VeraCrypt icon indicating copy to clipboard operation
VeraCrypt copied to clipboard
verified publisher icon veracrypt

fix default algos

Open wendig0x opened this issue 2 years ago • 3 comments

Removed the default values for the algorithms. The default values attack first.

https://blog.elcomsoft.com/2021/06/breaking-veracrypt-obtaining-and-extracting-on-the-fly-encryption-keys/

wendig0x avatar May 27 '23 19:05 wendig0x

Thank you. I understand the idea behind this change but the choice of the algorithm can have impact on usability depending on the usage context (for example AES/SHA512 is the fastest combinaition and this is what most users look for). I see this feature as more towards security-focus people. Probably we should add a setting to enable randomization of algorithms during encryption process.

Concering the implementation, I would not use CRT srand/rand. I prefer to use more secure alternative (like RtlGenRandom)

idrassi avatar May 31 '23 22:05 idrassi

This change leaves the choice of algorithm to the user. Many people just don't make any choice, and make it easy for attackers to attack. As for RtlGenRandom - I think in this case, srand does not affect security.

wendig0x avatar Jun 02 '23 08:06 wendig0x

@idrassi

I found another confirmation that attackers are using default values to crack VeraCrypt: https://www.forensicfocus.com/articles/how-to-efficiently-decrypt-truecrypt-veracrypt-encryption-using-passware/

I think I've found a compromise solution: maybe just add a text warning that the default values used help the attacker?

wendig0x avatar Sep 30 '23 14:09 wendig0x