VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc/html/FAQ.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/html/FAQ.html')
-rw-r--r--doc/html/FAQ.html59
1 files changed, 47 insertions, 12 deletions
diff --git a/doc/html/FAQ.html b/doc/html/FAQ.html
index 8bb3df05..e310f3e8 100644
--- a/doc/html/FAQ.html
+++ b/doc/html/FAQ.html
@@ -1,34 +1,34 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
-<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="/code/">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="FAQ.html">Frequently Asked Questions</a>
</p></div>
@@ -48,42 +48,41 @@ Yes. There are generally no conflicts between TrueCrypt and VeraCrypt, thus they
running the following command in an elevated command prompt (using Run as an administrator) before mounting any volume:
<strong>mountvol.exe /r</strong>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Can I use my TrueCrypt volumes in VeraCrypt?</strong></div>
Yes. Starting from version 1.0f, VeraCrypt supports mounting TrueCrypt volumes.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Can I convert my TrueCrypt volumes to VeraCrypt format?</strong></div>
Yes. Starting from version 1.0f, VeraCrypt offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format. This can achieved using the &quot;Change Volume Password&quot; or &quot;Set Header Key Derivation Algorithm&quot; actions. Just check
the &quot;TrueCrypt Mode&quot;, enter you TrueCrypt password and perform the operation. After that, you volume will have the VeraCrypt format.<br>
Before doing the conversion, it is advised to backup the volume header using TrueCrypt. You can delete this backup safely once the conversion is done and after checking that the converted volume is mounted properly by VeraCrypt.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">What's the difference between TrueCrypt and VeraCrypt?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.<br>
It also solves many vulnerabilities and security issues found in TrueCrypt.<br>
As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use
<span style="text-decoration:underline">327661</span>. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses
-<span style="text-decoration:underline">655331 </span>for RIPEMD160 and <span style="text-decoration:underline">
-500000 </span>iterations for SHA-2 and Whirlpool.<br>
+<span style="text-decoration:underline">500000 </span>iterations.<br>
This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted
data.</div>
</div>
<br id="PasswordLost" style="text-align:left">
<strong style="text-align:left">I forgot my password &ndash; is there any way ('backdoor') to recover the files from my VeraCrypt volume?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
We have not implemented any 'backdoor' in VeraCrypt (and will never implement any even if asked to do so by a government agency), because it would defeat the purpose of the software. VeraCrypt does not allow decryption of data without knowing the correct password
or key. We cannot recover your data because we do not know and cannot determine the password you chose or the key you generated using VeraCrypt. The only way to recover your files is to try to &quot;crack&quot; the password or the key, but it could take thousands or
millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). Back in 2010, there was news about the
<a href="http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html" target="_blank">
FBI failing to decrypt a TrueCrypt volume after a year of trying</a>. While we can't verify if this is true or just a &quot;psy-op&quot; stunt, in VeraCrypt we have increased the security of the key derivation to a level where any brute-force of the password is virtually
impossible, provided that all security requirements are respected.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Is there a &quot;Quick Start Guide&quot; or some tutorial for beginners?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes. The first chapter, <strong style="text-align:left"><a href="Beginner%27s%20Tutorial.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">Beginner's Tutorial</a></strong>, in the VeraCrypt
User Guide contains screenshots and step-by-step instructions on how to create, mount, and use a VeraCrypt volume.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
@@ -117,41 +116,41 @@ This can also be caused by some hardware drivers and other software that access
<strong style="text-align:left">Can I directly play a video (.avi, .mpg, etc.) stored on a VeraCrypt volume?</strong></div>
</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, VeraCrypt-encrypted volumes are like normal disks. You provide the correct password (and/or keyfile) and mount (open) the VeraCrypt volume. When you double click the icon of the video file, the operating system launches the application associated with
the file type &ndash; typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, VeraCrypt is automatically
decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to
RAM (memory) and the process repeats.<br style="text-align:left">
<br style="text-align:left">
The same goes for video recording: Before a chunk of a video file is written to a VeraCrypt volume, VeraCrypt encrypts it in RAM and then writes it to the disk. This process is called on-the-fly encryption/decryption and it works for all file types (not only
for video files).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Will VeraCrypt be open-source and free forever?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, it will. We will never create a commercial version of VeraCrypt, as we believe in open-source and free security software.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Is it possible to donate to the VeraCrypt project?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes. You can use the donation buttons at <a href="https://www.veracrypt.fr/en/Donation.html" target="_blank">
