<p>* If the size of the active partition is less than 256 MB, then the data is read from the

<em>second</em> partition behind the active one (Windows 7 and later, by default, do not boot from the partition on which they are installed).</p>

<p>&dagger; These parameters are kept secret <em>not</em> in order to increase the complexity of an attack, but primarily to make VeraCrypt volumes unidentifiable (indistinguishable from random data), which would be difficult to achieve if these parameters

<em>is</em> known (it can be determined by analyzing the contents of the unencrypted VeraCrypt Boot Loader stored in the first logical drive track or on the VeraCrypt Rescue Disk).</p>

<p>** The master keys were generated during the volume creation and cannot be changed later. Volume password change is accomplished by re-encrypting the volume header using a new header key (derived from a new password).</p>

<p>&nbsp;</p>