VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/chm/VeraCrypt User Guide.chmbin3239954 -> 3240215 bytes
-rw-r--r--doc/chm/VeraCrypt.hhc4
-rw-r--r--doc/html/Beginner's Tutorial.html6
-rw-r--r--doc/html/Command Line Usage.html14
-rw-r--r--doc/html/Documentation.html2
-rw-r--r--doc/html/FAQ.html8
-rw-r--r--doc/html/Hibernation File.html2
-rw-r--r--doc/html/Hidden Volume.html2
-rw-r--r--doc/html/Incompatibilities.html2
-rw-r--r--doc/html/Introduction.html2
-rw-r--r--doc/html/Issues and Limitations.html8
-rw-r--r--doc/html/Main Program Window.html22
-rw-r--r--doc/html/Multi-User Environment.html6
-rw-r--r--doc/html/Normal Unmount vs Force Unmount.html (renamed from doc/html/Normal Dismount vs Force Dismount.html)32
-rw-r--r--doc/html/Portable Mode.html4
-rw-r--r--doc/html/Program Menu.html16
-rw-r--r--doc/html/Protection of Hidden Volumes.html10
-rw-r--r--doc/html/Release Notes.html35
-rw-r--r--doc/html/Removable Medium Volume.html4
-rw-r--r--doc/html/Removing Encryption.html2
-rw-r--r--doc/html/Security Model.html8
-rw-r--r--doc/html/Security Requirements for Hidden Volumes.html2
-rw-r--r--doc/html/Sharing over Network.html2
-rw-r--r--doc/html/System Favorite Volumes.html4
-rw-r--r--doc/html/Troubleshooting.html2
-rw-r--r--doc/html/Unencrypted Data in RAM.html14
-rw-r--r--doc/html/Using VeraCrypt Without Administrator Privileges.html2
-rw-r--r--doc/html/VeraCrypt Background Task.html2
-rw-r--r--doc/html/VeraCrypt Hidden Operating System.html2
-rw-r--r--doc/html/VeraCrypt RAM Encryption.html2
-rw-r--r--doc/html/ru/Command Line Usage.html2
-rw-r--r--doc/html/ru/Documentation.html2
-rw-r--r--doc/html/ru/Normal Unmount vs Force Unmount.html (renamed from doc/html/ru/Normal Dismount vs Force Dismount.html)4
-rw-r--r--doc/html/ru/Release Notes.html21
34 files changed, 146 insertions, 104 deletions
diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm
index 345a0208..8c84c380 100644
--- a/doc/chm/VeraCrypt User Guide.chm
+++ b/doc/chm/VeraCrypt User Guide.chm
Binary files differ
diff --git a/doc/chm/VeraCrypt.hhc b/doc/chm/VeraCrypt.hhc
index 57e101b2..3c2223c7 100644
--- a/doc/chm/VeraCrypt.hhc
+++ b/doc/chm/VeraCrypt.hhc
@@ -79,42 +79,42 @@
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Hidden Operating System">
<param name="Local" value="VeraCrypt Hidden Operating System.html">
</OBJECT>
</UL>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Main Program Window">
<param name="Local" value="Main Program Window.html">
</OBJECT>
<UL>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Program Menu">
<param name="Local" value="Program Menu.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Mounting Volumes">
<param name="Local" value="Mounting VeraCrypt Volumes.html">
</OBJECT>
</UL>
<LI> <OBJECT type="text/sitemap">
- <param name="Name" value="Normal Dismount vs Force Dismount ">
- <param name="Local" value="Normal Dismount vs Force Dismount.html">
+ <param name="Name" value="Normal Unmount vs Force Unmount ">
+ <param name="Local" value="Normal Unmount vs Force Unmount.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Avoid Third-Party File Extensions">
<param name="Local" value="Avoid Third-Party File Extensions.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Parallelization">
<param name="Local" value="Parallelization.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Pipelining">
<param name="Local" value="Pipelining.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Hardware acceleration">
<param name="Local" value="Hardware Acceleration.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Hot keys">
<param name="Local" value="Hot Keys.html">
diff --git a/doc/html/Beginner's Tutorial.html b/doc/html/Beginner's Tutorial.html
index c39ee596..531a71c2 100644
--- a/doc/html/Beginner's Tutorial.html
+++ b/doc/html/Beginner's Tutorial.html
@@ -171,37 +171,37 @@ VeraCrypt will now attempt to mount the volume. If the password is incorrect (fo
<strong>OK</strong>). If the password is correct, the volume will be mounted.</p>
<h4>FINAL STEP:</h4>
<p><img src="Beginner's Tutorial_Image_020.jpg" alt=""><br>
<br>
We have just successfully mounted the container as a virtual disk M:<br>
<br>
The virtual disk is entirely encrypted (including file names, allocation tables, free space, etc.) and behaves like a real disk. You can save (or copy, move, etc.) files to this virtual disk and they will be encrypted on the fly as they are being written.<br>
