[dm-crypt] cryptsetup --veracrypt opens legacy TrueCrypt volumes

Milan Broz gmazyland at gmail.com
Tue Oct 10 23:25:30 CEST 2017


On 10/10/2017 10:42 PM, segfault wrote:
> I'm currently working on integrating support for unlocking VeraCrypt and
> TrueCrypt via udisks and GNOME Disks. I just noticed that if the
> cryptsetup unlock function is called with the VeraCrypt option, it also
> tries the legacy TrueCrypt modes in addition to the VeraCrypt modes. As
> a result, it is possible to unlock legacy TrueCrypt volumes even if the
> VeraCrypt option is used. This makes things easier for me, because I
> don't have to ask the user to tell me if the volume is VeraCrypt or
> TrueCrypt. I just want to make sure: Is this expected behavior and can I
> rely on this staying this way?

Yes, it is intentional.

The Veracrypt switch just adds new modes to check (and new signature)
but all Truecrypt modes are checked as well.

The reason it is separated is that opening Veracypt volumes can take very long time
(because of increased number of iterations). Try to open some volume with
wrong password (and add --debug to see how it iterates through all possible algorithms).

Milan


More information about the dm-crypt mailing list