Visualizza messaggio singolo
Vecchio 22-08-2015, 01.12.03   #4
retalv
Forum supporter
WT Expert
 
L'avatar di retalv
 
Registrato: 13-03-2005
Loc.: Ultima stella a destra
Messaggi: 2.809
retalv è un gioiello raroretalv è un gioiello raroretalv è un gioiello raroretalv è un gioiello raro
Rif: VeraCrypt e la fine de "Il tempo delle mele"...

La prima release stabile di VeraCrypt risale a giugno 2013 e nasce sulla base di TrueCrypt 7.1a (l'ultima vera release di TrueCrypt). Da allora molte cose sono state aggiornate e cambiate nel sottobosco (vedi le note di rilascio) e passando dal solo sviluppo per Windows a quello sia per Linux sia per MacOSX.

Per quanto ne so, il cuore degli algoritmi di criptazione (ad esclusione del ciclo di interazioni, aumentato sin dalla prima release) non è stato quasi toccato, in quanto le possibili insicurezze rilevate dall'audit riguardavano principalmente i contorni (mancate verifiche dell'header, mancati controlli sui buffers, ecc.) mentre per la logica di codifica l'unico appunto riguardava l'AES. Questi aspetti dovrebbero essere stati tutti risolti con la versione 1.0f-2.

Dire che è esente da bug sarebbe un controsenso. Basta leggere le note di rilascio e si vede che i fix "fioccano", ma se devo essere sincero, usandolo nei modi canonici non ho mai avuto problemi di alcun tipo ad sclusione dei tempi di accesso "biblici"...

Se vuoi un parere franco, mi fido piu di VeraCrypt che di qualche "signor nessuno" che può perdere solo la faccia (e solo quella).

E' si un software free che non dà alcuna garanzia legale all'utilizzatore, ma il semplice fatto che una, se pur piccola, software-house spenda tempo e credibilità a svilupparlo e mantenerlo è di fatto una garanzia maggiore di uno qualsiasi degli altri tre progetti (per altro al momento completamente fermi... stai te ad aspettare gli svizzeri... ... magari si sono accorpati a VeraCrypt senza farlo sapere in giro, ma dubito...).

Personalmente uso tre partizioni crittografate con VeraCrypt (1TB esterno, 10GB + 10GB interni) e, per non invecchiare aspettando il login del sistema, usavo fino a ieri TrueCrypt per la partizione su SSD.
Ora uso VeraCrypt senza rimpianti anche per la codifica del disco di sistema.

La v1.14 è già disponibile in beta come Nightly Builds per risolvere alcuni piccoli bug: il primo è, per me che sono un pigro, particolarmente fastidioso (ma riuscirò a sopravvivere nell'attesa della release ufficiale ), vedi lista in seguito... che dirti di più?

Codice:
- Windows:

* Solve option "Cache password in drive memory" always disabled even if checked in preferences.
* Solve UI language change not taken into account for new install unless a preference is changed.
* Driver: Support returning StorageDeviceProperty when queried through IOCTL_STORAGE_QUERY_PROPERTY.
* Minors GUI fixes.
Dimenticavo... con questa release i download su SourceForge si sono impennati passando da poche decine a 1800 (a solo 12gg dal rilascio) ... esistono ottime probabilità che per l'immediato futuro il software riceva un più adeguato debugging... e magari una bella ripassata alla traduzione in italiano (...venghino signori venghino...).

Vari links per chi fosse interessato...

https://www.idrix.fr/

https://veracrypt.codeplex.com

http://sourceforge.net/projects/vera...htly%20Builds/


Codice:
Release Notes

1.13 (August 9th, 2015):

    Windows:
        Solve TOR crashing when run from a VeraCrypt volume. 

1.12 (August 5th, 2015):

    All OSs:
        Implement "Dynamic Mode" by supporting a Personal Iterations Multiplier (PIM). See documentation for more information. 

    Windows:
        Detect Boot Loader tampering ("Evil Maid" attacks) for system encryption and propose recovery options.
        Fix buffer overrun issue and other memory related bugs when parsing language XML files.
        Fix wrongly reported bad sectors by chkdsk caused by a bug in IOCTL_DISK_VERIFY handling.
        Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
        Fix system favorites not always mounting after cold start.
        Solve installer error when updating VeraCrypt on Windows 10.
        Implement decryption of non-system partition/drive.
        Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
        Allow using drive letters A: and B: for mounting volumes
        Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
        Add possibility to show system encryption password in Windows GUI and bootloader
        Solve "Class Already exists" error that was happening for some users.
        Solve some menu items and GUI fields not translatable
        Make volumes correctly report Physical Sector size to Windows.
        Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
        Add manual selection of partition when resuming in-place encryption.
        Add command line option (/cache f) to temporarily cache password during favorites mounting.
        Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
        Add extra information to displayed error message in order to help analyze reported issues.
        Disable menu entry for changing system encryption PRF since it's not yet implemented.
        Fix failure to change password when UAC required (inherited from TrueCrypt)
        Minor fixes and changes (see Git history for more details) 

