VeraCrypt inherited a substantial amount of code from its predecessor TrueCrypt, and also inherited the source-available TrueCrypt License for those files. This license is not one of many widely used open-source licenses and is not a free software license according to the Free Software Foundation license list, as it contains distribution and copyright-liability restrictions. New parts of VeraCrypt have been licensed under the Apache License 2.0 since version 1.19.
Encryption scheme
Algorithms
Individual ciphers supported by VeraCrypt are AES, Serpent, Twofish, Camellia, and Kuznyechik. The Magmacipher was removed in version 1.19 in response to a security audit. Additionally, ten different combinations of cascaded algorithms are available: AES–Twofish, AES–Twofish–Serpent, Camellia–Kuznyechik, Camellia–Serpent, Kuznyechik–AES, Kuznyechik–Serpent–Camellia, Kuznyechik–Twofish, Serpent–AES, Serpent–Twofish–AES, and Twofish–Serpent. The cryptographic hash functions available for use in VeraCrypt are RIPEMD-160, SHA-256, SHA-512, Streebog and Whirlpool.
The header key and the secondary header key are generated using PBKDF2 with a 512-bit salt and 200,000 to 655,331 iterations used by default, depending on the underlying hash function used.
Plausible deniability
As with its predecessor TrueCrypt, VeraCrypt supports plausible deniability by allowing a single "hidden volume" to be created within another volume. In addition, the Windows versions of VeraCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied. The VeraCrypt documentation lists many ways in which VeraCrypt's hidden volume deniability features may be compromised and possible ways to avoid this.
Performance
VeraCrypt supports parallelized encryption for multi-core systems and, under Microsoft Windows, pipelined read and write operations to reduce the performance hit of encryption and decryption. On processors supporting the AES-NIinstruction set, VeraCrypt supports hardware-accelerated AES to further improve performance. On 64-bit CPUs VeraCrypt uses optimized assembly implementation of Twofish and Camellia.
Security improvements
The VeraCrypt development team considered the TrueCrypt storage format too vulnerable to a National Security Agency attack, so it created a new format incompatible with that of TrueCrypt. This is one of the main differences between VeraCrypt and its competitor CipherShed, which continues to use the TrueCrypt format. VeraCrypt is still capable of opening and converting volumes in the TrueCrypt format.
An independent security audit of TrueCrypt released 29 September 2015 found TrueCrypt includes two vulnerabilities in the Windows installation driver allowing an attacker arbitrary code execution and privilege escalation via DLL hijacking. This was fixed in VeraCrypt in January 2016.
While TrueCrypt uses 1,000 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, VeraCrypt uses either 200,000 or 327,661 iterations by default, depending on the algorithm used. For standard containers and other partitions, VeraCrypt uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool by default. While these default settings make VeraCrypt slower at opening encrypted partitions, it also makes password-guessing attacks slower.
Additionally, since version 1.12, a new feature called "Personal Iterations Multiplier" provides a parameter whose value is used to control the number of iterations used by the header key derivation function, thereby making brute-force attacks potentially even more difficult. Veracrypt out of the box uses a reasonable PIM value to improve security, but users can provide higher value to enhance security. The primary downside of this feature is that it makes the process of opening encrypted archives even slower.
A vulnerability in the bootloader was fixed on Windows and various optimizations were made as well. The developers added support for SHA-256 to the system boot encryption option and also fixed a ShellExecute security issue. Linux and macOS users benefit from support for hard drives with sector sizes larger than 512. Linux also received support for the NTFS formatting of volumes.
Unicode passwords are supported on all operating systems since version 1.17.
VeraCrypt added the capability to boot system partitions using UEFI in version 1.18a.
Option to enable/disable support for the TRIM command for both system and non-system drives was added in version 1.22.
Erasing the system encryption keys from RAM during shutdown/reboot helps mitigate some cold boot attacks, added in version 1.24.
RAM encryption for keys and passwords on 64-bit systems was added in version 1.24.
VeraCrypt audit
An audit of version 1.18 was conducted by QuarksLab on behalf of the Open Source Technology Improvement Fund, which took 32 man-days and was published on 17 October 2016. The major vulnerabilities identified in this audit were resolved in version 1.19, released the same day.
Security precautions
There are several kinds of attacks that all software-based disk encryption is vulnerable to. As with TrueCrypt, the VeraCrypt documentation instructs users to follow various security precautions to mitigate these attacks, several of which are detailed below.
VeraCrypt stores its keys in RAM; on some personal computers DRAM will maintain its contents for several seconds after power is cut. Even if there is some degradation in the memory contents, various algorithms may be able to recover the keys. This method, known as a cold boot attack, was successfully used to attack a file system protected by TrueCrypt versions 4.3a and 5.0a in 2008. With version 1.24, VeraCrypt added the option of encrypting the in-RAM keys and passwords on 64-bit Windows systems, with a CPU overhead of less than 10%, and the option of erasing all encryption keys from memory when a new device is connected.
Physical security
VeraCrypt documentation states that VeraCrypt is unable to secure data on a computer if an attacker physically accessed it and VeraCrypt is then used on the compromised computer by the user again. This does not affect the common case of a stolen, lost, or confiscated computer. The attacker having physical access to a computer can, for example, install a hardware or a softwarekeylogger, a bus-mastering device capturing memory or install any other malicious hardware or software, allowing the attacker to capture unencrypted data or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called "evil maid attacks".
Malware
Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when they gain physical access to the computer.
The FAQ section of the VeraCrypt website states that the Trusted Platform Module cannot be relied upon for security, because if the attacker has physical or administrative access to a computer and it is used afterwards, the computer could have been modified by the attacker: e.g. a malicious component – such as a hardware keystroke logger – could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, VeraCrypt does not and will not support TPM.
