A recently conducted security assessment of VeraCrypt has revealed over 25 security vulnerabilities in the popular encryption platform, including a critical cryptography flaw.
Funded by OSTIF (The Open Source Technology Improvement Fund), the assessment was performed by two Quarkslab senior researchers, Jean-Baptiste Bédrune and Marion Videau. Between Aug. 16 and Sep. 14, 2016, the two focused mainly on the new features that were introduced following last year’s audit of TrueCrypt.
Derived from the now discontinued TrueCrypt, VeraCrypt is a disk encryption software developed by IDRIX that not only focused on resolving vulnerabilities, but also on introducing new features. The security researchers analyzed version 1.18 of the software, and version 1.19 has already released to resolve the discovered issues.
Some of the introduced features include: support of UEFI, non-Western cryptographic algorithms (Camellia, Kuznyechik, GOST 28147-89, Streebog), volume expander, “Personal Iterations Multiplier,” support of UNICODE on Windows, use of StrSafe functions instead of string.h, gathering of entropy on mouse movements at each random number generation.
The Quarkslab researchers first focused on assessing the manner in which VeraCrypt resolved the vulnerabilities discovered in TrueCrypt and revealed that all of those brought to light by last year’s audit have been correctly fixed, except for a minor fix for one of them.
“In particular, the problem leading to a privilege escalation discovered by James Forshaw in the TrueCrypt driver just after the OCAP audit has been solved,” the researchers noted in their security assessment (PDF).
However, the researchers explain that the flaws that require “substantial modifications of the code or the architecture of the project” haven’t been patched, including the AES implementation that is susceptible to cache-timing attacks. Moreover, vulnerabilities leading to incompatibility with TrueCrypt have not been fixed.
A keyfile mixing not being cryptographically sound bug was one of the most notable issues found by the audit, a result of the fact that the manner in which the keyfiles are mixed to derive secret data relies on non-cryptographic mechanisms. There is also an unauthenticated ciphertext in volume headers flaw, where the lack of a real MAC on the volume headers makes existential forgeries possible with approximately 232 queries.
The researchers also discovered a series of new issues that must be corrected quickly, such as the availability of GOST 28147-89, a symmetric block cipher with a 64-bit block size. Added in VeraCrypt 1.18, the algorithm has been removed in version 1.19.
Moreover, the audit discovered that compression libraries are outdated or poorly written and that they must be updated or replaced. On top of that, researchers reveal that, if the system is encrypted, the boot password (in UEFI mode) or its length (in legacy mode) could be retrieved by an attacker, and they say that the UEFI loader is not mature yet, but that this is not causing security problems from a strict cryptographic point of view.
Despite these issues, however, the security researchers say that VeraCrypt evolved in a good direction and that assessment conclusions are taken into consideration. The overall security of the project is improving and the results are beneficial for people interested in using a disk encryption software.
“VeraCrypt is a project hard to maintain. Deep knowledge of several operating systems, the Windows kernel, the system boot chain and good concepts in cryptography are required. The improvements made by IDRIX demonstrate the possession of these skills,” the two researchers said.