Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 425 other subscribers

My Favourites

Slackware

Calendar

April 2019
M T W T F S S
« Mar    
1234567
891011121314
15161718192021
22232425262728
2930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

RSS SBo

Meta

Update for VeraCrypt, new flaws in TrueCrypt

veraCrypt Recently TrueCrypt has been in the news again, because of a couple of new critical security issues that were found for its Windows version. You can read more in these articles at Engadget, Threatpost and  Extremetech. Windows computers with TrueCrypt installed can be taken over completely by a non-privileged user, and the computer does not even have to have mounted any TrueCrypt container.

These recently uncovered flaws were not found in last year’s code audit of TrueCrypt sources. Apparently this omission is due to the complexity of Windows drivers and “the kind of vulnerabilities that exist in many software on Windows and they are caused by lack of proper parameter validation in kernel mode code” according to Mounir Idrassi (VeraCrypt developer) in Threatpost.

Despite the fact that these new vulnerabilities are not affecting Linux, it is highly unwise to keep using TrueCrypt on Linux. The code is no longer maintained, it already has security issues and good alternatives exist.

The aforementioned VeraCrypt is a fork of the TrueCrypt code which is actively maintained, and the recent flaws found (to be disclosed next week) in TrueCrypt have already been patched in VeraCrypt 1.15 last weekend.

VeraCrypt is a drop-in replacement for TrueCrypt if you let it handle your encrypted container in “truecrypt mode”:

veracryptI have built new packages for VeraCrypt 1.15, updating it from the previous 1.13 which I had in my repository. You can get the packages (for Slackware versions 13.37 and newer) here: http://www.slackware.com/~alien/slackbuilds/veracrypt/ or at its primary mirror location http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/veracrypt/

Users of slackpkg+ merely have to run “slackpkg update && slackpkg upgrade veracrypt“, assuming that the repository mirror you are using is up to date.

Cheers! Eric

 

Comments

Comment from cwizardone
Posted: October 1, 2015 at 16:48

Many Thanks!

Comment from fabio
Posted: October 1, 2015 at 18:02

Man, sure you can read minds. Always thought veracrypt deserved a blog post. Many thanks !

Comment from Geremia
Posted: October 2, 2015 at 03:28

Anyone here use BTRFS? Does VeraCrypt work with it?

Comment from Eduardo
Posted: October 2, 2015 at 21:42

Thank you Eric!

Comment from fabio
Posted: October 6, 2015 at 04:51

back in the days of truecrypt, in order to interact with btrfs it was necessary interact with the filesystem on the volume outside of TrueCrypt. something like

truecrypt –text –create –filesystem=none /dev/sdx1

truecrypt –text –mount –filesystem=none –keyfiles= –volume-type=normal –protect-hidden=no –slot=1 /dev/sdx1

mkfs.btrfs /dev/mapper/truecrypt1

mount /dev/mapper/truecrypt1 /mnt

to umount
umount /mnt

Comment from Geremia
Posted: December 8, 2015 at 06:54

How do we do full-disk encryption with VeraCrypt on Linux? The documentation seems to imply that that’s only possible with VeraCrypt on Windows.

Comment from alienbob
Posted: December 8, 2015 at 16:29

We don’t need veracrypt for full disk encryption in Slackware.

Comment from Geremia
Posted: December 8, 2015 at 20:08

alienbob,

What’s the best way to do full disk encryption in Slackware?

thanks

Comment from alienbob
Posted: December 8, 2015 at 21:00

Full disk encryption in Slackware (minus /boot) using LUKS is well-documented.

If you also want to encrypt /boot then you’ll need GRUB in a special configuration which supports LUKS volume decryption. Examples for such a GRUB configuration can be found on the Internet.

Comment from Skaendo
Posted: February 21, 2016 at 02:12

Just a friendly heads-up, VeraCrypt had been updated to 1.17.

Thanks.

Write a comment