A security audit performed by Quarkslab and funded by OSTIF uncovered several problems with the VeraCrypt disk encryption tool. The auditors found eight critical, three medium-severity, and 15 low or informational vulnerabilities in the software.
VeraCrypt As TrueCrypt’s Main Successor
The developers behind VeraCrypt forked the TrueCrypt disk encryption tool about a year before it was abandoned by its creator. Other forks from TrueCrypt (such as CipherShed) exist, but VeraCrypt seems to have received the most attention from open source disk encryption software users since TrueCrypt's abandonment.
VeraCrypt improved on TrueCrypt by resolving its predecessor’s security issues after they were uncovered by the Open Crypto Audit Project in 2015. Some issues remain, because fixing them would require significant architectural changes or break compatibility with TrueCrypt-encrypted disks, and the VeraCrypt team seems to have decided against fixing those legacy issues in the software for now. As more former TrueCrypt users start to switch, however, it may be possible to convert them to any new formats VeraCrypt adopts in the future.
VeraCrypt's developers continually add new features, improve old ones, and add support for new versions of desktop operating systems to VeraCrypt — but with those updates come new vulnerabilities.
New Issues Created By New Features
Quarkslab recommended immediately fixing several issues, including the availability of a 64-bit symmetric block cipher with a non-secure 64-bit block size called GOST; outdated and poorly written compression libraries; and the fact that UEFI boot passwords can be retrieved by an attacker. The security researchers also noted that the UEFI bootloader is not mature enough yet, but it doesn’t seem to pose any problems from a cryptographic point of view.
Some of the components of the VeraCrypt project weren’t audited, likely for the same reason they weren't covered by the TrueCrypt audit in 2015: lack of funding. The Linux and macOS versions of Veracrypt were also omitted from the audit.
VeraCrypt has already fixed the “vast majority” of the uncovered vulnerabilities in the latest 1.19 version of the software, except for the ones that would require architectural changes, such as using "scrypt" instead of PBKDF2 for password-based key derivation. However, this issue has been partially fixed by increasing the number of iterations from a maximum of 2,000 to a maximum of 655,331.
OSTIF, the nonprofit that funded the audit, asked users of VeraCrypt to continue to donate money so it can pay for future VeraCrypt audits, which will need to be done on a more regular basis, because changes made to improve VeraCrypt's architecture can introduce new security vulnerabilities.