VeraCrypt is an open-source fork of the fabled TrueCrypt software. VeraCrypt is software designed to securely encrypt files and entire file systems. VeraCrypt contains updates to TrueCrypt 7.1a that fix some of the issues revealed in the TrueCrypt audit.
OSTIF Goals for VeraCrypt:
Primary goals:
-Establish a bug bounty to encourage close scrutiny by the worldwide security community.
–A follow-up security audit focusing on all changes to the software after the 7.1a audit. This would take place after feature adds and fixes. This was completed and the results released in October 2016.
-Create a grant system to fund the research and development for VeraCrypt in the following areas.
Research – UEFI support. VeraCrypt cannot encrypt entire file systems on devices that have a UEFI-based BIOS. This will require a full rewrite of the boot loader and subsequent audit of the code. VeraCrypt completed this independently in 2016. Although more research is needed in this area.
Research – Non-Western cipher support. In order to gain trust from the entire world, VeraCrypt must implement encryption that is developed all over the world. This builds assurances that ciphers that may meet compromised standards are less likely to fall through the cracks. VeraCrypt completed this independently in 2016.
Stretch goals:
-Research and implement fixes for the minor theoretical vulnerabilities in VeraCrypt that remain unpatched.
-Research and implement UI improvements to make VeraCrypt more accessible.