<br>
If you open a file stored on a VeraCrypt volume, for example, in media player, the file will be automatically decrypted to RAM (memory) on the fly while it is being read.</p>
<p>Important: Note that when you open a file stored on a VeraCrypt volume (or when you write/copy a file to/from the VeraCrypt volume) you will not be asked to enter the password again. You need to enter the correct password only when mounting the volume.</p>
<p>You can open the mounted volume, for example, by selecting it on the list as shown in the screenshot above (blue selection) and then double-clicking on the selected item.</p>
<p>You can also browse to the mounted volume the way you normally browse to any other types of volumes. For example, by opening the &lsquo;<em>Computer</em>&rsquo; (or &lsquo;<em>My Computer</em>&rsquo;) list and double clicking the corresponding drive letter
(in this case, it is the letter M).<br>
<br>
<img src="Beginner's Tutorial_Image_021.jpg" alt=""><br>
<br>
You can copy files (or folders) to and from the VeraCrypt volume just as you would copy them to any normal disk (for example, by simple drag-and-drop operations). Files that are being read or copied from the encrypted VeraCrypt volume are automatically decrypted
on the fly in RAM (memory). Similarly, files that are being written or copied to the VeraCrypt volume are automatically encrypted on the fly in RAM (right before they are written to the disk).<br>
<br>
Note that VeraCrypt never saves any decrypted data to a disk &ndash; it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume
- will be dismounted and all files stored on it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), all files stored on the volume will be inaccessible (and encrypted). To make them accessible
+ will be unmounted and all files stored on it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), all files stored on the volume will be inaccessible (and encrypted). To make them accessible
again, you have to mount the volume. To do so, repeat Steps 13-18.</p>
-<p>If you want to close the volume and make files stored on it inaccessible, either restart your operating system or dismount the volume. To do so, follow these steps:<br>
+<p>If you want to close the volume and make files stored on it inaccessible, either restart your operating system or unmount the volume. To do so, follow these steps:<br>
<br>
<img src="Beginner's Tutorial_Image_022.jpg" alt=""><br>
<br>
Select the volume from the list of mounted volumes in the main VeraCrypt window (marked with a red rectangle in the screenshot above) and then click
-<strong>Dismount </strong>(also marked with a red rectangle in the screenshot above). To make files stored on the volume accessible again, you will have to mount the volume. To do so, repeat Steps 13-18.</p>
+<strong>Unmount </strong>(also marked with a red rectangle in the screenshot above). To make files stored on the volume accessible again, you will have to mount the volume. To do so, repeat Steps 13-18.</p>
<h2>How to Create and Use a VeraCrypt-Encrypted Partition/Device</h2>
<p>Instead of creating file containers, you can also encrypt physical partitions or drives (i.e., create VeraCrypt device-hosted volumes). To do so, repeat the steps 1-3 but in the step 3 select the second or third option. Then follow the remaining instructions
in the wizard. When you create a device-hosted VeraCrypt volume within a <em>non-system
</em>partition/drive, you can mount it by clicking <em>Auto-Mount Devices </em>in the main VeraCrypt window. For information pertaining to encrypted
<em>system </em>partition/drives, see the chapter <a href="System%20Encryption.html">
<em>System Encryption</em></a>.</p>
<p>Important: <em>We strongly recommend that you also read the other chapters of this manual, as they contain important information that has been omitted in this tutorial for simplicity.</em></p>
</div>
</body></html>
diff --git a/doc/html/Command Line Usage.html b/doc/html/Command Line Usage.html
index c463b04c..004eccc8 100644
--- a/doc/html/Command Line Usage.html
+++ b/doc/html/Command Line Usage.html
@@ -38,73 +38,77 @@
<p>Note that this section applies to the Windows version of VeraCrypt. For information on command line usage applying to the
<strong>Linux and Mac OS X versions</strong>, please run: veracrypt &ndash;h</p>