-https://www.veracrypt.fr/en/donation/</a>.</div>
+https://www.veracrypt.fr/en/Donation.html</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Why is VeraCrypt open-source? What are the advantages?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
As the source code for VeraCrypt is publicly available, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. If the source code were not available, reviewers would need to reverse-engineer the executable
files. However, analyzing and understanding such reverse-engineered code is so difficult that it is practically
<em style="text-align:left">impossible</em> to do (especially when the code is as large as the VeraCrypt code).<br style="text-align:left">
<br style="text-align:left">
Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret 'backdoor'.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">VeraCrypt is open-source, but has anybody actually reviewed the source code?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes. An <a href="http://blog.quarkslab.com/security-assessment-of-veracrypt-fixes-and-evolutions-from-truecrypt.html" target="_blank">
audit</a> has been performed by <a href="https://quarkslab.com/" target="_blank">
Quarkslab</a>. The technical report can be downloaded from <a href="http://blog.quarkslab.com/resources/2016-10-17-audit-veracrypt/16-08-215-REP-VeraCrypt-sec-assessment.pdf">here</a>. VeraCrypt 1.19 addressed the issues found by this audit.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">As VeraCrypt is open-source software, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. Can they also verify that the official executable files were built from the
published source code and contain no additional code?</strong></div>
@@ -507,48 +506,40 @@ See the question '<em style="text-align:left"><a href="#changing-filesystem" sty
Yes, when mounted, VeraCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. VeraCrypt volumes behave as standard disk devices so you can right-click the device icon (for example in the '<em style="text-align:left">Computer</em>'
or '<em style="text-align:left">My Computer</em>' list) and select '<em style="text-align:left">Format</em>'. The actual volume contents will be lost. However, the whole volume will remain encrypted. If you format a VeraCrypt-encrypted partition when the VeraCrypt
volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Is it possible to mount a VeraCrypt container that is stored on a CD or DVD?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes. However, if you need to mount a VeraCrypt volume that is stored on a read-only medium (such as a CD or DVD) under Windows 2000, the file system within the VeraCrypt volume must be FAT (Windows 2000 cannot mount an NTFS file system on read-only media).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Is it possible to change the password for a hidden volume?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, the password change dialog works both for standard and <a href="Hidden%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden volumes</a>. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' dialog.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px; font-size:10px; line-height:12px">
Remark: VeraCrypt first attempts to decrypt the standard <a href="VeraCrypt%20Volume%20Format%20Specification.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
volume header</a> and if it fails, it attempts to decrypt the area within the volume where the hidden volume header may be stored (if there is a hidden volume within). In case it is successful, the password change applies to the hidden volume. (Both attempts
use the password typed in the 'Current Password' field.)</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
-<strong style="text-align:left">When I use HMAC-RIPEMD-160, is the size of the header encryption key only 160 bits?</strong></div>
-<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-No, VeraCrypt never uses an output of a hash function (nor of a HMAC algorithm) directly as an encryption key. See the section
-<a href="Header%20Key%20Derivation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
-Header Key Derivation, Salt, and Iteration Count</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
-documentation</a> for more information.</div>
-<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-<br style="text-align:left">
<strong style="text-align:left">How do I burn a VeraCrypt container larger than 2 GB onto a DVD?</strong><br style="text-align:left">
<br style="text-align:left">
The DVD burning software you use should allow you to select the format of the DVD. If it does, select the UDF format (ISO format does not support files larger than 2 GB).</div>
<div id="disk_defragmenter" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Can I use tools like <em style="text-align:left">
chkdsk</em>, Disk Defragmenter, etc. on the contents of a mounted VeraCrypt volume?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, VeraCrypt volumes behave like real physical disk devices, so it is possible to use any filesystem checking/repairing/defragmenting tools on the contents of a mounted VeraCrypt volume.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Does VeraCrypt support 64-bit versions of Windows?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, it does. <span style="text-align:left; font-size:10px; line-height:12px">Note: 64-bit versions of Windows load only drivers that are digitally signed with a digital certificate issued by a certification authority approved for issuing kernel-mode code signing
certificates. VeraCrypt complies with this requirement (the VeraCrypt driver is <a href="Digital%20Signatures.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
