Single partition filling drive won't mount under 1.26.7

[KevReillyUK]

Hi. First time poster so apologies if I break any rules, but I wanted to get this written down while it's relatively fresh in case anyone else searches for similar symptoms.

I've been using VeraCrypt for years even since TrueCrypt went EOL and have always had the latest stable version installed. My Windows 10 system uses System Encryption with a long password and PIM. It also has four other encrypted partitions on four physical drives that use the same password and PIM and are mounted as System Favorites on startup.

When I upgraded from 1.25.9 to 1.26.7 one of these partitions refused to mount, with the following error:

None of the advanced options would permit this partition to mount. At first I thought maybe this was a legacy TrueCrypt volume that I'd forgotten to convert so I decrypted the system partition, uninstalled VeraCrypt 1.26.7, installed 1.25.9 and tried to mount the problematic volume in TrueCrypt mode, but it would only mount in normal mode. It wasn't a TrueCrypt volume.

At this point I noticed something peculiar about this particular partition in both VeraCrypt's device picker and Disk Management . While all of the others were the second partition on drives with an initial 16MiB hidden/recovery/whatever partition, this partition was alone on its drive with no free space or hidden partitions.

The solution was to copy all of the data elsewhere (fortunately it was "only" 4TiB) while running 1.25.9, uninstall 1.25.9, reinstall 1.26.7, nuke the partition in Disk Management, covert the disc to MBR (forcing the creation of two 2TiB partitions), convert it back to GPT to enable large partitions, create a RAW partition, check that the 16MiB hidden partition was visible, use VeraCrypt to recreate the original volume, restore the data, re-enable System Encryption and rebuild the System Favourites list. Phew.

I've no idea what caused this, why earlier VeraCrypts were happy with this configuration but 1.26.7 wasn't, or whether there might have been a simpler solution. In particular I'm not certain the GPT-MBR-GPT conversion was necessary, but I was covering all the bases.

I hope this is useful to someone. In particular if you're about to pull the trigger on 1.26.7 but some of your volumes are partition 1 on an otherwise empty drive, you might come unstuck and it might be worth creating a pre-emptive backup of that volume's data while you're still running an older VeryCrypt. The kludge above is laborious but it does work.

[Enigma2Illusion]

Hi Kevin,

Since you ruled out the problem disk was not created with TrueCrypt, was your problem disk using RIPEMD160 hash algorithm?

1.26.7 Release Notes:

Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.

Some information about the hidden 16 MB partition.

The 16 MB partition is the Microsoft Reserved Partition (MSR) and there is a more user friendly explanation in these posts. Post 1, Post 2 and Post 3.

In fact, my external hard drives are using GPT and I purposely removed MSR partitions. I never experienced any issues with creating more than one partition and I have partitions encrypted with VeraCrypt. I have upgraded to 1.26.7 with no issue of being able to mount my VeraCrypt volumes on disks that are without the MSR partition.

[KevReillyUK]

Yes, the MSR thing might be a red herring but it does suggest that there is something different in that drive's history. Maybe more than one something.

As far as I know I've only ever used the default algorithms when creating volumes, but that is one of the older drives in the system so it's not impossible that I experimented with something different years ago and forgot I'd done so. Alas I didn't think to check the encryption parameters so we'll never know for sure, but it certainly fits the evidence.

[Enigma2Illusion]

Until December 2014, the default hash was RIPEMD160. In December 2014, the 1.0f version release notes has:

• Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD160
• Deprecate RIPEMD160 for non-system encryption.

[KevReillyUK]

Ah, that'll be it. Perfect explanation. I built this system in late 2013 and although the boot SSD and most of the spinning drives have been replaced, it's very likely the problematic volume was created in 2013 or 2014.

So it turns out it's not that I was unlucky with that particular drive, more that I was fortunate in having upgraded all the others, otherwise they'd have all failed to mount too. I'm trying to picture my panic if that had happened. It's not pretty.

Thanks for explaining this. Even though my "solution" worked the lack of a reason would still have bugged me.

[Enigma2Illusion]

For the benefit of other users that upgraded to 1.26 and need to:

• Access or convert TrueCrypt volumes.
• Change the hash algorithm from RIPEMD160.
• Access the short lived GOST89 encryption algorithm.

You will need to use a version of VeraCrypt prior to 1.26 in portable mode since you cannot have two different installations of VeraCrypt installed on the PC at the same time.

Using a VeraCrypt version prior to 1,26 in portable mode, you can convert TrueCrypt file containers and partitions to VeraCrypt if the volumes and partitions were created using TrueCrypt versions 6.x and 7.x version.

https://www.veracrypt.fr/en/TrueCrypt%20Support.html

https://www.veracrypt.fr/en/Converting%20TrueCrypt%20volumes%20and%20partitions.html

Using a VeraCrypt version prior to 1,26 in portable mode, use the Change Volume Password for a volume to change the RIPEMD160 hash algorithm to a supported hash algorithm in 1.26. See documentation. You can use the same password and Keyfiles for current and new in order to change the hash algorithm.

If you are using GOST89 encryption algorithm, you will need to copy your data elsewhere and recreate the VeraCrypt volume using a supported encryption algorithm. See documentation.

However, I would create new VeraCrypt volumes and partitions if the following is important to you.

Version 1.18:

Fix TrueCrypt vulnerability that enables detection of presence of hidden volumes (reported by Ivanov Aleksey Mikhailovich, alekc96 [at] mail dot ru)

The above issue required both a software update and recreating the VeraCrypt volume if plausible deniability is important to you.

[GadgetSurplus]

I might add that it appears you can use the Change Volume Password ... routine under Volume Tools ... with the same password for both the current and new. So you do not really have to change the user entered password to get the volume / container updated to Veracrypt from TrueCrypt and / or to set a new hash algorithm such as AES 512.

[Enigma2Illusion]

Thank you for your feedback. I should been clearer in my original post. I have updated my post to be explicit that you do not need to change the password nor the Keyfiles.