<table border="1" cellspacing="0" cellpadding="1">
<tbody>
<tr>
<td><em>/help</em> or <em>/?</em></td>
<td>Display command line help.</td>
</tr>
<tr>
<td><em>/truecrypt or /tc</em></td>
<td>Activate TrueCrypt compatibility mode which enables mounting volumes created with TrueCrypt 6.x and 7.x series.</td>
</tr>
<tr>
<td><em>/hash</em></td>
<td>It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s and blake2s-256. When /hash is omitted, VeraCrypt will try
all possible PRF algorithms thus lengthening the mount operation time.</td>
</tr>
<tr>
<td id="volume"><em>/volume</em> or <em>/v</em></td>
<td>
-<p>It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when dismounting) or the Volume ID of the disk/partition to mount.<br>
+<p>It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when unmounting) or the Volume ID of the disk/partition to mount.<br>
The syntax of the volume ID is <strong>ID:XXXXXX...XX</strong> where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount.<br>
<br>
To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click
<em>Select Device</em>). You can also mount a partition or dynamic volume using its volume name (for example, /v \\?\Volume{5cceb196-48bf-46ab-ad00-70965512253a}\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive.<br>
<br>
You can also specify the Volume ID of the partition/device-hosted volume to mount, for example: /v ID:53B9A8D59CC84264004DA8728FC8F3E2EE6C130145ABD3835695C29FD601EDCA. The Volume ID value can be retrieved using the volume properties dialog.</p>
</td>
</tr>
<tr>
<td><em>/letter</em> or <em>/l</em></td>
<td>It must be followed by a parameter indicating the driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used.</td>
</tr>
<tr>
<td><em>/explore</em> or <em>/e</em></td>
<td>Open an Explorer window after a volume has been mounted.</td>
</tr>
<tr>
<td><em>/beep</em> or <em>/b</em></td>
-<td>Beep after a volume has been successfully mounted or dismounted.</td>
+<td>Beep after a volume has been successfully mounted or unmounted.</td>
</tr>
<tr>
<td><em>/auto</em> or <em>/a</em></td>
<td>If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently accessible device/partition-hosted VeraCrypt volumes. If favorites is specified as the parameter, auto-mount
favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit.</td>
</tr>
<tr>
+<td><em>/unmount</em> or <em>/u</em></td>
+<td>Unmount volume specified by drive letter (e.g., /u x). When no drive letter is specified, unmounts all currently mounted VeraCrypt volumes.</td>
+</tr>
+<tr>
<td><em>/dismount</em> or <em>/d</em></td>
-<td>Dismount volume specified by drive letter (e.g., /d x). When no drive letter is specified, dismounts all currently mounted VeraCrypt volumes.</td>
+<td>Deprecated. Please use /unmount or /u.</td>
</tr>
<tr>
<td><em>/force</em> or <em>/f</em></td>
-<td>Forces dismount (if the volume to be dismounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).</td>
+<td>Forces unmount (if the volume to be unmounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access).</td>
</tr>
<tr>
<td><em>/keyfile</em> or <em>/k</em></td>
<td>It must be followed by a parameter specifying a keyfile or a keyfile search path. For multiple keyfiles, specify e.g.: /k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2 To specify a keyfile stored on a security token or smart card, use the following syntax:
token://slot/SLOT_NUMBER/file/FILE_NAME</td>
</tr>
<tr id="tryemptypass">
<td><em>/tryemptypass&nbsp;&nbsp; </em></td>
<td>ONLY when default keyfile configured or when a keyfile is specified in the command line.<br>
If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: try to mount using an empty password and the keyfile before displaying password prompt.<br>
if it is followed by <strong>n </strong>or<strong> no</strong>: don't try to mount using an empty password and the keyfile, and display password prompt right away.</td>
</tr>
<tr>
<td><em>/nowaitdlg</em></td>
<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: don&rsquo;t display the waiting dialog while performing operations like mounting volumes.<br>
If it is followed by <strong>n</strong> or <strong>no</strong>: force the display waiting dialog is displayed while performing operations.</td>
</tr>
<tr>
<td><em>/secureDesktop</em></td>
<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>
@@ -297,29 +301,29 @@ It has no parameters and it indicates that no message box or dialog will be disp
