1.18 Beta Release - Feedback or Issues

[Enigma2Illusion]

Please post your feedback or issues regarding the latest release of Beta 1.18 version to this thread.

You can download the latest Beta 1.18 at the following link.

https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/

2016.08.15 Beta 12 of 1.18 has been released:

• Windows: Fix error caused by requesting large number of random bytes when writing randomly generated data to unused/reserved header areas.
• Added TiB size unit to command line.
• Linux: avoid overflow when specifying TiB size in command line.

---

2016.08.14 Beta 11 of 1.18 has been released:

The last BETA of 1.18 (BETA 11) to the nightly builds folder. Now, the standard installer and the EFI installer are identical. Still working on various details before releasing the final 1.18 which will have the same features as the BETA-11.

Most important changes in this last BETA:
https://sourceforge.net/p/veracrypt/discussion/technical/thread/b0fb9daa/?limit=25&page=2#364a

• Windows: Fix vulnerability inherited from TrueCrypt that allows an attacker to detect with high probability if a hidden volume is present. Vulnerability reported by Ivanov Alexey Mikhailovich.
• Windows: Add Magma cipher (GOST-89).
• Windows: Add support for Streebog (hash) and Kuznyechik (encryption).
• Windows: Implement support for EFI system encryption in Windows GUI.
• Windows: Align buffers used for keys to avoid issues when SSE used.
• Windows: Fix Windows 10 hibernate issue when EFI system encryption is active.
• Windows: Show only supported encryption algorithm in the system encryption wizard for MBR.
• Windows: Implement Rescue Disk support for EFI system encryption.
• Windows: Synchronize file with changes done in EFI Bootloader DCS.
• Windows: In EFI encryption wizard, always select "Single Boot" by default since it is the only choice.
• Windows: Add DCS EFI Bootloader files that are signed. Add certificates and powershell script to update Secure Boot configuration.
• Windows: Fill unused/reserved header areas with the result of encryption of random data instead of the encryption of zeros for better entropy of resulting random data.
• Windows: Add new crypto files to legacy VC++ 2008 project.
• Windows: Add XZip library files (http://www.codeproject.com/Articles/4135/XZip-and-XUnzip-Add-zip-and-or-unzip-to-your-app-w)
• Windows: Various fixes for XZip library bugs.
• Windows Driver: Add extra traces and enable tracing in release build if DEBUG_TRACE defined.
• Windows EFI Bootloader: Modifications to prepare EFI system encryption support (common files with DcsBoot).
• Crypto: Use Hyper-V AES-NI detection workaround when displaying AES hardware availability in GUI.
• Linux/MacOSX: Similar fix to Windows one. Write fake hidden volume header that is created from same data format as legitimate one in order to metigate attack that are able to detect the presence of TrueCrypt/VeraCrypt hidden volumes (reported by Ivanov Alexey Mikhailovich from Moscow, Russia).
• Linux/MacOSX: Add help text for GOST89 and Kuznyechik
• Linux: Enable gcc AES-NI built-in functions and adapt Hyper-V AES detection code to gcc.
• User Guide: Further corrections and modifications to match online documentation.
• Language XML files: Add new fields related to UEFI and newly added ciphers.
• Language XML files: Update XML files with new fields and some changes.
• Documentation update.

---

2016.07.25 Beta 10 of 1.18 has been released:

• Windows: Enhance protection against dll hijacking attacks following new report by Stefan Kanthak.
• Windows: Solve benchmark issue for Whirlpool which caused wrong numbers when a 1GB buffer is chosen.
• Windows: Solve compilation error under VC++ 2008 by using extern "C" only when needed.
• Crypto: Workaround for AES-NI issue under Hyper-V on Windows Server 2008 R2 which masks AES-NI from applications although it is available.
• Crypto: Optimize 64-bit implementation of Whirlpool based on idea from compression function in Botan library.
• User Guide: Update User Guide odt file to match online documentation and FAQ.
• Language XML files: Update to Dutch translation by Peter Tak.

