All OSes:
Security: Ensure that XTS primary key is different from the secondary key when creating volumes
Issue unlikely to happen thanks to random generator properties but this check must be added to prevent attacks
Reference: CCSS,NSA comment at page 3:
https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf Remove TrueCrypt Mode support. Version 1.25.9 can be used to mount or convert TrueCrypt volumes.
Complete removal of RIPEMD160 and GOST89 algorithms. Legacy volumes using any of them cannot be mounted by VeraCrypt anymore.
Add support for BLAKE2s as new PRF algorithm for both system encryption and standard volumes.
Introducing support for EMV banking smart cards as keyfiles for non-system volumes.
No need for a separate PKCS#11 module configuration.
Card PIN isn't required.
Generates secure keyfile content from unique, encoded data present on the banking card.
Supports all EMV standard-compliant banking cards.
Can be enabled in settings (go to Settings->Security Tokens).
Developed by a team of students from the Institut national des sciences appliquées de Rennes.
More details about the team and the project are available at
https://projets-info.insa-rennes.fr/projets/2022/VeraCrypt/index_en.html.
When overwriting an existing file container during volume creation, add its current size to the available free space
Add Corsican language support. Update several translations.
Update documentation
Windows:
Officially, the minimum supported version is now <strong>Windows 10</strong>. VeraCrypt may still run on Windows 7 and Windows 8/8.1, but no active tests are done on these platforms.
EFI Bootloader:
Fix bug in PasswordTimeout value handling that caused it to be limited to 255 seconds.
Rescue Disk: enhance "Boot Original Windows Loader" by using embedded backup of original Windows loader if it is missing from disk
Addition of Blake2s and removal of RIPEMD160 & GOST89
Enable memory protection by default. Add option under Performance/Driver Configuration to disable it if needed.
Memory protection blocks non-admin processes from reading VeraCrypt memory
It may block Screen Readers (Accessibility support) from reading VeraCrypt UI, in which case it can be disabled
It can be disabled by setting registry value "VeraCryptEnableMemoryProtection" to 0 under "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesveracrypt"
Add process mitigation policy to prevent VeraCrypt from being injected by other processes
Minor enhancements to RAM Encryption implementation
Fix Secure Desktop issues under Windows 11 22H2
Implement support for mounting partially encrypted system partitions.
Fix false positive detection of new device insertion when Clear Encryption Keys option is enable (System Encryption case only)
Better implementation of Fast Create when creating file containers that uses UAC to request required privilege if not already held
Allow choosing Fast Create in Format Wizard UI when creating file containers
Fix formatting issues during volume creation on some machines.
Fix stall issue caused by Quick Format of large file containers
Add dropdown menu to Mount button to allow mounting without using the cache.
Possible workaround for logarithmic slowdown for Encrypt-In-Place on large volumes.
Make Expander first check file existence before proceeding further
Allow selecting size unit (KB/MB/GB) for generated keyfiles
Display full list of supported cluster sizes for NTFS, ReFS and exFAT filesystems when creating volumes
Support drag-n-drop of files and keyfiles in Expander.
Implement translation of Expander UI
Replace legacy file/dir selection APIs with modern IFileDialog interface for better Windows 11 compatibility
Enhancements to dependency dlls safe loading, including delay loading.
Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.
Add support for more language in the setup installer
Update LZMA library to version 23.01
Update libzip to version 1.10.1 and zlib to version 1.3.
