Activity for AJ B
-
AJ B modified a comment on discussion Open Discussion
I agree with MELERIX (above), I don’t think it’s easy to implement. I remember when Notepad++ implemented a Windows 11 context menu for the first time. It wasn’t implemented according to best practices and caused confusion and frustration to users. After this, a volunteer with specialized knowledge offered to help the author of Notepad++ with an implementation that followed more established practices. It took about 1 to 2 weeks to create a new implementation. Following this, it took about 4 to 5...
-
I agree with MELERIX (below), I don’t think it’s easy to implement. I remember when Notepad++ implemented a Windows 11 context menu for the first time. It wasn’t implemented according to best practices and caused confusion and frustration to users. After this, a volunteer with specialized knowledge offered to help the author of Notepad++ with an implementation that followed more established practices. It took about 1 to 2 weeks to create a new implementation. Following this, it took about 4 to 5...
-
Hi fzxx, Point taken. I was however only suggesting Mounir adopt practical project management tips from Don Ho and not the practice of expressing a political point of view within developed open source software.
-
Hi Mounir, It’s fantastic to hear from you! No apology is necessary, family comes first. I’m so sorry to hear matters have become more difficult in recent times. In order to lighten your workload, would you consider seeking help from some of those who have submitted pull requests to the GitHub repository? Perhaps they could save you some time or help with the direct support requests? I also suggest reaching out to Don Ho as the author of Notepad++ who in recent months marked 20 years for his open-source...
-
This ticket can be closed. The above PR has now been merged. Sorry for the duplication. Many thanks to DLL125 and Mounir Idrassi for their efforts.
-
Update: I will request for this ticket to be closed once pull request #1302 is merged since it will address the purpose of this ticket: https://github.com/veracrypt/VeraCrypt/pull/1302 Many thanks to the user "DLL125" for implementing this change.
-
Update Request | 3rd party library | zlib | April 2024
-
Hi Enigma2Illusion, These are the concerns that always prevented me from using keyfiles since to me, they seemed too fragile to rely on. Is it realistic to be cautious of using the read only attribute? If someone has sufficient access to your system to forensically check the attributes of files, you have a potentially serious issue. Yes they may not have admin access but they could likely find a way to do so e.g. unpatched software or displaying a UAC prompt that a user just clicks “Yes” to or enters...
-
Hi Engigma2Illusion, These are the concerns that always prevented me from using keyfiles since to me, they seemed too fragile to rely on. Is it realistic to be cautious of using the read only attribute? If someone has sufficient access to your system to forensically check the attributes of files, you have a potentially serious issue. Yes they may not have admin access but they could likely find a way to do so e.g. unpatched software or displaying a UAC prompt that a user just clicks “Yes” to or enters...
-
My thanks to DLL125 for updating the nightly VeraCrypt build to use the new zlib version 1.3 library. There appear to be significant non-security bugfixes within it.
-
I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones Agreed. Another reason to keep this version for download will be for anyone who wishes to use it on Windows 7 and Windows 8.1 since I believe it will also be the last version to support them. I’m looking forward to the upcoming 1.26 version...
-
You can convert TrueCrypt file containers and partitions to VeraCrypt if the volumes and partitions were created using TrueCrypt versions 6.x and 7.x version. You will have to convert using VeraCrypt versions prior to 1.26. https://www.veracrypt.fr/en/Converting%20TrueCrypt%20volumes%20and%20partitions.html I feel naïve. After using VeraCrypt for so long I didn’t know VeraCrypt could convert containers like this! I had previously just created a new container, mounted both it and the old container...
-
You can convert TrueCrypt file containers and partitions to VeraCrypt if the volumes and partitions were created using TrueCrypt versions 6.x and 7.x version. You will have to convert using VeraCrypt versions prior to 1.26. https://www.veracrypt.fr/en/Converting%20TrueCrypt%20volumes%20and%20partitions.html I feel naïve. After using VeraCrypt for so long I didn’t know VeraCrypt could convert containers like this! I had previously just created a new container, mounted both it and the old container...
-
I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones Agreed. Another reason to keep this version for download will be for anyone who wishes to use it on Windows 7 and Windows 8.1 since I believe it will also be the last version to support them. I’m looking forward to the upcoming 1.26 version...
-
I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones Agreed. Another reason to keep this version for download will be for anyone who wishes to use it on Windows 7 and Windows 8.1 since I believe it will also be the last version to support them. I’m looking forward to the upcoming 1.26 version...
-
I guess then that you will have to keep 1.25.9 as a downloadable option, being the latest VeraCrypt to support TrueCrypt, at least in order for users to be able to decrypt their TrueCrypt volumes and file containers, so that they can create new VeraCrypt ones Agreed. Another reason to keep this version for download will be for anyone who wishes to use it on Windows 7 and Windows 8.1 since I believe it will also be the last version to support them. I’m looking forward to the upcoming 1.26 version...