---

2016.06.18 Beta 9 of 1.18 has been released:

NOTE: GostHash was removed and new optimized implementations for Streebog and Gost89 are now used. These implementations are incompatible with the previous version because the previous ones were taken verbatim from GostCrypt project which contained issues.

You can read other changes made for GPT/UEFI at the link below.
https://sourceforge.net/p/veracrypt/discussion/technical/thread/b0fb9daa/?limit=25&page=1#bcee

• Update intrinsic support and cpu detection.
• Crypto: Add support for Japanese encryption standard Camellia, including for system encryption.
• Crypto: Make Serpent source code use the same rotl32/rotr32 primitives as the other files.
• Windows: Better implementation for support of smart card PIN in command line. Supported now also on Format.
• Windows: Add Hash and PRF benchmarks to the benchmark dialog.
• Windows: Make Camellia help link open dedicated documentation page.
• Windows: Use Visual C++ 2010 instead of Visual C++ 2008 due to SSE assembly bugs in Visual C++ 2008.
• Windows: Better heuristics for evaluating Pre-Boot PRF performance.
• Windows Driver: Use more reliable way to correctly set path to VC++ 2010 in driver build batch file.
• Windows Driver: Save FPU state in 32-bit mode before run Whirlpool SSE implementation to avoid issues Microsoft Using Floating Point (x87/MMX) in a WDM Driver.
• Windows Driver: Add declaration of missing intrinsic mm_setr_epi32 (to be used by upcoming implementation).
• Windows: Fix compiler warnings.
• Linux/MacOSX: Implement passing smart card PIN as command line argument (--token-pin switch).
• Language XML files: Add new fields related to enhanced benchmark dialog.
• Language XML files: Update German translation (Ettore Atalan).

---

2016.05.24 Beta 8 of 1.18 for EFI GPT has been released:

• It brings a fix for a Windows booting issue on some machines.
• It also introduces a first implementation of some GOST standards (Streebog and GOSTHASH for hashing and GOST89 for encryption).

The new GOST encryption standard Kuznyechik (also known as Grasshopper) and the Japanese Camellia cipher will be included in a next build.

These GOST implementations are not optimized (taken from GostCrypt project) so small PIM values (like 1) are more practical for testing.

---

2016.05.20 Beta 7 of 1.18 for EFI GPT has been released:

• New preview of VeraCrypt 1.18 (BETA7) installer with EFI GPT system encryption.

One enhancement is this version is the System Encryption settings dialog (menu System -> Settings) which supports basic configuration of EFI bootloader (for now only storing PIM and storing hash). Other configurations will be added in the future.

There is still no rescue disk in this version although an ISO is created that only serves as holder of the backup header.

Important Note: Disabling legacy compatibility mode in BIOS configuration before starting system encryption solves many Pre-Test failures. This option can be called CSM, Compatibility Mode, Legacy Mode or other names depending on the motherboard manufacturer.

Big thanks to Alex Kolotnikov from Sourceforge forum for his help and hard work on EFI loader. He is now a member of VeraCrypt dev team in charge of EFI bootloader.

---

2016.05.05 Beta 6 of 1.18 has been released with the following changes:

• Windows: First experimental support of EFI system encryption (limitatations: no rescue disk, no hidden os, no boot custom message; EFI support preview in a separate installer).
• Windows: Add option and command line switch to hide waiting dialog when performing operations.
• Windows: Add checkbox in "VeraCrypt Format" to skip Rescue Disk verification during system encryption wizard.
• Windows: Convert some files encoding from UTF-16 to UTF-8 to be similar to other files.
• Windows: Fix compilation error caused by previous commit.
• Windows/Linux/MacOSX: Set maximum non-system PIM value to 2147468 in order to avoid having negative values for iterations count using the formula 15000 + (PIM x 1000). Add specific error message to XML language files. (System PIM upper limit remains 65535 for 16-bit bootloader.)
• Linux: Use XDG_CONFIG_HOME to determine the path of the configuration.
  Adhere to XDG Desktop Specification and use the environment variable
  XDG_CONFIG_HOME to determine location of configuration files on all
  platforms. If it is unset or empty resort to platform-specific defaults.
  On Windows and OS X, wxStandardPaths provides correct defaults (equal
  to the previous hard-coded paths) but on Linux and other Unices
  ~/.config/appinfo would be better than ~/.appinfo. This means we
  treat those platforms as a special case. It also means that we may need
  to fall back to the legacy location if it exists but the new location
  doesn't. (Thanks to David Foerster)
• Code: Use scoped instead of raw pointer. (Thanks to David Foerster)
• Code: Reset bogus executable permissions. (Thanks to David Foerster)
• Code: Use wx-provided wrapper around getenv() (Thanks to David Foerster)
• Code: Remove some trailing whitespace. (Thanks to David Foerster)
• Documentation: Update documentation with latest changes (changelog, wait dialog option).
• Documentation: Add User Guide in OpenDocument format and Update its PDF.
• Language XML files: update German translation (Ettore Atalan)

