On Linux or Mac OS X, if you intend to create a hidden volume within a file-hosted VeraCrypt volume, make sure that the volume is not sparse-file-hosted (the Windows version of VeraCrypt verifies this and disallows creation of hidden volumes within sparse files). On Windows, make sure you have not deleted any files within a volume within which you intend to create a hidden volume (the cluster bitmap scanner does not detect deleted files). Make sure that Quick Format is disabled when encrypting a partition/device within which you intend to create a hidden volume. How to Back Up Securely and in the section You back up content of a hidden volume by cloning its host volume or create a new hidden volume by cloning its host volume. Prone to such wear, please refer to documentation supplied with the device or contact the vendor/manufacturer. Therefore, do not store hidden volumes on such devices/filesystems. The device/system or contact the vendor/manufacturer.Ī VeraCrypt volume resides on a device that is prone to wear (it is possible to determine that a block has been written/read more times than another block). To find out whether a device/system saves such data, please refer to documentation supplied with the value of a timer or counter) that can be used to determine that a block had been writtenĮarlier than another block and/or to determine how many times a block has been written/read. Therefore, do not store hidden volumes on such devices/filesystems.įor more information on wear-leveling, see the sectionĪ VeraCrypt volume resides on a device/filesystem that saves data (or on a device/filesystem that is controlled or monitored by a system/device that saves data) (e.g. A copy of (a fragment of) the VeraCrypt volume may remain on the device. Store the container in a non-journaling file system (for example, FAT32).Ī VeraCrypt volume resides on a device/filesystem that utilizes a wear-leveling mechanism (e.g. A copy of the VeraCrypt container (or of its fragment) may remain on the host volume. Shred utility from GNU coreutils package can be used for this purpose.ĭo not defragment file systems in which you store VeraCrypt volumes.Ī file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS). On Windows, this can be done using the Microsoft Securely erase free space on the host volume (in the defragmented file system) after defragmenting. Use a partition/device-hosted VeraCrypt volume instead of file-hosted. The file system in which you store a file-hosted VeraCrypt container has been defragmented and a copy of the VeraCrypt container (or of its fragment) remains in the free space on the host volume (in the defragmented file system). Note that issues similar to the one described above may also arise, for example, in the following cases: Your failure to provide a plausible explanation might indicate the existence of a hidden volume within the outer volume. Volume, the adversary might demand an explanation why these sectors changed. After being given the password to the outer Hidden volume (e.g., create/copy new files to the hidden volume or modify/delete/rename/move files stored on the hidden volume, etc.), the contents of sectors (ciphertext) in the hidden volume area will change. If an adversary has access to a (dismounted) VeraCrypt volume at several points over time, he may be able to determine which sectors of the volume are changing. Disclaimer: This section is not guaranteed to contain a list ofĪll security issues and attacks that might adversely affect or limit the ability of VeraCrypt to secure data stored in a hidden VeraCrypt volume and the ability to provide plausible deniability. Hidden VeraCrypt volume, you must follow the security requirements and precautions listed below in this section.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |