diff options
-rw-r--r-- | doc/chm/VeraCrypt User Guide.chm | bin | 3156763 -> 3158861 bytes | |||
-rw-r--r-- | doc/html/Command Line Usage.html | 2 | ||||
-rw-r--r-- | doc/html/Creating New Volumes.html | 2 | ||||
-rw-r--r-- | doc/html/Program Menu.html | 14 |
4 files changed, 9 insertions, 9 deletions
diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm Binary files differindex cef4f98c..20748492 100644 --- a/doc/chm/VeraCrypt User Guide.chm +++ b/doc/chm/VeraCrypt User Guide.chm diff --git a/doc/html/Command Line Usage.html b/doc/html/Command Line Usage.html index 4b8f828d..c463b04c 100644 --- a/doc/html/Command Line Usage.html +++ b/doc/html/Command Line Usage.html @@ -291,9 +291,9 @@ It has no parameters and it indicates that no message box or dialog will be disp <td>Perform quick formatting of volumes instead of full formatting. This applies to both UI and command line.</td> </tr> <tr> <td>/FastCreateFile</td> -<td>Use a faster but potentially insecure way to create file containers. This applies to both UI and command line.</td> +<td>Enables a faster, albeit potentially insecure, method for creating file containers. This option carries security risks as it can embed existing disk content into the file container, possibly exposing sensitive data if an attacker gains access to it. Note that this switch affects all file container creation methods, whether initiated from the command line, using the /create switch, or through the UI wizard.</td> </tr> <tr> <td><em>/protectMemory</em> </td> <td>Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.</td> diff --git a/doc/html/Creating New Volumes.html b/doc/html/Creating New Volumes.html index 5c235c10..7fe6144e 100644 --- a/doc/html/Creating New Volumes.html +++ b/doc/html/Creating New Volumes.html @@ -58,9 +58,9 @@ Note that the output of a hash function is <em>never </em>used directly as an en <a href="Encryption%20Algorithms.html"><em>Encryption Algorithms</em></a>.</p> <h3 id="QuickFormat">Quick Format</h3> <p>If unchecked, each sector of the new volume will be formatted. This means that the new volume will be <em>entirely </em>filled with random data. Quick format is much faster but may be less secure because until the whole volume has been filled with files, it may be possible to tell how much data it contains (if the space was not filled with random data beforehand). - If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices.</p> + If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices, except on Windows where it is also available when creating file containers.</p> <p>Important: When encrypting a partition/device within which you intend to create a hidden volume afterwards, leave this option unchecked.</p> <h3 id="dynamic">Dynamic</h3> <p>Dynamic VeraCrypt container is a pre-allocated NTFS sparse file whose physical size (actual disk space used) grows as new data is added to it. Note that the physical size of the container (actual disk space that the container uses) will not decrease when files are deleted on the VeraCrypt volume. The physical size of the container can only diff --git a/doc/html/Program Menu.html b/doc/html/Program Menu.html index 02ee86e6..c7ea0534 100644 --- a/doc/html/Program Menu.html +++ b/doc/html/Program Menu.html @@ -133,25 +133,25 @@ Rescue Disk</a>.</p> <p>Both types of header backups (embedded and external) can be used to repair a damaged volume header. To do so, click <em>Select Device</em> or <em>Select File</em>, select the volume, select <em>Tools</em> -> <em>Restore Volume Header</em>, and then follow the instructions.<br> <br> -WARNING: Restoring a volume header also restores the volume password that was valid when the backup was created. Moreover, if keyfile(s) are/is necessary to mount a volume when the backup is created, the same keyfile(s) will be necessary to mount the volume +WARNING: Restoring a volume header also restores the volume password and PIM that were valid when the backup was created. Moreover, if keyfile(s) are/is necessary to mount a volume when the backup is created, the same keyfile(s) will be necessary to mount the volume again after the volume header is restored. For more information, see the section <a href="Encryption%20Scheme.html"><em>Encryption Scheme</em></a> in the chapter <a href="Technical%20Details.html"><em>Technical Details</em></a>.<br> <br> -After you create a volume header backup, you might need to create a new one only when you change the volume password and/or keyfiles. Otherwise, the volume header remains unmodified so the volume header backup remains up-to-date.</p> +After you create a volume header backup, you might need to create a new one only when you change the volume password and/or keyfiles, or when you change the PIM value. Otherwise, the volume header remains unmodified so the volume header backup remains up-to-date.</p> <p>Note: Apart from salt (which is a sequence of random numbers), external header backup files do not contain any unencrypted information and they cannot be decrypted without knowing the correct password and/or supplying the correct keyfile(s). For more information, see the chapter <a href="Technical%20Details.html"> <em>Technical Details</em></a>.