<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>

<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>

<meta name="keywords" content="encryption, security"/>

<link href="styles.css" rel="stylesheet" type="text/css" />

</head>

<body>

<div>

</div>

<div id="menu">

<ul>

<li><a href="Home.html">Home</a></li>

<li><a href="/code/">Source Code</a></li>

<li><a href="Downloads.html">Downloads</a></li>

<li><a class="active" href="Documentation.html">Documentation</a></li>

<li><a href="Donation.html">Donate</a></li>

<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

</ul>

</div>

<div>

<p>

<a href="Documentation.html">Documentation</a>

<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

<a href="Plausible%20Deniability.html">Plausible Deniability</a>

<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

<a href="Hidden%20Volume.html">Hidden Volume</a>

<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">Security Requirements for Hidden Volumes</a>

</p></div>

<div class="wikidoc">

<h1>Security Requirements and Precautions Pertaining to Hidden Volumes</h1>

<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

If you use a <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">

hidden VeraCrypt volume</a>, you must follow the security requirements and precautions listed below in this section. Disclaimer: This section is not guaranteed to contain a list of

<em style="text-align:left">all</em> security issues and attacks that might adversely affect or limit the ability of VeraCrypt to secure data stored in a hidden VeraCrypt volume and the ability to provide plausible deniability.</div>

<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">

hidden volume</a> (e.g., create/copy new files to the hidden volume or modify/delete/rename/move files stored on the hidden volume, etc.), the contents of sectors (ciphertext) in the hidden volume area will change. After being given the password to the outer

volume, the adversary might demand an explanation why these sectors changed. Your failure to provide a plausible explanation might indicate the existence of a hidden volume within the outer volume.<br style="text-align:left">

<br style="text-align:left">

Note that issues similar to the one described above may also arise, for example, in the following cases:<br style="text-align:left">

<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

The file system in which you store a file-hosted VeraCrypt container has been defragmented and a copy of the VeraCrypt container (or of its fragment) remains in the free space on the host volume (in the defragmented file system). To prevent this, do one of

the following:

<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

Securely erase free space on the host volume (in the defragmented file system) after defragmenting. On Windows, this can be done using the Microsoft

<a href="https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx">free utility SDelete</a>. On Linux, the

<em>shred</em> utility from GNU coreutils package can be used for this purpose. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

Do not defragment file systems in which you store VeraCrypt volumes. </li></ul>

</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">

A file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS). A&nbsp;copy of the VeraCrypt container (or of its fragment) may remain on the host volume. To prevent this, do one the following:

<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">