digitally signed</a> with the digital certificate of IDRIX, which was issued by the certification authority Thawte).</span></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Can I mount my VeraCrypt volume under Windows, Mac OS X, and Linux?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
@@ -711,24 +702,68 @@ documentation</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">How can I perform a Windows built-in backup on a VeraCrypt volume? The VeraCrypt volume doesn't show up in the list of available backup paths.<br>
</strong>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Windows built-in backup utility looks only for physical driver, that's why it doesn't display the VeraCrypt volume. Nevertheless, you can still backup on a VeraCrypt volume by using a trick: activate sharing on the VeraCrypt volume through Explorer interface
(of course, you have to put the correct permission to avoid unauthorized access) and then choose the option &quot;Remote shared folder&quot; (it is not remote of course but Windows needs a network path). There you can type the path of the shared drive (for example \\ServerName\sharename)
and the backup will be configured correctly.</div>
</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Is the encryption used by VeraCrypt vulnerable to Quantum attacks?</strong>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
VeraCrypt uses block ciphers (AES, Serpent, Twofish) for its encryption. Quantum attacks against these block ciphers are just a faster brute-force since the best know attack against these algorithms is exhaustive search (related keys attacks are irrelevant
to our case because all keys are random and independent from each other).<br>
Since VeraCrypt always uses 256-bit random and independent keys, we are assured of a 128-bit security<br>
level against quantum algorithms which makes VeraCrypt encryption immune to such attacks.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong>How to make a VeraCrypt volume available for Windows Search indexing?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
In order to be able to index a VeraCrypt volume through Windows Search, the volume must be mounted at boot time (System Favorite) or the Windows Search services must be restart after the volume is mounted. This is needed because Windows Search can only index
drives that are available when it starts.</div>
+ <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<strong>I'm encountering an "Operation not permitted" error with VeraCrypt on macOS when trying to mount a file container. How can I resolve this?</strong></div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+
+<p>This specific error, which appears in the form "Operation not permitted: /var/folders/w6/d2xssyzx.../T/.veracrypt_aux_mnt1/control VeraCrypt::File::Open:232", has been reported by some users. It is the result of macOS not granting the necessary permissions to VeraCrypt. Here are a couple of solutions you can try:</p>
+
+<ul>
+<li>A. Granting Full Disk Access to VeraCrypt:
+<p>
+<ol>
+ <li>Go to <code>Apple Menu</code> > <code>System Settings</code>.</li>
+ <li>Click on the <code>Privacy & Security</code> tab.</li>
+ <li>Scroll down and select <code>Full Disk Access</code>.</li>
+ <li>Click the <code>+</code> button, navigate to your Applications folder, select <code>VeraCrypt</code>, and click <code>Open</code>.</li>
+ <li>Ensure that the checkbox next to VeraCrypt is ticked.</li>
+ <li>Close the System Settings window and try using VeraCrypt again.</li>
+</p>
+</ol>
+</li>
+<li>B. Using the sudo approach to launch VeraCrypt:
+<p>You can launch VeraCrypt from the Terminal using elevated permissions:
+
+<pre>
+sudo /Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt
+</pre>
+
+Running VeraCrypt with sudo often bypasses certain permission-related issues, but it's always a good practice to grant the necessary permissions via the system settings whenever possible.</p>
+</li>
+</ul>
+</div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<strong style="text-align:left">Why does VeraCrypt show an unknown device in its list that doesn't appear as a physical disk in Windows Disk Management or in DiskPart output?</strong></div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<p>
+Starting from Windows 10 version 1903 and later, Microsoft introduced a feature called <b>Windows Sandbox</b>. This is an isolated environment designed to run untrusted applications safely. As part of this feature, Windows generates a dynamic virtual hard disk (VHDX) which represents a clean Windows installation. This VHDX contains a base system image, user data, and the runtime state, and its size can vary depending on system configurations and usage.
+</p>
+<p>
+When VeraCrypt enumerates devices on a system, it identifies all available disk devices using device path formats like <b>\Device\HardDiskX\PartitionY</b>. VeraCrypt lists these devices, including virtual ones such as those associated with Windows Sandbox, without making distinctions based on their physical or virtual nature. Therefore, you might observe an unexpected device in VeraCrypt, even if it doesn't appear as a physical disk in tools like diskpart.
+</p>
+<p>
+For more details on the Windows Sandbox feature and its associated virtual hard disk, you can refer to this <a href="https://techcommunity.microsoft.com/t5/windows-os-platform-blog/windows-sandbox/ba-p/301849">official Microsoft article</a>.
+</p>
+</div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">I haven't found any answer to my question in the FAQ &ndash; what should I do?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Please search the VeraCrypt documentation and website.</div>
</div><div class="ClearBoth"></div></body></html>