<tr>
<td><em>/protectMemory</em>&nbsp;</td>
<td>Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.</td>
</tr>
<tr>
<td><em>/secureDesktop</em></td>
<td>If it is followed by <strong>y</strong> or <strong>yes</strong> or if no parameter is specified: display password dialog and token PIN dialog in a dedicated secure desktop to protect against certain types of attacks.<br>
If it is followed by <strong>n</strong> or <strong>no</strong>: the password dialog and token PIN dialog are displayed in the normal desktop.</td>
</tr>
</tbody>
</table>
<h4>Syntax</h4>
<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |blake2s|blake2s-256}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]
[/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]</p>
<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}]
[/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]</p>
<p>Note that the order in which options are specified does not matter.</p>
<h4>Examples</h4>
<p>Mount the volume <em>d:\myvolume</em> as the first free drive letter, using the password prompt (the main program window will not be displayed):</p>
<p>veracrypt /q /v d:\myvolume</p>
-<p>Dismount a volume mounted as the drive letter <em>X</em> (the main program window will not be displayed):</p>
+<p>Unmount a volume mounted as the drive letter <em>X</em> (the main program window will not be displayed):</p>
<p>veracrypt /q /d x</p>
<p>Mount a volume called <em>myvolume.tc</em> using the password <em>MyPassword</em>, as the drive letter
<em>X</em>. VeraCrypt will open an explorer window and beep; mounting will be automatic:</p>
<p>veracrypt /v myvolume.tc /l x /a /p MyPassword /e /b</p>
<p>Create a 10 MB file container using the password <em>test</em> and formatted using FAT:</p>
<p><code>&quot;C:\Program Files\VeraCrypt\VeraCrypt Format.exe&quot; /create c:\Data\test.hc /password test /hash sha512 /encryption serpent /filesystem FAT /size 10M /force</code></p>
</div>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Documentation.html b/doc/html/Documentation.html
index 9f6f6587..db4969bf 100644
--- a/doc/html/Documentation.html
+++ b/doc/html/Documentation.html
@@ -42,41 +42,41 @@
</li><li><strong><a href="System%20Encryption.html">System Encryption</a></strong>
<ul>
<li><a href="Hidden%20Operating%20System.html">Hidden Operating System</a>
</li><li><a href="Supported%20Systems%20for%20System%20Encryption.html">Operating Systems Supported for System Encryption</a>
</li><li><a href="VeraCrypt%20Rescue%20Disk.html">VeraCrypt Rescue Disk</a>
</li></ul>
</li><li><strong><a href="Plausible%20Deniability.html">Plausible Deniability</a></strong><br>
<ul>
<li><a href="Hidden%20Volume.html">Hidden Volume</a>
<ul>
<li><a href="Protection%20of%20Hidden%20Volumes.html">Protection of Hidden Volumes Against Damage</a>
</li><li><a href="Security%20Requirements%20for%20Hidden%20Volumes.html">Security Requirements and Precautions Pertaining to Hidden Volumes</a>
</li></ul>
</li><li><a href="VeraCrypt%20Hidden%20Operating%20System.html">Hidden Operating System</a>
</li></ul>
</li><li><strong><a href="Main%20Program%20Window.html">Main Program Window</a></strong>
<ul>
<li><a href="Program%20Menu.html">Program Menu</a>
</li><li><a href="Mounting%20VeraCrypt%20Volumes.html">Mounting Volumes</a>
</li></ul>
-</li><li><strong><a href="Normal%20Dismount%20vs%20Force%20Dismount.html">Normal Dismount vs Force Dismount</a></strong>
+</li><li><strong><a href="Normal%20Unmount%20vs%20Force%20Unmount.html">Normal Unmount vs Force Unmount</a></strong>
</li><li><strong><a href="Avoid%20Third-Party%20File%20Extensions.html">Avoid Third-Party File Extensions</a></strong>
</li><li><strong><a href="Parallelization.html">Parallelization</a></strong>
</li><li><strong><a href="Pipelining.html">Pipelining</a></strong>
</li><li><strong><a href="Hardware%20Acceleration.html">Hardware acceleration</a></strong>
</li><li><strong><a href="Hot%20Keys.html">Hot keys</a></strong>
</li><li><strong><a href="Keyfiles%20in%20VeraCrypt.html">Keyfiles</a></strong>
</li><li><strong><a href="Security%20Tokens%20%26%20Smart%20Cards.html">Security Tokens &amp; Smart Cards</a></strong>
</li><li><strong><a href="EMV%20Smart%20Cards.html">EMV Smart Cards</a></strong>
</li><li><strong><a href="Portable%20Mode.html">Portable Mode</a></strong>
</li><li><strong><a href="TrueCrypt%20Support.html">TrueCrypt Support</a></strong>