</p> <p>When you create an external header backup, both the standard volume header and the area where a hidden volume header can be stored is backed up, even if there is no hidden volume within the volume (to preserve plausible deniability of hidden volumes). If there is no hidden volume within the volume, the area reserved for the hidden volume header in the backup file will be filled with random data (to preserve plausible deniability).<br> <br> When <em>restoring</em> a volume header, you need to choose the type of volume whose header you wish to restore (a standard or hidden volume). Only one volume header can be restored at a time. To restore both headers, you need to use the function twice (<em>Tools</em> - -> <em>Restore Volume Header</em>). You will need to enter the correct password (and/or to supply the correct keyfiles) that was/were valid when the volume header backup was created. The password (and/or keyfiles) will also automatically determine the type + -> <em>Restore Volume Header</em>). You will need to enter the correct password (and/or to supply the correct keyfiles) and the non-default PIM value, if applicable, that were valid when the volume header backup was created. The password (and/or keyfiles) and PIM will also automatically determine the type of the volume header to restore, i.e. standard or hidden (note that VeraCrypt determines the type through the process of trial and error).<br> <br> -Note: If the user fails to supply the correct password (and/or keyfiles) twice in a row when trying to mount a volume, VeraCrypt will automatically try to mount the volume using the embedded backup header (in addition to trying to mount it using the primary +Note: If the user fails to supply the correct password (and/or keyfiles) and/or the correct non-default PIM value twice in a row when trying to mount a volume, VeraCrypt will automatically try to mount the volume using the embedded backup header (in addition to trying to mount it using the primary header) each subsequent time that the user attempts to mount the volume (until he or she clicks <em>Cancel</em>). If VeraCrypt fails to decrypt the primary header but it successfully decrypts the embedded backup header at the same time, the volume is mounted and the user is warned that the volume header is damaged (and informed as to how to repair it).</p> <h3 id="Settings-Performance">Settings -> Performance and Driver Options</h3> <p>Invokes the Performance dialog window, where you can change enable or disable AES Hardware acceleration and thread based parallelization. You can also change the following driver option:</p> @@ -163,12 +163,12 @@ Enabling this option brings VeraCrypt volumes behavior much closer to that of ph Disable this option if you experience stability issues (like volume access issues or system BSOD) which can be caused by poorly written software and drivers.</p> <h3>Settings -> Preferences</h3> <p>Invokes the Preferences dialog window, where you can change, among others, the following options:</p> <h4>Wipe cached passwords on exit</h4> -<p>If enabled, passwords (which may also contain processed keyfile contents) cached in driver memory will be cleared when VeraCrypt exits.</p> +<p>If enabled, passwords (which may also contain processed keyfile contents) and PIM values cached in driver memory will be cleared when VeraCrypt exits.</p> <h4>Cache passwords in driver memory</h4> -<p>When checked, passwords and/or processed keyfile contents for up to last four successfully mounted VeraCrypt volumes are cached. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. VeraCrypt never saves - any password to a disk (however, see the chapter <a href="Security%20Requirements%20and%20Precautions.html"> +<p>When checked, passwords and/or processed keyfile contents for up to last four successfully mounted VeraCrypt volumes are cached. If the 'Include PIM when caching a password' option is enabled in the Preferences, non-default PIM values are cached alongside the passwords. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. VeraCrypt never saves + any password or PIM values to a disk (however, see the chapter <a href="Security%20Requirements%20and%20Precautions.html"> <em>Security Requirements and Precautions</em></a>). Password caching can be enabled/disabled in the Preferences (<em>Settings</em> -> <em>Preferences</em>) and in the password prompt window. If the system partition/drive is encrypted, caching of the pre-boot authentication password can be enabled or disabled in the system encryption settings (<em>Settings</em> > ‘<em>System Encryption</em>’).</p> <h4>Temporary Cache password during "Mount Favorite Volumes" operations</h4> <p>When this option is unchecked (this is the default), VeraCrypt will display the password prompt window for every favorite volume during the execution of the "Mount Favorite Volumes" operation and each password is erased once the volume is mounted (unless |