---

2016.04.28 Beta 5 of 1.18 has been released with the following changes:

• Windows: Only use A: and B: for mounting when no other free drive letter available or when explicitly chosen by user. This avoid side effects when mounting volumes as removable media and automatic drive selection (e.g. A: become invisible in explorer after closing all explorer instances although it is still mounted).
• Windows: Resize Volume ID field on favorites dialog to display full value of ID.
• Windows: Display Volume ID of a System Favorite even if it is disconnected.
• Language XML files: add new fields related to Volume ID feature.

---

2016.04.19 Beta 4 of 1.18 has been released with the following changes:

• Windows: Add missing GUI modification from previous Volume ID commit.
• Windows: Fix keys parts not shown in system encryption wizard when the display keys checkbox is checked. This occurred when the "Display pool content" in the previous wizard page was unchecked before clicking Next.
• Windows: Resize some controls and dialogs to fix text truncation for some non-English languages.
• Windows: Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
• Windows: Reduce memory usage of Rescue Disk for cascades by 1KB.

---

2016.04.13 Beta 3 of 1.18 has been released with the following changes:

• Windows: Finalize implementation of the new volume ID mechanism. Use SHA-256 instead of SHA-512 to compute volume ID to reduce string size and make more convenient to use.
  https://veracrypt.codeplex.com/workitem/112
• Windows: Allow drag-n-drop of files and receiving Explorer restart message when VeraCrypt running as elevated process.
• Windows Setup: Add missing Apache files used by the installer.
• Windows: Reduce CPU usage by caching WNetGetConnection calls result for 2 seconds.
  https://veracrypt.codeplex.com/discussions/652853
• Windows: Don't use the foreground setting code if the window is already foreground.
• Windows: Implement passing smart card PIN as command line argument (/tokenpin switch) when explicitly mounting a volume.
• Windows: Better alignment for Group Boxes in favorites management dialog.
• Windows: Correctly disable/enable the "Display PIM" checkbox in the favorites configuration dialog.
• Language XML files: Correct some entries to match English version.

---

2016.02.21 Beta 2 of 1.18 has been released with the following changes:

• Windows bootloader: Try to fix boot issues on some machines by increasing required memory by 1 KiB. Some machines had failure to check password if the first attempts was not successful.
• Windows: Issue with version checking (1.17 was mistakenly left in the code) causing error dealing with all language packs.
• Windows: Correct static inline declaration to solve Windows compilation error.
• Linux: Fix mount issue on Fedora 23 by forcing the creation of a default loop device.
• Linux: Fix compilation error.

---

2016.02.20 Beta 1 of 1.18 for Linux and OSX has been released with the following changes:

• MacOSX: Correctly detect newer versions of OSXFuse.
• Linux & MacOSX: Better implementation for TC_THROW_FATAL_EXCEPTION to use builtin_trap when available.
• Crypto: Update Whirlpool implementation using latest code from Crypto++.

---

2016.02.19 Beta 1 of 1.18 has been released with the following changes:

• Windows: Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit. Implement deleting locked files after machine reboot.
• Windows: Correct explanatory text in VeraCrypt Expander to reader "Mount" instead of "Start".
• Windows: Use buffer with known maximum length as input to FakeDosNameForDevice.
• Language files: Update French XML file with exFAT references.
• Language files: Update German translation for PIM shortcut and exFAT references.
• Language files: Update Russian XML file by Dmitry Yerokhin.