</li><li><strong><a href="Converting%20TrueCrypt%20volumes%20and%20partitions.html">Converting TrueCrypt Volumes &amp; Partitions</a></strong>
</li><li><strong><a href="Conversion_Guide_VeraCrypt_1.26_and_Later.html">Conversion Guide for Versions 1.26 and Later</a></strong>
</li><li><strong><a href="Default%20Mount%20Parameters.html">Default Mount Parameters</a></strong>
</li><li><strong><a href="Language%20Packs.html">Language Packs</a></strong>
</li><li><strong><a href="Encryption%20Algorithms.html">Encryption Algorithms</a></strong>
<ul>
<li><a href="AES.html">AES</a> </li><li><a href="Camellia.html">Camellia</a>
</li><li><a href="Kuznyechik.html">Kuznyechik</a>
</li><li><a href="Serpent.html">Serpent</a> </li><li><a href="Twofish.html">Twofish</a> </li><li><a href="Cascades.html">Cascades of ciphers</a>
</li></ul>
diff --git a/doc/html/FAQ.html b/doc/html/FAQ.html
index e310f3e8..df1bfe8d 100644
--- a/doc/html/FAQ.html
+++ b/doc/html/FAQ.html
@@ -210,41 +210,41 @@ Yes. For more information, please see the chapter <a href="Hardware%20Accelerati
Hardware Acceleration</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
documentation</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Is it possible to boot Windows installed in a hidden VeraCrypt volume?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, it is. For more information, please see the section <a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hidden Operating System</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
documentation</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Will I be able to mount my VeraCrypt volume (container) on any computer?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, <a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
VeraCrypt volumes</a> are independent of the operating system. You will be able to mount your VeraCrypt volume on any computer on which you can run VeraCrypt (see also the question '<em style="text-align:left">Can I use VeraCrypt on Windows if I do not have
administrator privileges?</em>').</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Can I unplug or turn off a hot-plug device (for example, a USB flash drive or USB hard drive) when there is a mounted VeraCrypt volume on it?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-Before you unplug or turn off the device, you should always dismount the VeraCrypt volume in VeraCrypt first, and then perform the '<em style="text-align:left">Eject</em>' operation if available (right-click the device in the '<em style="text-align:left">Computer</em>'
+Before you unplug or turn off the device, you should always unmount the VeraCrypt volume in VeraCrypt first, and then perform the '<em style="text-align:left">Eject</em>' operation if available (right-click the device in the '<em style="text-align:left">Computer</em>'
or '<em style="text-align:left">My Computer</em>' list), or use the '<em style="text-align:left">Safely Remove Hardware</em>' function (built in Windows, accessible via the taskbar notification area). Otherwise, data loss may occur.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">What is a hidden operating system?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
See the section <a href="Hidden%20Operating%20System.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hidden Operating System</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
documentation</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">What is plausible deniability?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
See the chapter <a href="Plausible%20Deniability.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
Plausible Deniability</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
documentation</a>.</div>
<div id="SystemReinstallUpgrade" style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Will I be able to mount my VeraCrypt partition/container after I reinstall or upgrade the operating system?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, <a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
@@ -459,51 +459,51 @@ require</em> the attacker to have administrator privileges, or physical access t
<em style="text-align:left">However, if any of these conditions is met, it is actually impossible to secure the computer</em> (see below) and, therefore, you must stop using it (instead of relying on TPM).
