VeraCrypt 1.24 发布,开源加密软件
VeraCrypt 1.24 发布,VeraCrypt 是 TrueCrypt 的分支,于2013年6月发布,项目的主要开发者是来自法国的安全顾问 Mounir Idrassi 。Idrassi 创建 VeraCrypt 分支的动机是在 2012 年他被要求在客户产品中整合 TrueCrypt,他评估了 TrueCrypt代码后发现它存在一些问题,TrueCrypt 的主要弱点是不能防御暴力破解攻击。在加密系统分区时,TrueCrypt 使用 PBKDF2-RIPEMD160 算法进行 1000 次迭代;对于标准容器和非系统分区,TrueCrypt 最多迭代 2000 次。相比之下,VeraCrypt 使用 PBKDF2-RIPEMD160 算法对系统分区迭代 327,661 次,对于标准容器和非系统分区,迭代次数进一步增加到 655,331 次,大幅增加暴力破解难度。结果是,VeraCrypt 打开加密分区的速度略慢,而它的加密格式也不兼容于 TrueCrypt。另一个 TrueCrypt 分支 CipherShed 项目则努力兼容 TrueCrypt 加密格式。(以上介绍内容来自 Solidot)
VeraCrypt 增强了用于系统和分区加密的算法的安全性,使其免受暴力破解攻击。VeraCrypt 还解决了TrueCryp t中发现的许多漏洞和安全问题。 以下帖子描述了一些改进和更正:https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325
VeraCrypt on the fly encrypting the system partition :
VeraCrypt creating an encrypted volume :
完整改进记录包括:
- All OSs:
- Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
- Add option to use legacy maximum password length (64) instead of new one for compatibility reasons.
- Use Hardware RNG based on CPU timing jitter "Jitterentropy" by Stephan Mueller as a good alternative to CPU RDRAND (http://www.chronox.de/jent.html)
- Speed optimization of XTS mode on 64-bit machine using SSE2 (up to 10% faster).
- Fix detection of CPU features AVX2/BMI2. Add detection of RDRAND/RDSEED CPU features. Detect Hygon CPU as AMD one.
- Increase password maximum length to 128 bytes in UTF-8 encoding for non-system volumes.
- Windows:
- Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
- Available only on 64-bit machines.
- Disabled by default. Can be enabled using option in UI.
- Less than 10% overhead on modern CPUs.
- Side effect: Windows Hibernate is not possible if VeraCrypt System Encryption is also being used.
- Mitigate some memory attacks by making VeraCrypt applications memory inaccessible to non-admin users (based on KeePassXC implementation)
- New security features:
- Erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks
- Add option when system encryption is used to erase all encryption keys from memory when a new device is connected to the system.
- Add new driver entry point that can be called by applications to erase encryption keys from memory in case of emergency.
- MBR Bootloader: dynamically determine boot loader memory segment instead of hardcoded values (proposed by neos6464)
- MBR Bootloader: workaround for issue affecting creation of hidden OS on some SSD drives.
- Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader.
- Several enhancements and fixes for EFI bootloader:
- Implement timeout mechanism for password input. Set default timeout value to 3 minutes and default timeout action to "shutdown".
- Implement new actions "shutdown" and "reboot" for EFI DcsProp config file.
- Enhance Rescue Disk implementation of restoring VeraCrypt loader.
- Fix ESC on password prompt during Pre-Test not starting Windows.
- Add menu entry in Rescue Disk that enables starting original Windows loader.
- Fix issue that was preventing Streebog hash from being selected manually during Pre-Boot authentication.
- If "VeraCrypt" folder is missing from Rescue Disk, it will boot PC directly from bootloader stored on hard drive
- This makes it easy to create a bootable disk for VeraCrypt from Rescue Disk just by removing/renaming its "VeraCrypt" folder.
- Add option (disabled by default) to use CPU RDRAND or RDSEED as an additional entropy source for our random generator when available.
- Add mount option (both UI and command line) that allows mounting a volume without attaching it to the specified drive letter.
- Update libzip to version 1.5.2
- Do not create uninstall shortcut in startmenu when installing VeraCrypt. (by Sven Strickroth)
- Enable selection of Quick Format for file containers creation. Separate Quick Format and Dynamic Volume options in the wizard UI.