[Enigma2Illusion]

February 20, 2016 version 1.18 BETA 1 for Linux and OSX has been released. Please see first post for the list of changes.

[Andreas Boehlk]

A Problem dealing with all language packs, except English.
With any other language than Enlish you get the attached error message, even though it switches to the chosen language and everything seems to run fine. The language files in the Veracrypt directory seem to be correct. Some bug in version control.
Regards
Andreas

[Mounir IDRASSI]

Thank you for the feedback. Indeed, there was a issue in version checking (1.17 was mistakenly left in the code). I have uploaded a new 1.18-BETA2 installer which solves this alongside another issue on some machines related to failure to check password if the first attempts was not successful.

[Enigma2Illusion]

April 13, 2016 version 1.18 BETA 3 for Windows has been released. Please see first post for the list of changes.

[Andreas Boehlk]

A little problem occured. I applied the update from Beta2 to Beta3 on a Notebook with system encryption. No problems during installation. After installation I denied the restart, instead I just reopened the GUI. Then a message popped up stating a bootloader corruption. I guess that is relatet to the boot issue fix by increasing required memory. Is it possible to prevent this message, because some people could get nervous. The complete German message is in the attachment.
Kind regard
Andreas

[Enigma2Illusion]

The issue is due to VeraCrypt components are no longer synchronize versions until you reboot.

Currently, the reboot is mandatory in order for VeraCrypt to function properly and I have requested that VeraCrypt not provide an option to defer the reboot until a way can be found to defer the reboot properly.

https://veracrypt.codeplex.com/workitem/215

https://veracrypt.codeplex.com/workitem/267

[Enigma2Illusion]

Issue reported in Polish version of when you check the box to "Display generated keys parts" and only get three dots. See user screenshot in thread below.

https://sourceforge.net/p/veracrypt/discussion/general/thread/7960d1cd/

[Mounir IDRASSI]

This has always been like this if in the previous wizard page the option to display the random pool content is unchecked.
Previously, the option to display random pool content was checked by default and so after clicking next, the portions of the keys were displayed.
If you use older versions of VeraCrypt or even TrueCrypt, and you uncheck the option to display the random pool content, then after clicking next, you will have the same behavior: it will not be possible to display the parts of the keys.

So, this is not something new. If you really need to see the keys parts, just click back, check the option to show the random pool content and then click next.

That being said, I have pushed a quick modification that solves this: https://sourceforge.net/p/veracrypt/code/ci/0ce3793965bbdb3c068300da41a246d05f0946da/

It will be included in the next Beta build.

[Paul]

I apologise but I don't know how to report a keyfile bug from Linux VC1.17 that may also in the Beta.

https://sourceforge.net/p/veracrypt/discussion/technical/thread/d943ff1e/

[Enigma2Illusion]

April 19, 2016 version 1.18 BETA 4 for Windows has been released. Please see first post for the list of changes.

[Enigma2Illusion]

April 28, 2016 version 1.18 BETA 5 for Windows has been released. Please see first post for the list of changes.

[Enigma2Illusion]

May 5, 2016 version 1.18 BETA 6 for Windows has been released. Please see first post for the list of changes.

This build brings EFI support preview in a separate installer.

[Enigma2Illusion]

May 20, 2016 version 1.18 BETA 7 for Windows has been released with a new preview of VeraCrypt 1.18 (BETA7) installer with EFI GPT system encryption.

More tests for the EFI/GPT are needed and your feedback is welcomed.

[Enigma2Illusion]

May 24, 2016 version 1.18 BETA 8 for Windows has been released with a new preview of VeraCrypt 1.18 (BETA8) installer with EFI GPT system encryption.

It brings a fix for a Windows booting issue on some machines. It also introduces a first implementation of some GOST standards (Streebog and GOSTHASH for hashing and GOST89 for encryption).

The new GOST encryption standard Kuznyechik (also known as Grasshopper) and the Japanese Camellia cipher will be included in a next build.

