VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/chm/VeraCrypt User Guide.chmbin1973801 -> 1974227 bytes
-rw-r--r--doc/html/System Encryption.html3
-rw-r--r--doc/html/Unencrypted Data in RAM.html4
3 files changed, 6 insertions, 1 deletions
diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm
index 870f5914..f2f1c5ce 100644
--- a/doc/chm/VeraCrypt User Guide.chm
+++ b/doc/chm/VeraCrypt User Guide.chm
Binary files differ
diff --git a/doc/html/System Encryption.html b/doc/html/System Encryption.html
index 676c2e19..ed92c717 100644
--- a/doc/html/System Encryption.html
+++ b/doc/html/System Encryption.html
@@ -65,7 +65,8 @@ Because of BIOS requirement, the pre-boot password is typed using <strong>US key
65</strong>During the system encryption process, VeraCrypt automatically and transparently switches the keyboard to US layout in order to ensure that the password value typed will match the one typed in pre-boot mode. Thus, in order to avoid wrong password errors, 65</strong>During the system encryption process, VeraCrypt automatically and transparently switches the keyboard to US layout in order to ensure that the password value typed will match the one typed in pre-boot mode. Thus, in order to avoid wrong password errors,
66 one must type the password using the same keys as when creating the system encryption.</div> 66 one must type the password using the same keys as when creating the system encryption.</div>
67<p>Note: By default, Windows 7 and later boot from a special small partition. The partition contains files that are required to boot the system. Windows allows only applications that have administrator privileges to write to the partition (when the system is 67<p>Note: By default, Windows 7 and later boot from a special small partition. The partition contains files that are required to boot the system. Windows allows only applications that have administrator privileges to write to the partition (when the system is
68 running). VeraCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).</p> 68 running). In EFI boot mode, which is the default on modern PCs, VeraCrypt can not encrypt this partition since it must remain unencrypted so that the BIOS can load the EFI bootloader from it. This in turn implies that in EFI boot mode, VeraCrypt offers only to encrypt the system partition where Windows is installed (the user can later manualy encrypt other data partitions using VeraCrypt).
69 In MBR legacy boot mode, VeraCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).</p>
69<p>&nbsp;</p> 70<p>&nbsp;</p>
70<p><a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p> 71<p><a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p>
71</div> 72</div>
diff --git a/doc/html/Unencrypted Data in RAM.html b/doc/html/Unencrypted Data in RAM.html
index 8917867a..74651c0c 100644
--- a/doc/html/Unencrypted Data in RAM.html
+++ b/doc/html/Unencrypted Data in RAM.html
@@ -48,6 +48,10 @@ Inherently, unencrypted master keys have to be stored in RAM too. When a non-sys
48 cleanly restarted), or when the system crashes, <strong style="text-align:left"> 48 cleanly restarted), or when the system crashes, <strong style="text-align:left">
49VeraCrypt naturally stops running and therefore cannot </strong>erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be 49VeraCrypt naturally stops running and therefore cannot </strong>erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be
50 reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.**</div> 50 reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.**</div>
51<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
52Starting from version 1.24, VeraCrypt introduces a mechanism to encrypt master keys and cached passwords in RAM. This RAM encryption mechanism must be activated manually in "Performance/Driver Configuration" dialog. RAM encryption comes with a performance overhead (between 5% and 15% depending on the CPU speed) and it disables Windows hibernate. <br>
53Moreover, VeraCrypt 1.24 and above provide an additional security mechanism when system encryption is used that makes VeraCrypt erase master keys from RAM when a new device is connected to the PC. This additional mechanism can be activated using an option in System Settings dialog.<br/>
54Even though both above mechanisms provides strong protection for masterskeys and cached password, users should still take usual precautions related for the safery of sensitive data in RAM.</div>
51<table style="border-collapse:separate; border-spacing:0px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif"> 55<table style="border-collapse:separate; border-spacing:0px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif">
52<tbody style="text-align:left"> 56<tbody style="text-align:left">
53<tr style="text-align:left"> 57<tr style="text-align:left">