In the future, we will drop support for Windows 7 and earlier versions of Windows and we will support only Windows 8 and Windows 10.
Hi Mounir
This drop would be really really bad news !
I happen to use for instance Windows 7 or XP to create
Exfat Outer Volume
in a partition/device (HDD and SD cards) or a file container
(After that I format the Windows 7 laptop and reinstall it from scratch, to keep it clear and clean for better security)
I can then use this Exfat (partition/device or file container) - in a crossplatform way ** -
on all my Linux bootable media since now the kernel 5.7 now allows Read + Write
for a full Exfat crossplatform compatibily,
which is great !!**
Why sticking to Windows 7, you could ask ?? :
I have no choice because :
1/ Using Veracrypt on LINUX :
DOES NOT seem to allow OUTER Volumes to be created as Exfat FileSystem natively (only FAT)....
Once created, (a file container or a partition/device) would show FAT anyway....as Outer Volume.
DOES NOT show Exfat OUTER volume format option as well, in the file system option window of Veracrypt.
(whether a file container or a partition/device)
Moreover, reformating Outer volume (a file container or a partition/device) with DISKS utlity into EXFAT is not a garantee nothing would get corrupted after that.....(when the volume will be thought to be ok, ...........while it could be not ok....)
2/ Live Windows Prebuilt Environement DO NOT allow Exfat,
you have to choose NONE file system and cannot reformat Exfat after that
=> Hence I have to use Windows XP or 7
I can understand you make software updates, but there are still many users that use old machines and need Windows XP / 7 / 32 bits and all the legacy stuffs.
Would you be willing to keep it working or is this drop definitive ??
thanks a lot
@infodan36: I understand your situtation and there are many offline systems running Windows XP and Windows 7 that use VeraCrypt. That being said, it is becoming more and more costly to maintain compatibility across all Windows versions from Windows XP to Windows 10, especially at driver level and at one point we will have to change VeraCrypt driver in order to provide better integration with Windows kernel of Windows 10 and the new security features it provides.
Moreover, access to SHA-1 code signing certificates needed for compatibility of Windows XP and Windows 7 will not be possible in the near future (Windows 7 Kernel only accept SHA-1 signed drivers even with latest updates). Our current SHA-1 code signing certificates will expire on May 21st 2021 and I'm not sure we can or will renew it after this date (the cost of such certificate is 500 USD which is not a small sum).
For the time being, we will continue providing two types of installers (normal and legacy). At some point in the future (probably after May 2021), the legacy installer will be left as is and only the normal installer will evolve.
That being said, if someone is willing to cover the costs of providing updates to legacy version after May 2021 (at least paying for SHA-1 certificate), then we can work on it.
Ok Mounir, I understand the issue more clearly
What I like when talking to you, is that I always learn something new !
thanks for this ! very much !
So in a way, you would suggest :
If I replace WIndows 7 by Windows 10,
then I could still encrypt using EXFAT and make my whole process the same way, I guess...
(the main issue is that I do not trust Windows 10 very much)...
but anyway, it seems feasable to reformat the computer after using it, just the way I do with Windows 7 from scratch....ok !
Now, you mention "the legacy installer will be left as is"
you mean just for the people who will stick with the application exe
:
*Installer for Windows XP, Vista and 7: VeraCrypt Legacy Setup 1.24-Update7.exe
or
Portable version for Windows XP, Vista and 7: VeraCrypt Legacy Portable 1.24-Update7.exe *
Is that correct ?
That said, do you think, Legacy Computer/Laptops, would be compatible with Veracrypt for a long time to come ??? I mean laptops dated 2009/2012
(How long ??)
or will you rather focuse on UEFI in the years to come ?
PS : Since I have a long term strategy, it is very important to me to know in advance to make the necessary adjustments ....:)
thank you again
@infodan36: yes, once the legacy version is frozen, users who need to run VeraCrypt on Windows XP and Windows 7 will need to user the installers of the frozen legacy version.
Conerning the support of old PC models, they will continue to be supportedas long as supported version of Windows continue to support them.
MBR will continue to be supported alongside UEFI although there will be no new features in MBR since most efforts will g towards enhancing UEFI bootloader.
On big change that is coming is the deprication of RIPEMD-160 that will leave MBR bootloader with only SHA256 support. So, we will need add a new hash algorithm to MBR bootloader but unfortunately existing hash algorithms (SHA512, Whirlpool and Streebog) can not be made compatible with the 16-bit nature of MBR bootloader.
So, I'm currently investigating new hash algorithms adapted to such environement and one potential candidate is BLAKE2s.
Anyway, many changes are coming to the 1.25 version but compatibility remains a priority.
Hello Mounir
Thank you for your work trying to always improve Veracrypt
I try to follow the code change regularly and recently came across this :
Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89.
I have had to drop Windows7 due to recent limitations,
and have switched to Debian 11 and soon 12.
So I mainly use either Volumes encryption or Non system encryption ,
since only those both work on Linux.
I cannot switch to UEFI laptops and will have to stick to MBR only
My Questions are :
1/ Is Kuznyechik affected by the drop of Gost89 in some ways, or not ?
2/ Will SHA512, Whirlpool and Streebog be still available on Linux for non system encryption ?
(the 16-bit nature of MBR bootloader should not apply here, right?)
3/ Will Blake2s be added to Linux ?
4/ Will all versions of VC remain reliably stored in the sourceforge.net/projects/veracrypt/files
(For instance I would not want to be stuck with a VC version in a future that would not allow me to open my vaults and be left at a loss what to do)
Thank you, have a nice day !