QuarkLabs VeraCrypt Audit Results
Zenaan Harkness
zen at freedbms.net
Tue Oct 18 16:53:07 PDT 2016
On Tue, Oct 18, 2016 at 05:38:43PM -0400, grarpamp wrote:
> https://ostif.org/the-veracrypt-audit-results/
> https://ostif.org/wp-content/uploads/2016/10/VeraCrypt-Audit-Final-for-Public-Release.pdf
> https://ostif.org/ostif-quarklab-and-veracrypt-e-mails-are-being-intercepted/
>
> VeraCrypt 1.18 and its bootloaders were evaluated. This release
> included a number of new features including non-western developed
> encryption options, a boot loader that supports UEFI (modern BIOSes),
> and more.
>
> QuarksLab found:
> 8 Critical Vulnerabilities
> 3 Medium Vulnerabilities
> 15 Low or Informational Vulnerabilities / Concerns
>
> This public disclosure of these vulnerabilities coincides with the
> release of VeraCrypt 1.19 which fixes the vast majority of these high
> priority concerns. Some of these issues have not been fixed due to
> high complexity for the proposed fixes, but workarounds have been
> presented in the documentation for VeraCrypt.
Adding a little bit of cross check for those who bother:
$ ls -l
total 52004
-rw------- 1 justa justa 1523 Oct 19 10:50 README.TXT
-rw------- 1 justa justa 212 Oct 19 10:49 VeraCrypt_1.19_Bundle.7z.checksums
-rw------- 1 justa justa 543 Oct 19 10:49 VeraCrypt_1.19_Bundle.7z.sig
-rw------- 1 justa justa 9157326 Oct 19 10:48 VeraCrypt_1.19.dmg
-rw------- 1 justa justa 543 Oct 19 10:48 VeraCrypt_1.19.dmg.sig
-rw------- 1 justa justa 17120742 Oct 19 10:48 veracrypt-1.19-setup.tar.bz2
-rw------- 1 justa justa 543 Oct 19 10:48 veracrypt-1.19-setup.tar.bz2.sig
-rw------- 1 justa justa 661 Oct 19 10:50 veracrypt-1.19-sha256sum.txt
-rw------- 1 justa justa 1109 Oct 19 10:50 veracrypt-1.19-sha512sum.txt
-rw------- 1 justa justa 23219050 Oct 19 10:50 VeraCrypt_1.19_Source.tar.gz
-rw------- 1 justa justa 543 Oct 19 10:48 VeraCrypt_1.19_Source.tar.gz.sig
-rw------- 1 justa justa 543 Oct 19 10:48 VeraCrypt_1.19_Source.zip.sig
-rw------- 1 justa justa 630400 Oct 18 03:57 VeraCrypt-Audit-Final-for-Public-Release.pdf
-rw------- 1 justa justa 169417 Oct 19 10:49 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip
-rw------- 1 justa justa 543 Oct 19 10:49 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip.sig
-rw------- 1 justa justa 543 Oct 19 10:48 VeraCrypt Setup 1.19.exe.sig
-rw------- 1 justa justa 2896857 Oct 19 10:48 VeraCrypt User Guide.pdf
-rw------- 1 justa justa 543 Oct 19 10:48 VeraCrypt User Guide.pdf.sig
$ md5sum *
99da8fc540fae0631a449a5cd1007efd README.TXT
7466e0be6bebb21a1993caa3f04b5a8e VeraCrypt_1.19_Bundle.7z.checksums
9a0a7ee8864d6ca19c90885b5faf2985 VeraCrypt_1.19_Bundle.7z.sig
ac47f961951c723c1c936e13e088fdd7 VeraCrypt_1.19.dmg
5896ee728017626c627298a8c59ed0b9 VeraCrypt_1.19.dmg.sig
