Quarkslab made a security assessment of VeraCrypt 1.18.18. The audit was funded by OSTIF and was performed by two engineers between Aug. 16 and Sep. 14, 2016 for a total of 32 man-days of study. A critical vulnerability, related to cryptography, has been identified and will be fixed in version 1.19. Keyfile mixing is not cryptographically sound: the way the keyfiles are mixed to derive secret data relies on non-cryptographic mechanisms.”]
Source: https://blog.quarkslab.com/security-assessment-of-veracrypt-fixes-and-evolutions-from-truecrypt.html

