For example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.
This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much more harder for an attacker to gain access to the encrypted data.
VeraCrypt storage format is Incompatible with TrueCrypt storage format.
- Implement "Dynamic Mode" by supporting a Personal Iterations Multiplier (PIM). See documentation for more information.
- Solve installer issue under KDE when xterm not available
- Fix warnings on about/LegalNotice dialogs when wxWidgets linked dynamically (N/A for official binary)
- Support hash names with '-' in command line (sha-256, sha-512 and ripemd-160)
- Remove "--current-hash" switch and add "--new-hash" to be more coherent with existing switches.
- When only keyfile specified in command line, don't try to mount using empty password.
- Detect Boot Loader tampering ("Evil Maid" attacks) for system encryption and propose recovery options.
- Fix buffer overrun issue and other memory related bugs when parsing language XML files.
- Fix wrongly reported bad sectors by chkdsk caused by a bug in IOCTL_DISK_VERIFY handling.
- Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
- Fix system favorites not always mounting after cold start.
- Solve installer error when updating VeraCrypt on Windows 10.
- Implement decryption of non-system partition/drive.
- Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
- Allow using drive letters A: and B: for mounting volumes
- Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
- Add possibility to show system encryption password in Windows GUI and bootloader
- Solve "Class Already exists" error that was happening for some users.
- Solve some menu items and GUI fields not translatable
- Make volumes correctly report Physical Sector size to Windows.
- Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
- Add manual selection of partition when resuming in-place encryption.
- Add command line option (/cache f) to temporarily cache password during favorites mounting.
- Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
- Add extra information to displayed error message in order to help analyze reported issues.
- Disable menu entry for changing system encryption PRF since it's not yet implemented.
- Fix failure to change password when UAC required (inherited from TrueCrypt)
- Minor fixes and changes (see Git history for more details)