<br style="text-align:left">
<br style="text-align:left">
If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over
the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).
<br style="text-align:left">
<br style="text-align:left">
If the attacker can physically access the computer hardware (and you use it after such an access), he can, for example, attach a malicious component to it (such as a hardware keystroke logger) that will capture the password, the content of RAM (containing master
keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical
access to the computer again). <br style="text-align:left">
<br style="text-align:left">
The only thing that TPM is almost guaranteed to provide is a false sense of security (even the name itself, &quot;Trusted Platform Module&quot;, is misleading and creates a false sense of security). As for real security, TPM is actually redundant (and implementing redundant
features is usually a way to create so-called bloatware). <br style="text-align:left">
<br style="text-align:left">
For more information, please see the sections <a title="Physical%20Security&quot;" style="text-align:left; color:#0080c0; text-decoration:none">
Physical Security</a> and <a href="Malware.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Malware</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
documentation</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
-<strong style="text-align:left">Do I have to dismount VeraCrypt volumes before shutting down or restarting Windows?</strong></div>
+<strong style="text-align:left">Do I have to unmount VeraCrypt volumes before shutting down or restarting Windows?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-No. VeraCrypt automatically dismounts all mounted VeraCrypt volumes on system shutdown/restart.</div>
+No. VeraCrypt automatically unmounts all mounted VeraCrypt volumes on system shutdown/restart.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Which type of VeraCrypt volume is better &ndash; partition or file container?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">File containers</a> are normal files so you can work with them as with any normal files (file containers
can be, for example, moved, renamed, and deleted the same way as normal files). <a href="VeraCrypt%20Volume.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none.html">
Partitions/drives</a> may be better as regards performance. Note that reading and writing to/from a file container may take significantly longer when the container is heavily fragmented. To solve this problem, defragment the file system in which the container
- is stored (when the VeraCrypt volume is dismounted).</div>
+ is stored (when the VeraCrypt volume is unmounted).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">What's the recommended way to back up a VeraCrypt volume?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
See the chapter <a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
How to Back Up Securely</a> in the <a href="https://www.veracrypt.fr/en/Documentation.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
documentation</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">What will happen if I format a VeraCrypt partition?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
See the question '<em style="text-align:left"><a href="#changing-filesystem" style="text-align:left; color:#0080c0; text-decoration:none">Is it possible to change the file system of an encrypted volume?</a></em>'</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left"><a name="changing-filesystem" style="text-align:left; color:#0080c0; text-decoration:none"></a>Is it possible to change the file system of an encrypted volume?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Yes, when mounted, VeraCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. VeraCrypt volumes behave as standard disk devices so you can right-click the device icon (for example in the '<em style="text-align:left">Computer</em>'
or '<em style="text-align:left">My Computer</em>' list) and select '<em style="text-align:left">Format</em>'. The actual volume contents will be lost. However, the whole volume will remain encrypted. If you format a VeraCrypt-encrypted partition when the VeraCrypt
volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
diff --git a/doc/html/Hibernation File.html b/doc/html/Hibernation File.html
index cc0888f1..0641c06c 100644
--- a/doc/html/Hibernation File.html
+++ b/doc/html/Hibernation File.html
@@ -27,41 +27,41 @@
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Data%20Leaks.html">Data Leaks</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Hibernation%20File.html">Hibernation File</a>
</p></div>
<div class="wikidoc">
<div>
<h1>Hibernation File</h1>
<p>Note: The issue described below does not affect you if the system partition or system drive is encrypted<span>*
</span>(for more information, see the chapter <a href="System%20Encryption.html">