9323a12383de66d6ef411f94d73d6e59 veracrypt-1.19-setup.tar.bz2
23ded891d881fac6ad013c9f4e1d3690 veracrypt-1.19-setup.tar.bz2.sig
fdac6b381b148789f48dcfae0d3597f6 veracrypt-1.19-sha256sum.txt
14c99661d296494f316db9de4d3980a8 veracrypt-1.19-sha512sum.txt
7a68365eda0ee9b76348ffca58bc733c VeraCrypt_1.19_Source.tar.gz
0a5e2b8861deb50637bde900a91a5805 VeraCrypt_1.19_Source.tar.gz.sig
d8efed8450f7fc5f1c1493284916666d VeraCrypt_1.19_Source.zip.sig
53b6c13a8b3f9ae1ec39ac00e7cda517 VeraCrypt-Audit-Final-for-Public-Release.pdf
f6d4187d72c638dfab2135e41d083a2c VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip
021b0cf140a7c9f8b98b5877aaf5cd58 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip.sig
86bab71e9fb126c9d63b1ad42110fb03 VeraCrypt Setup 1.19.exe.sig
32c6a9357e56e0c824637b53e092abdc VeraCrypt User Guide.pdf
7493ae50eee5d20940b9686560b62673 VeraCrypt User Guide.pdf.sig
$ sha256sum *
0c22381c1336ea19a3899ea8a7451fb287fa35b1203b764efa50bab03d92b255 README.TXT
087f739b0b3909d34af6e823b714dda05366124e84c3f0db4a8fb9deff2b0177 VeraCrypt_1.19_Bundle.7z.checksums
df3eac3d0ac01626c41cd93542c7a6e6f9c1cf249f5af8b12adeb51b3a2b46d6 VeraCrypt_1.19_Bundle.7z.sig
da098bba200d2cebb193bd699eef6dec7834c8eeb579ed40bcd21d45487e6ce7 VeraCrypt_1.19.dmg
2cfc96166e499dfa5a2b6cd1318430d1f7c48a465295e1a6e134baf5eb1e339a VeraCrypt_1.19.dmg.sig
c76f13e1b78e56c8c0136481e502a2ec0da681fc2841b471856ef58b68c7cba7 veracrypt-1.19-setup.tar.bz2
57fdaef1e3b0f1ba6b4bdddb4e218d13375a613cd36d008f500771f0cd86e646 veracrypt-1.19-setup.tar.bz2.sig
04aea3d582e648ed5a3b8ee726214e6a7f435c37cf4d761403bd6023eb20a58a veracrypt-1.19-sha256sum.txt
434a2bbaaf5ef26e3a0679cc7803af0fba67838aa74977e6acf9a377db188885 veracrypt-1.19-sha512sum.txt
db6016d91ef3acc6e566640a4580fae4013c8662c05e5deca502b1587fd03d84 VeraCrypt_1.19_Source.tar.gz
1e4ec3d63ad1df2d6b4405f6e4b967a3b2bd0c789dfb97093392a9ff1db643e1 VeraCrypt_1.19_Source.tar.gz.sig
6bd6623408694e7b1decea67fc64748e3ab66551c318702f00f508eb1a9b6e25 VeraCrypt_1.19_Source.zip.sig
a443424585d54b72564f390454510c73a5704d3d50fca8613e4ef1d6b61ba3c9 VeraCrypt-Audit-Final-for-Public-Release.pdf
3b1c39a6ba2a00051fd3a88030e7443b1bf67eb8a005864942c70cf1038b5de4 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip
fc47d4ceb6fb4f90b43cc5ae2c0acefebf9ea306b55e25823fa0bad32f64f949 VeraCrypt-DCS-EFI-LGPL_1.19_Source.zip.sig
b209fd4a6168bbfde59507392a3d091974e16b1b0859d91bdb2d62eeeb162937 VeraCrypt Setup 1.19.exe.sig
6d83219228ab080608c4815daf77a57f60b4d0d503d1efcbdcfa9b59b54ba6d1 VeraCrypt User Guide.pdf
40126ace7399addff401eaf4da3bda1392501514c565c43c73bb81d08904a12a VeraCrypt User Guide.pdf.sig
(A little script flipping PS1, for ease of copypasta, is handy in these
situations.)
More information about the cypherpunks
mailing list