QuarkLabs VeraCrypt Audit Results

Zenaan Harkness zen at freedbms.net
Tue Oct 18 16:53:07 PDT 2016


On Tue, Oct 18, 2016 at 05:38:43PM -0400, grarpamp wrote:
> https://ostif.org/the-veracrypt-audit-results/
> https://ostif.org/wp-content/uploads/2016/10/VeraCrypt-Audit-Final-for-Public-Release.pdf
> https://ostif.org/ostif-quarklab-and-veracrypt-e-mails-are-being-intercepted/
> 
> VeraCrypt 1.18 and its bootloaders were evaluated. This release
> included a number of new features including non-western developed
> encryption options, a boot loader that supports UEFI (modern BIOSes),
> and more.
> 
> QuarksLab found:
> 8 Critical Vulnerabilities
> 3 Medium Vulnerabilities
> 15 Low or Informational Vulnerabilities / Concerns
> 
> This public disclosure of these vulnerabilities coincides with the
> release of VeraCrypt 1.19 which fixes the vast majority of these high
> priority concerns. Some of these issues have not been fixed due to
> high complexity for the proposed fixes, but workarounds have been
> presented in the documentation for VeraCrypt.


Adding a little bit of cross check for those who bother:

$ ls -l
total 52004
-rw------- 1 justa justa     1523 Oct 19 10:50 README.TXT
-rw------- 1 justa justa      212 Oct 19 10:49 VeraCrypt_1.19_Bundle.7z.checksums
-rw------- 1 justa justa      543 Oct 19 10:49 VeraCrypt_1.19_Bundle.7z.sig
-rw------- 1 justa justa  9157326 Oct 19 10:48 VeraCrypt_1.19.dmg
-rw------- 1 justa justa      543 Oct 19 10:48 VeraCrypt_1.19.dmg.sig
-rw------- 1 justa justa 17120742 Oct 19 10:48 veracrypt-1.19-setup.tar.bz2
-rw------- 1 justa justa      543 Oct 19 10:48 veracrypt-1.19-setup.tar.bz2.sig
-rw------- 1 justa justa      661 Oct 19 10:50 veracrypt-1.19-sha256sum.txt
-rw------- 1 justa justa     1109 Oct 19 10:50 veracrypt-1.19-sha512sum.txt
-rw------- 1 justa justa 23219050 Oct 19 10:50 VeraCrypt_1.19_Source.tar.gz
-rw------- 1 justa justa      543 Oct 19 10:48 VeraCrypt_1.19_Source.tar.gz.sig
-rw------- 1 justa justa      543 Oct 19 10:48 VeraCrypt_1.19_Source.zip.sig
-rw------- 1 justa justa   630400 Oct 18 03:57 VeraCrypt-Audit-Final-for-Public-Release.pdf
-rw------- 1 justa justa   169417 Oct 19 10:49 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip
-rw------- 1 justa justa      543 Oct 19 10:49 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip.sig
-rw------- 1 justa justa      543 Oct 19 10:48 VeraCrypt Setup 1.19.exe.sig
-rw------- 1 justa justa  2896857 Oct 19 10:48 VeraCrypt User Guide.pdf
-rw------- 1 justa justa      543 Oct 19 10:48 VeraCrypt User Guide.pdf.sig