<em>System Encryption</em></a>) and if the hibernation file is located on one the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates,
data are encrypted on the fly before they are written to the hibernation file.</p>
<p>When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a so-called hibernation file on the hard drive. You can configure VeraCrypt (<em>Settings</em> &gt;
-<em>Preferences</em> &gt; <em>Dismount all when: Entering power saving mode</em>) to automatically dismount all mounted VeraCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates
+<em>Preferences</em> &gt; <em>Unmount all when: Entering power saving mode</em>) to automatically unmount all mounted VeraCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates
(or enters a power-saving mode). However, keep in mind, that if you do not use system encryption (see the chapter
<a href="System%20Encryption.html"><em>System Encryption</em></a>), VeraCrypt still cannot reliably prevent the contents of sensitive files opened in RAM from being saved unencrypted to a hibernation file. Note that
when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off).<br>
<br>
Note that when Windows enters Sleep mode, it may be actually configured to enter so-called Hybrid Sleep mode, which involves hibernation. Also note that the operating system may be configured to hibernate or enter the Hybrid Sleep mode when you click or select
&quot;Shut down&quot; (for more information, please see the documentation for your operating system).<br>
<br>
<strong>To prevent the issues described above</strong>, encrypt the system partition/drive (for information on how to do so, see the chapter
<a href="System%20Encryption.html"><em>System Encryption</em></a>) and make sure that the hibernation file is located on one of the partitions within the key scope of system encryption (which it typically is, by default),
for example, on the partition where Windows is installed. When the computer hibernates, data will be encrypted on the fly before they are written to the hibernation file.</p>
<p>Note: You may also want to consider creating a hidden operating system (for more information, see the section
<a href="Hidden%20Operating%20System.html">
<em>Hidden Operating System</em></a>)<span>.</span></p>
<p>Alternatively, if you cannot use system encryption, disable or prevent hibernation on your computer at least for each session during which you work with any sensitive data and during which you mount a VeraCrypt volume.</p>
<p><span>* </span>Disclaimer: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, VeraCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, VeraCrypt
cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. In response to our public complaint regarding the missing API, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions
of Windows. VeraCrypt has used this API and therefore is able to safely encrypt hibernation files under Windows Vista and later versions of Windows. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend
that you upgrade to Windows Vista or later.</p>
</div>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Hidden Volume.html b/doc/html/Hidden Volume.html
index 56f38e2b..bb415d36 100644
--- a/doc/html/Hidden Volume.html
+++ b/doc/html/Hidden Volume.html
@@ -29,41 +29,41 @@
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Hidden%20Volume.html">Hidden Volume</a>
</p></div>
<div class="wikidoc">
<h1>Hidden Volume</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations
without revealing the password to your volume.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<img src="Beginner's Tutorial_Image_024.gif" alt="The layout of a standard VeraCrypt volume before and after a hidden volume was created within it." width="606" height="412"></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">The layout of a standard VeraCrypt volume before and after a hidden volume was created within it.</em></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
The principle is that a VeraCrypt volume is created within another VeraCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free
- space on <em style="text-align:left">any </em>VeraCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that VeraCrypt does not modify the file
+ space on <em style="text-align:left">any </em>VeraCrypt volume is always filled with random data when the volume is created** and no part of the (unmounted) hidden volume can be distinguished from random data. Note that VeraCrypt does not modify the file
system (information about free space, etc.) within the outer volume in any way.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
The password for the hidden volume must be substantially different from the password for the outer volume. To the outer volume, (before creating the hidden volume within it) you should copy some sensitive-looking files that you actually do NOT want to hide.