-
I agree, this is very exciting! Thanks Mounir for offering to look into this issue, it will need a lot of work. Over the years I may have stumbled upon this issue. I have noticed that sometimes when you accidentally enter the wrong password for a container, VeraCrypt tries to mount it anyway and never completes with an incorrect password error. You also can’t kill the VeraCrypt process since the mounting is done via the System process (Process ID 4) and I’ve never been able to locate the relevant...
-
I'm in the process of removing TrueCrypt Mode support from VeraCrypt and so the release notes will be updated to indicate that the last version that supports TrueCrypt Mode is 1.25.9. This is the logical move after the removal of legacy algorithms. Many thanks for your work on removing TrueCrypt support for the next version. Exciting times ahead!
-
Hi Enigma2Illusion, Sorry but I misunderstood how Mounir had implemented the EMV feature, I realized it was disabled but now realize it can’t execute at all in that state. I was simply making a suggestion to reduce the attack surface of the tool by decreasing the number of lines of source code that are compiled and are later loaded in memory. True, the EMV feature is no different than other features but as more features are implemented the attack surface and complexity of the code/VeraCrypt grows....
-
Hi Mounir, I hope you are doing well. I realized the code was disabled but wasn’t aware it wouldn’t execute if disabled. I really like your suggestion of a plugin or addon mechanism. If I wasn’t clear in my request, this is just a suggestion, with no timeframe in mind. I’m well aware of your limited time commitments and I believe you do an amazing job with such limited resources and time (I don’t mean this in offensive manner quite the opposite). By the way, I applaud the implementation of EMV support...
-
Hi Mounir, I wish to make a suggestion for a possible feature request for a version of VeraCrypt after 1.26. While I really appreciate the work of the team of students from national des sciences appliquées de Rennes, if a user does not wish to use the new EMV feature, could it adapted to be an optional feature during the installation of VeraCrypt, please? This way if a user wishes to use it, they can install the EMV feature during installation and if not, un-tick the option during install and then...
-
Concerning TrueCrypt Mode, removing it in the official 1.26 release would streamline development efforts on improving VeraCrypt. This means version 1.25.9 will be the last version that supports TrueCrypt Mode. What do you think? Agreed. With the removal of the older algorithms from 1.26 too, it makes sense to me to also drop TrueCrypt suppport. Its been many, many years since I have needed to use that and if I need to in the future, I 'll use an older VeraCrypt version to migrate an old container...
-
I agree, it would be less work for you to focus only on supported operating systems (which receive updates). Older OSes could be supported using older versions of VeraCrypt, please ensure to keep those older versions on the website. All of my primary systems are Windows 11 22H2 and with my older systems using Windows 10 22H2. While these OSes have telemetry, it can be turned off or minimized so I don’t believe it’s an issue (a conversation on this is for another thread). Its fantastic to see you...
-
While I agree the younger generation Z aren’t very interested in privacy (due to them growing up in an internet connected society, what they never had they will never miss), I don’t believe encryption software is fully dying out but I admit it’s getting less common. Organizations such as (ISC)2, ISACA and IAPP, of which I am a member of all will do their best to make certain of privacy for the future. Also baby boomers, generation X and people such as myself as a millennial have many more years left...
-
I totally agree about the lack of project funding and the increasing difficulty of overcoming security roadblocks in the OSes. I really didn't expect for older versions of Windows like 7, 8, 8.1 and Vista to still be supported but thanks to Mounir's amazing work they are. I will be making another donation today and I would encourage others to do so, no matter how small. Mounir needs to know there is still interest and support for his work. For me VeraCrypt is working fine on my two Windows 11 22H2...
-
Agreed. I was under the impression Mounir maintains VerasCrypt in his spare time. I do recall last year he said he wanted 2022 to be a better year for VeraCrypt than 2021 was (I believe there was only 1 release in 2021) but he said he wasn't sure how much time he would get to work on it.
-
Dear Mounir and the VeraCrypt team, I wish to raise a very similar request. I have created a ticket (#511) to request the zlib library used within VeraCrypt be updated again. Version 1.2.13 resolves a critical heap-based buffer overflow (CVSS3 score of 9.8). This vulnerability has been assigned CVE-2022-37434 : https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Many thanks.
-
Dear Mounir and the VeraCrypt team, I wish to raise a very similar request. I have created a ticket (#511) to request the zlib library used within VeraCrypt. Version 1.2.13 resolves a critical heap-based buffer overflow (CVSS3 score of 9.8). This vulnerability has been assigned CVE-2022-37434 : https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Many thanks.
-
Dear Mounir and the VeraCrypt team, Sorry to bother you again on a very similar request. I have created a ticket (#511) to request the zlib library used within VeraCrypt. Version 1.2.13 resolves a critical heap-based buffer overflow (CVSS3 score of 9.8). This vulnerability has been assigned CVE-2022-37434 : https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Many thanks.
-
Update Request | 3rd party library | zlib
-
From my understanding of the Twitter posts, the claimed vulnerability did not include a description that made sense or was plausible or even a demonstration to show the vulnerability being exploited. The video posted did not show exploitable behavior but merely the PsExec tool being used as was intended by being called within a script contained in an HTML file. That’s what a script is supposed to do and is not exploitable behavior. The PsExec tool is legitimate but like any tool can be used for malicious...
