QuarkLabs VeraCrypt Audit Results
grarpamp
grarpamp at gmail.com
Tue Oct 18 14:38:43 PDT 2016
https://ostif.org/the-veracrypt-audit-results/
https://ostif.org/wp-content/uploads/2016/10/VeraCrypt-Audit-Final-for-Public-Release.pdf
https://ostif.org/ostif-quarklab-and-veracrypt-e-mails-are-being-intercepted/
VeraCrypt 1.18 and its bootloaders were evaluated. This release
included a number of new features including non-western developed
encryption options, a boot loader that supports UEFI (modern BIOSes),
and more.
QuarksLab found:
8 Critical Vulnerabilities
3 Medium Vulnerabilities
15 Low or Informational Vulnerabilities / Concerns
This public disclosure of these vulnerabilities coincides with the
release of VeraCrypt 1.19 which fixes the vast majority of these high
priority concerns. Some of these issues have not been fixed due to
high complexity for the proposed fixes, but workarounds have been
presented in the documentation for VeraCrypt.
More information about the cypherpunks
mailing list