- Fix editor of EFI system encryption configuration file not accepting ENTER key to add new lines.
- Avoid simultaneous calls of favorites mounting, for example if corresponding hotkey is pressed multiple times.
- Ensure that only one thread at a time can create a secure desktop.
- Resize some dialogs in Format and Mount Options to fix some text truncation issues with non-English languages.
- Fix high CPU usage when using favorites and add switch to disable periodic check on devices to reduce CPU load.
- Minor UI changes.
- Updates and corrections to translations and documentation.
- Implement RAM encryption for keys and passwords using ChaCha12 cipher, t1ha non-cryptographic fast hash and ChaCha20 based CSPRNG.
- MacOSX:
- Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
- Linux:
- Make CLI switch --import-token-keyfiles compatible with Non-Interactive mode.
- Add check on size of file container during creation to ensure it's smaller than available free disk space. Add CLI switch --no-size-check to disable this check.
低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。
持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。
转载内容版权归作者及来源网站所有,本站原创内容转载请注明来源。
- 上一篇
Kube-OVN v0.8.0 支持网关高可用以及网络监控集成
Kube-OVN 是一个基于 OVN 的 Kubernetes 开源网络项目。 本次更新主要包含了以下内容: 网关 1. 从 0.8 版本开始,集中式网关支持主备模式的高可用,Kube-OVN 会自动探测网关节点的可用性并进行故障切换提升整体网络的可用性,整个网络平面不会出现单点故障。 监控工具 1. 通过 kubectl 插件,集成了大量网络检测工具,用户可以通过 kubectl ko 命令执行 ovn 相关命令,对特定容器的流量进行 tcpdump,检查特定链路的流表,并可以检测集群网络的整体质量 2. 新增 pinger 组件,会不断检测集群网络质量,并将指标以 Prometheus 的格式对外暴露 安全 1. 容器网络自动启用端口安全,可以防止恶意的 mac 和 ip 伪造攻击 2. 默认开启 node 和 pod 之间的网络连通 其他 1. 支持 hostport 扩展 2. OVN 和 OVS 升级到 2.11.3 解决了部分 bug 和性能问题 3. Go 升级至 1.13
- 下一篇
后台数据可视化管理平台生成框架 GoAdmin v1.0.0-alpha 发布
GoAdmin 第一个预发布1.0版本上线了。 golang作为一门蓬勃发展的编程语言,得益于其众多优异的特性,在过去几年内越来越受到编程人员的青睐。而对于golang,在后台管理,数据可视化管理领域却缺少像其他语言一样有一个可用且好用的框架。于是,GoAdmin应运而生。在借鉴了其他语言同类产品的优点,经过了一年多的打磨,期间调整过架构,也消灭了许多bug,api终于趋于稳定,因此我们很开心将GoAdmin的1.0预发布正式版本开源公开,接受大家的检验。由于能力有限,但我们始终在学习,也一直保有热情,如您使用过程中遇到任何问题,都可以联系我们进行建议改进,希望能够对大家的开发有所助益。同时,GoAdmin的2.0, 3.0版本都在规划中,非常欢迎有时间有精力有能力的同学加入开发的。 产品截图 在线demo http://demo.go-admin.cn/admin 官网 http://www.go-admin.cn 特性 内置rbac权限管理系统 自带命令行工具一键生成数据表crud管理系统 支持多语言 主题配置化,目前支持adminlte,后面会有更多的主题支持 功能插件化,利...
相关文章
文章评论
共有0条评论来说两句吧...
文章二维码
点击排行
推荐阅读
最新文章
- CentOS8,CentOS7,CentOS6编译安装Redis5.0.7
- SpringBoot2整合Redis,开启缓存,提高访问速度
- Docker使用Oracle官方镜像安装(12C,18C,19C)
- Hadoop3单机部署,实现最简伪集群
- Jdk安装(Linux,MacOS,Windows),包含三大操作系统的最全安装
- SpringBoot2整合MyBatis,连接MySql数据库做增删改查操作
- SpringBoot2配置默认Tomcat设置,开启更多高级功能
- Springboot2将连接池hikari替换为druid,体验最强大的数据库连接池
- SpringBoot2更换Tomcat为Jetty,小型站点的福音
- CentOS8编译安装MySQL8.0.19