These GOST implementations are not optimized (taken from GostCrypt project) so small PIM values (like 1) are more practical for testing.

More tests for the EFI/GPT are needed and your feedback is welcomed.

[Robert M]

I posted this in the EFI/GPT thread but I meant to post it here:

I tried encrypting my Windows 10 installation with 1.18 beta 8 EFI preview. The bootloader does not run because Windows boots using an EFI system partition that is different from the partition where Windows is installed, so the test fails because I'm never prompted for my password after restarting the computer. And as Camis said above, I can only choose to encrypt the Windows boot partition instead of the entire drive. I'm assuming that would fix this issue.

Here's what my partition setup looks like on this drive.

Also, two issues I noticed with this beta: decrypting drives takes much longer than 1.17 does (1.17 takes about 2-5 seconds per drive, 1.18 beta 8 seems to take about 15 seconds or more), and passwords are not being properly temporarily cached while decrypting favorite volumes even though I have that option checked and both of these favorite volumes use the same password.

[Alex]

Hi Robert,

There are several possibilities.

Lock of BIOS menu: Your computer can have feature - lock boot loader menu in BIOS to protect installation of new boot loader.

Secure boot block: VeraCrypt EFI is BETA preview, so loader is not stable and is not signed at Microsoft. Secure boot BIOS option can prevent start of DcsBoot loader(DCS means Disk Cryptography Services)

To check installation press special key (manufacture dependent, on my computer f12) to select boot order and try DcsBoot.

[Robert M]

I'm not really sure what your first point means. I don't think it's locked by I don't know how to check that. I'm on an MSI laptop.

Secure boot has been disabled this whole time. I don't see DcsBoot as an option anywhere in the boot options that I can select, just the usual suspects (USB CD/DVD, Windows Boot Manager, USB Hard Drive, and Network). I also tried rebooting into BIOS with Legacy mode and UEFI with CSM to no avail.

[Alex]

It looks like EFI loader is not installed on your computer. The installation can be block by BIOS. Probably there is some incompatibility. (nowadays EFI is not stable technology) Try to upgrade BIOS to the latest firmware.

Note: Our test computers work with EFI 2.3. The main reason for test mode is to check compatibility of platform.

What model of MSI laptop do you use?

[Robert M]

I'm using an MSI GS70-2PC Steath, with BIOS version E1772IMS.10E dated January 13, 2015. There's an update available to E1772IMS.10F dated May 13, 2015, so I suppose I could try that, but I'd really prefer not to.

[Mounir IDRASSI]

Thank you Robert for these details.
Just a question: did you have a warning message displayed during the system encryption wizard process or the encryption process went smothly until the Pre-Test reboot?
If there was a warning message, can you please indicate its content?
Thanks.

[Robert M]

No warning message, the process went smoothly.

[Alex]

BIOS is rather new. VeraCrypt should work.
Try to check before pre-test the following commands from cmd (need admin)
mountvol k: /s
dir k:\ (it should list EFI boot volume)

Next step is to check EFI boot menu. It can be checked by e.g. "bootice" tool. (Use it carefully!) or linux efibootmgr (https://github.com/rhinstaller/efibootmgr)

One more detail. Could you determin BIOS manufacture? (e.g. AMI Aptio, Phoenix, Insyde)

[Robert M]

Those commands work fine. When I do dir k:\ it says:

03/29/2014   09:37 AM   <DIR>   EFI
      0 File(s)      0 bytes
      1 Dir(s)      258,527,232 bytes free

I downloaded BOOTICE but I'm really not sure what I'm supposed to be looking for. When I click "Process MBR" on my main disk (which has the EFI and boot partitions) it says the MBR type is unknown, and on clicking "Process PBR" it says BOOTMGR boot record.

BIOS is by American Megatrends.

[Alex]

It seems VeraCrypt does not copy loader to EFI boot volume.

The"k:\" volume has to contain "DcsInt.efi" in pre-test mode.

BIOS AMI is normal (It was tested). Aptio version?

EFI does not contain MBR. It has EFI boot volume.

To check EFI boot menu via BOOTICE select "UEFI" tab->"Edit boot entries"
It has to contain DcsBoot