-
From my understanding of the Twitter posts, the claimed vulnerability did not include a description that made sense or was plausible or even a demonstration to show the vulnerability being exploited. The video posted did not show exploitable behavior but merely the PsExec tool being used as was intended by being called within a script contained in an HTML file. That’s what a script is supposed to do and is not exploitable behavior. The PsExec tool is legitimate but like any tool can be used for malicious...
-
The CVE-2022-29072 is disputed and multiple security researchers have declared it a hoax: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072 https://twitter.com/wdormann/status/1521237068336316417 https://twitter.com/wdormann/status/1516979696126369792 https://twitter.com/taviso/status/1516091373178347532
-
The CVE-2022-29072 is disputed and multiple security researchers have declared it a hoax: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072 https://twitter.com/wdormann/status/1521237068336316417 https://twitter.com/wdormann/status/1516979696126369792
-
Thanks very much Mounir and there is no rush to release 1.26, at least in my opinion. Please take all the time you need.
-
Dear Mounir, Sorry to bother you again. If possible, may I also request the most recent version of zlib 1.2.12 be included in a future release of VeraCrypt, please? A 17 year old CVE has been fixed within it: https://nakedsecurity.sophos.com/2022/03/29/zlib-data-compressor-fixes-17-year-old-security-bug-patch-errr-now/ Many thanks.
-
Hi Mounir, You are very welcome and many thanks for resolving those Coverity issues so promptly. I hope they were not too tedious. Wow, that is a huge increase in the code base but as you say the defect density is still lower than before. Excellent work.
-
Dear Mounir, Sorry, I referenced the wrong date when I wrote January 2015, you are correct and many thanks for so promptly actioning this request. I have edited my post to correct that. Off topic: I recently upgraded my VeraCrypt file volumes from 64-character keys to 128 character keys and the process was totally seamless. I really appreciate the quality of the code you write. I’ve sent another donation to you.
-
Dear Mounir, Sorry, I referenced the wrong date when I wrote January 2015, you are correct and many thanks for so promptly actioning this request. I have edited my post to correct that. Off topic: I recently upgraded my VeraCrypt file containers from 64-character keys to 128 character keys and the process was totally seamless. I really appreciate the quality of the code you write. I’ve sent another donation to you.
-
Dear Mounir, Many thanks for this new version for testing. Would you consider carrying out a Coverity scan since one has not been carried out since January 2020 and a lot of code was added and removed in the following commit? Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89 Have a good evening.
-
Dear Mounir, Many thanks for this new version for testing. Would you consider carrying out a Coverity scan since one has not been carried out since January 2015 and a lot of code was added and removed in the following commit? Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89 Have a good evening.
-
Hi Thomas, If it was me, yes I would stay with v1.24 Update 7 since I agree with you the risk of using Test Mode is quite high. With RAM encryption already enabled you should be covered. I hope this helps. Thanks.
-
Hi Brick Wall, I’m afraid that right now there is no timeline for compatibility with Window 11. I’m not associated with the VeraCrypt project and I'm just an interested long term user of VeraCrypt. I have also made 2 generous financial donations to the project since the 1.25 RC1 version to help Mounir out since I'm not a software developer. I know the difficulties being experienced right now in relation to releasing an updated version for just Windows 10 right now (with possible support for Windows...
-
Hi Brick Wall, I’m afraid that right now there is no timeline for compatibility with Window 11. I’m not associated with the VeraCrypt project and I'm just an interested long term user of VeraCrypt, but I do know the difficulties being experienced right now in relation to releasing an updated version for just Windows 10 right now (with possible support for Windows 7 too). The following thread with posts from Mounir and Enigma2Illusion will inform you better than I can on the current difficulties and...
-
I totally agree with Enigma2Illusion. Windows 10 Pro can be made more secure by adjusting those kinds of settings. I am using Windows 10 Pro for Workstations which has even less initial apps loaded when you install it (but I realize few will purchase it like I did due to its extra cost over Pro). I honestly feel the OS is more secure today than ever. However this edition is a better choice for my high performance workstation. I also intend to switch to Windows 11 Pro for Workstations early next year....
-
Apologies but I disagree. According to the NIST SP 800-132 standard depending upon the sensitivity or importance of data, increasing the iteration count (using the PIM) may be an appropriate choice. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf I personally have data that I deem sensitive enough to use more than 14 million iterations (the standard recommends 10 million for critical data). Mounting takes about 3 to 4 minutes on my Core i9 7980XE. I really don't mind...
-
Hi Igor, Please find attached the standard and stmC logs for my system. Yes, this CPU is not a top of the line Intel IceLake but she is still powerful. Let me know if you need anything else. Thank you. CPU: Intel Core i9 Extreme 7980XE @ 2.6 GHz (18 cores, 36 threads) RAM: 64GB Corsair Dominator Platinum PC4-21300 Quad Channel DDR4 at CAS 15-15-15-36-1T Graphics: 2x Nvidia Titan RTX “T-Rex” (NVLink Enabled) @ 1965 Mhz, 48 GB VRAM
1