VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc/html/VeraCrypt RAM Encryption.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/html/VeraCrypt RAM Encryption.html')
-rw-r--r--doc/html/VeraCrypt RAM Encryption.html2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/html/VeraCrypt RAM Encryption.html b/doc/html/VeraCrypt RAM Encryption.html
index 5bfb6aa5..033a4522 100644
--- a/doc/html/VeraCrypt RAM Encryption.html
+++ b/doc/html/VeraCrypt RAM Encryption.html
@@ -53,17 +53,17 @@
<ol>
<li>At Windows startup, the VeraCrypt driver allocates a 1MiB memory region. If this fails, we device the size by two until allocation succeeds (minimal size being 8KiB). All these variables are allocated in non-paged Kernel memory space.</li>
<li>This memory region is then populated with random bytes generated by a CSPRNG based on ChaCha20.</li>
<li>Two random 64-bit integers, <code>HashSeedMask</code> and <code>CipherIVMask</code>, are generated.</li>
<li>For every master key of a volume, the RAM encryption algorithm derives a unique key from a combination of the memory region and unique values extracted from the memory to be encrypted. This ensures a distinct key for each encrypted memory region. The use of location-dependent keys and IVs prevents master keys from being easily extracted from memory dumps.</li>
<li>The master keys are decrypted for every request, requiring a fast decryption algorithm. For this, ChaCha12 is utilized.</li>
<li>Once a volume is mounted, its master keys are immediately encrypted using the described algorithm.</li>
<li>For each I/O request for a volume, the master keys are decrypted only for the duration of that request and then securely wiped.</li>
- <li>Upon volume dismounting, the encrypted master keys are securely removed from memory.</li>
+ <li>Upon volume unmounting, the encrypted master keys are securely removed from memory.</li>
<li>At Windows shutdown or reboot, the memory region allocated during startup is securely wiped.</li>
</ol>
<h3>Protection against Cold Boot Attacks</h3>
<p>
The mitigation of cold boot attacks is achieved by utilizing a large memory page for key derivation. This ensures that attackers cannot recover the master key since parts of this large memory area would likely be corrupted and irrecoverable after shutdown. Further details on cold boot attacks and mitigation techniques can be found in the referenced papers:
</p>