$ md5sum *
99da8fc540fae0631a449a5cd1007efd  README.TXT
7466e0be6bebb21a1993caa3f04b5a8e  VeraCrypt_1.19_Bundle.7z.checksums
9a0a7ee8864d6ca19c90885b5faf2985  VeraCrypt_1.19_Bundle.7z.sig
ac47f961951c723c1c936e13e088fdd7  VeraCrypt_1.19.dmg
5896ee728017626c627298a8c59ed0b9  VeraCrypt_1.19.dmg.sig
9323a12383de66d6ef411f94d73d6e59  veracrypt-1.19-setup.tar.bz2
23ded891d881fac6ad013c9f4e1d3690  veracrypt-1.19-setup.tar.bz2.sig
fdac6b381b148789f48dcfae0d3597f6  veracrypt-1.19-sha256sum.txt
14c99661d296494f316db9de4d3980a8  veracrypt-1.19-sha512sum.txt
7a68365eda0ee9b76348ffca58bc733c  VeraCrypt_1.19_Source.tar.gz
0a5e2b8861deb50637bde900a91a5805  VeraCrypt_1.19_Source.tar.gz.sig
d8efed8450f7fc5f1c1493284916666d  VeraCrypt_1.19_Source.zip.sig
53b6c13a8b3f9ae1ec39ac00e7cda517  VeraCrypt-Audit-Final-for-Public-Release.pdf
f6d4187d72c638dfab2135e41d083a2c  VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip
021b0cf140a7c9f8b98b5877aaf5cd58  VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip.sig
86bab71e9fb126c9d63b1ad42110fb03  VeraCrypt Setup 1.19.exe.sig
32c6a9357e56e0c824637b53e092abdc  VeraCrypt User Guide.pdf
7493ae50eee5d20940b9686560b62673  VeraCrypt User Guide.pdf.sig


$ sha256sum *
0c22381c1336ea19a3899ea8a7451fb287fa35b1203b764efa50bab03d92b255  README.TXT
087f739b0b3909d34af6e823b714dda05366124e84c3f0db4a8fb9deff2b0177  VeraCrypt_1.19_Bundle.7z.checksums
df3eac3d0ac01626c41cd93542c7a6e6f9c1cf249f5af8b12adeb51b3a2b46d6  VeraCrypt_1.19_Bundle.7z.sig
da098bba200d2cebb193bd699eef6dec7834c8eeb579ed40bcd21d45487e6ce7  VeraCrypt_1.19.dmg
2cfc96166e499dfa5a2b6cd1318430d1f7c48a465295e1a6e134baf5eb1e339a  VeraCrypt_1.19.dmg.sig
c76f13e1b78e56c8c0136481e502a2ec0da681fc2841b471856ef58b68c7cba7  veracrypt-1.19-setup.tar.bz2
57fdaef1e3b0f1ba6b4bdddb4e218d13375a613cd36d008f500771f0cd86e646  veracrypt-1.19-setup.tar.bz2.sig
04aea3d582e648ed5a3b8ee726214e6a7f435c37cf4d761403bd6023eb20a58a  veracrypt-1.19-sha256sum.txt
434a2bbaaf5ef26e3a0679cc7803af0fba67838aa74977e6acf9a377db188885  veracrypt-1.19-sha512sum.txt
db6016d91ef3acc6e566640a4580fae4013c8662c05e5deca502b1587fd03d84  VeraCrypt_1.19_Source.tar.gz
1e4ec3d63ad1df2d6b4405f6e4b967a3b2bd0c789dfb97093392a9ff1db643e1  VeraCrypt_1.19_Source.tar.gz.sig
6bd6623408694e7b1decea67fc64748e3ab66551c318702f00f508eb1a9b6e25  VeraCrypt_1.19_Source.zip.sig
a443424585d54b72564f390454510c73a5704d3d50fca8613e4ef1d6b61ba3c9  VeraCrypt-Audit-Final-for-Public-Release.pdf
3b1c39a6ba2a00051fd3a88030e7443b1bf67eb8a005864942c70cf1038b5de4  VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip
fc47d4ceb6fb4f90b43cc5ae2c0acefebf9ea306b55e25823fa0bad32f64f949  VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip.sig
b209fd4a6168bbfde59507392a3d091974e16b1b0859d91bdb2d62eeeb162937  VeraCrypt Setup 1.19.exe.sig
6d83219228ab080608c4815daf77a57f60b4d0d503d1efcbdcfa9b59b54ba6d1  VeraCrypt User Guide.pdf
40126ace7399addff401eaf4da3bda1392501514c565c43c73bb81d08904a12a  VeraCrypt User Guide.pdf.sig



(A little script flipping PS1, for ease of copypasta, is handy in these
situations.)


More information about the cypherpunks mailing list