    Linux:
        Solve installer issue under KDE when xterm not available
        Fix warnings on about/LegalNotice dialogs when wxWidgets linked dynamically (N/A for official binary)
        Support hash names with '-' in command line (sha-256, sha-512 and ripemd-160)
        Remove "--current-hash" switch and add "--new-hash" to be more coherent with existing switches.
        When only keyfile specified in command line, don't try to mount using empty password.
            If mounting using empty password is needed, explicitly specify so using: -p "" 

1.0f-2(April 5th, 2015):

    All OSs:
        Mounting speed improvement, up to 20% quicker on 64-bit (contributed by Nils Maier)
        Add option to set default hash/TrueCryptMode used for mounting volumes.
        Use TrueCryptMode/Hash specified in command line in password dialog. 
    Windows:
        Solve CryptAcquireContext vulnerability reported by Open Crypto Audit Phase II.
        Proper handling of random generator failures. Inform user in such cases.
        TrueCrypt Mode related changes:
            Support mounting TrueCrypt system partition (no conversion yet)
            Support TrueCrypt volumes as System Favorites.
            Correct displaying wrong TrueCrypt mode in volume properties when SHA-256 is used. 
        Solve PIN BLOCKED issue with smart cards in a special case.
        Correctly handle file access errors when mounting containers.
        Solve several issues reported by the Static Code Analysis too Coverity.
        Bootloader: Add "Verifying Password..." message.
        When UAC prompt fails (for example timeout), offer the user to retry the operation.
        Uninstall link now open the standard "Add/Remove Programs" window.
        On uninstall, remove all VeraCrypt references from registry and disk.
        Included VeraCryptExpander in the Setup.
        Add option to temporary cache password when mounting multiple favorites.
        Minor fixes and enhancements (see git history for more information) 
    MacOSX:
        Solve issue volumes not auto-dismounting when quitting VeraCrypt.
        Solve issue VeraCrypt window not reopening by clicking dock icon. 
    Linux/MacOSX:
        Solve preferences dialog not closing when clicking on the 'X' icon.
        Solve read-only issue when mounting non-FAT volumes in some cases.
        Support opening/exploring mounted volumes on desktops other than Gnome/KDE.
        Solve various installer issues when running on less common configurations
        Minor fixes (see git history for more information) 

1.0f-1 (January 4th, 2015)

    All OSs:
        Add support for old TrueCrypt 6.0.
        Change naming of cascades algorithms in GUI for a better description. 
    Linux/MacOSX:
        Make cancel button of the preference dialog working.
        Solve impossibility to enter a one digit size for the volume.
        Add wait dialog to the benchmark calculation. 
    Windows:
        Add TrueCrypt mode to the mounted volume information.
        For Windows XP, correct the installer graphical artefacts. 

1.0f (December 30, 2014)

    All OSs:
        Add support for mounting TrueCrypt volumes.
        Add support for converting TrueCrypt containers and non-system partitions.
        Add support for SHA-256 for volume encryption.
        Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD160
        Deprecate RIPEMD160 for non-system encryption.
        Speedup mount operation by enabling choice of correct hash algorithm.
        Display a wait dialog during lengthy operations to avoid freezing the GUI.
        Implement creation of multiple keyfiles at once, with predefined or random size.
        Always display random gathering dialog before performing sensitive operations.
        Links in the application now points to the online resources on Codeplex
        First version of proper VeraCrypt User Guide 
    MacOSX:
        Implement support for hard drives with a large sector size (> 512).
        Link against new wxWidgets version 3.0.2.
        Solve truncated text in some Wizard windows. 
    Linux:
        Add support of NTFS formatting of volumes.
        Correct issue on opening of the user guide PDF.
        Better support for hard drives with a large sector size (> 512).
        Link against new wxWidgets version 3.0.2. 
    Windows:
        Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
        Add support for SHA-256 in system boot encryption.
        Various optimizations in bootloader.
        Complete fix of ShellExecute security issue.
        Kernel driver: check that the password length received from bootloader is less or equal to 64.
        Correct a random crash when clicking the link for more information on keyfiles
        Implement option to auto-dismount when user session is locked
        Add self-test vectors for SHA-256
        Modern look-and-feel by enabling visual styles
        few minor fixed. 

1.0e (September 4, 2014)

    Improvements and bug fixes:
        Correct most of the security vulnerabilities reported by the Open Crypto Audit Project.
        Correct security issues detected by Static Code Analysis, mainly under Windows.
        Correct issue of unresponsiveness when changing password/key file of a volume. Reduce overall time taken for creating encrypted volume/partition.
        Minor improvements and bug fixes (look at git history for more details). 


1.0d (June 3, 2014)

    Improvements and bug fixes:
        Correct issue while creating hidden operating system.
        Minor improvements and bug fixes.
retalv non è collegato   Rispondi citando