Unable to open Truecrypt volume
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I'm currently unable to use Veracrypt 1.22 to open a Truecrypt volume contained in a host file that was created using Truecrypt 7.1a on Windows XP (32-bit) on a NTFS formatted 120GB PATA HDD. My current platform is Xubuntu Bionic 18.04 (64-bit) but it also fails on other platforms/versions (discussed below).
The operation fails after selecting the file in Veracrypt, ticking Truecrypt compatibility, typing in the Truecrypt password (and root password when prompted), regardless of the PKCS-5 PRF settings. The error message is:
The type & filesystem of the physical host drive has been tested as irrelevant. Nevertheless to eliminate any bias the copy used for testing across platforms was placed on a 16GB USB thumb drive formatted to NTFS which every OS tested could read. Naturally the SHA-256 hash was verified to be the same as the original file. The properties of the Truecrypt host file itself are 512MB, Normal, AES, 256 bit primary key, LRW, HMAC-RIPEMD-160 and the volume inside once decrypted is formatted FAT32 with 144MB free. The password is definitely correct.
Here are my test results:
At a pinch I can use cryptsetup to access the files inside the old Truecrypt container, create a new veracrypt container and copy them over. But I am puzzled as to why Veracrypt fails to load this in Truecrypt compatibility mode. Any thoughts/suggestions?
Last edit: colsta 2018-06-02
On further investigation I believe I have found the answer so I'm replying to myself here in case others experience the same problem.
In a reply to another posting Mounir states that failure to mount the container file in Veracrypt could be due to having created the container with an older version of Truecrypt (prior to ver 6.x).
Once I read this, I realised that in fact I have used Truecrypt for "quite a while" and perhaps I didn't create the problem container with Truerypt 7.1a after all. So I went back to the original file and checked the creation date ... and it was created just after Truecrypt 4.1 was released.
So I mounted my USB drive on Truecrypt 7.1a under Windows and I created a fresh but otherwise identical container file. I then opened both the original and new container, copied the contents over and dismounted.
I then inserted the USB drive into my new PC running Xubuntu 18.04 (64-bit) and tried mounting the respective container files using Veracrypt 1.22. As suspected, the original one failed again but the new one worked just fine.
In conclusion it seems that version incompatibilty would be why Veracrypt fails to mount my original container file. Now the question is why? I think it would be really useful if Mounir would kindly confirm he made a code change removing backward compatibility since he forked the Truecrypt code. Without being explicitly informed of such, my expectation (and likely the expectations of others) would be full backwards compatibility such as Truecrypt 7.1a provides.
The documentation explicitly notes only TrueCrypt versions 6.x and 7.x are supported. If I remember correctly, this was due to the newer header format introduced in version 6.x of TrueCrypt.
https://www.veracrypt.fr/en/TrueCrypt%20Support.html
Until version 1.0f of VeraCrypt, you could not mount any TrueCrypt volumes. The ability to mount TrueCrypt volumes was added to VeraCrypt since the header format matched the layout of 6.x of TrueCrypt.
I am guessing Mounir removed the older TrueCrypt header format to reduce the code maintenance and complexity from VeraCrypt.
https://www.veracrypt.fr/en/Release%20Notes.html
Thank you for your reply. Before I proceed, I'd like to say I'm extremely grateful for the work that goes into this project, for the improvements it brings and for it being released as both open source & free as in beer. I think in this post-Snowden age, it's really important for people to have ready access to quality privacy tools.
I'll have to hold my hand up as guilty of not having thoroughly "RTFM" hence being unaware of the pre-6.x+ restriction having already been stated. In my defence my understanding from sources where Veracrypt is described is that the project was started as a fork of Truecrypt. Certainly on first impressions the great similarities in the UI and features such as hidden volumes would support this. So if this is the case, perhaps you or anyone else that knows could explain why the documentation states Truecrypt volume support was not added until 1.0f? If it was a fork surely it would start with all the features of Truecrypt incorporated and diverge from there?
Regarding your guess about removing code for supporting older container formats, I'd be grateful to learn the reasoning for it. I wouldn't have thought being able to check for and decrypt older container formats would have contributed significantly to the size of the code-base, so was there some other reason perhaps? e.g. Did the original Truecrypt security audit reveal flaws in this part of Truecrypts code for example and hence removal was deemed the most expedient way to mitigate against any potential threat arising? Moving forward it is clearly desirable to default to the newer, more secure container and encryption standards Veracrypt deploys. But unless there is a valid reason not to, I would suggest that full backward feature parity with Truecrypt would be worthwhile in terms of meeting user expectations, reducing support tickets for the project (I've seen many postings similar to mine) and being able to access older format containers that some of us still have archived. Just my thoughts.
It appears that VeraCrypt always had a different header format from the 6.x and higher versions of TrueCrypt.
https://sourceforge.net/p/veracrypt/discussion/general/thread/1bec6263/#1e20