These files will be there for anyone who would force you to hand over the password. You will reveal only the password for the outer volume, not for the hidden one. Files that really are sensitive will be stored on the hidden volume.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
A hidden volume can be mounted the same way as a standard VeraCrypt volume: Click
<em style="text-align:left">Select File</em> or <em style="text-align:left">Select Device
</em>to select the outer/host volume (important: make sure the volume is <em style="text-align:left">
not</em> mounted). Then click <em style="text-align:left">Mount</em>, and enter the password for the hidden volume. Whether the hidden or the outer volume will be mounted is determined by the entered password (i.e., when you enter the password for the outer
volume, then the outer volume will be mounted; when you enter the password for the hidden volume, the hidden volume will be mounted).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
VeraCrypt first attempts to decrypt the standard volume header using the entered password. If it fails, it loads the area of the volume where a hidden volume header can be stored (i.e. bytes 65536&ndash;131071, which contain solely random data when there is
no hidden volume within the volume) to RAM and attempts to decrypt it using the entered password. Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data. If the header is successfully decrypted (for information
on how VeraCrypt determines that it was successfully decrypted, see the section <a href="Encryption%20Scheme.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Encryption Scheme</a>), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
A hidden volume can be created within any type of VeraCrypt volume, i.e., within a file-hosted volume or partition/device-hosted volume (requires administrator privileges). To create a hidden VeraCrypt volume, click on
<em style="text-align:left">Create Volume </em>in the main program window and select
<em style="text-align:left">Create a hidden VeraCrypt volume</em>. The Wizard will provide help and all information necessary to successfully create a hidden VeraCrypt volume.</div>
diff --git a/doc/html/Incompatibilities.html b/doc/html/Incompatibilities.html
index 4c9e4bce..a87ed56d 100644
--- a/doc/html/Incompatibilities.html
+++ b/doc/html/Incompatibilities.html
@@ -47,35 +47,35 @@ Acresso FLEXnet Publisher activation software, formerly Macrovision SafeCast, (u
<a href="VeraCrypt%20Rescue%20Disk.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
VeraCrypt Rescue Disk</a> to regain access to your system. There are two ways to do so:</div>
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
You may keep the third-party software activated but you will need to boot your system from the VeraCrypt Rescue Disk CD/DVD
<em style="text-align:left">every time</em>. Just insert your Rescue Disk into your CD/DVD drive and then enter your password in the Rescue Disk screen.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If you do not want to boot your system from the VeraCrypt Rescue Disk CD/DVD every time, you can restore the VeraCrypt Boot Loader on the system drive. To do so, in the Rescue Disk screen, select
<em style="text-align:left">Repair Options</em> &gt; <em style="text-align:left">
Restore VeraCrypt Boot Loader</em>. However, note that this will deactivate the third-party software.
</li></ol>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
For information on how to use your VeraCrypt Rescue Disk, please see the chapter <a href="VeraCrypt%20Rescue%20Disk.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
VeraCrypt Rescue Disk</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Possible permanent solution</strong>: decrypt the system partition/drive, and then re-encrypt it using a non-cascade encryption algorithm (i.e., AES, Serpent, or Twofish).*</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Please note that this not a bug in VeraCrypt (the issue is caused by inappropriate design of the third-party activation software).</div>
<h2>Outpost Firewall and Outpost Security Suite</h2>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-If Outpost Firewall or Outpost Security Suite is installed with Proactive Protection enabled, the machine freezes completely for 5-10 seconds during the volume mount/dismount operation. This is caused by a conflict between Outpost System Guard option that protects "Active Desktop" objects and VeraCrypt waiting dialog displayed during mount/dismount operations.</div>
+If Outpost Firewall or Outpost Security Suite is installed with Proactive Protection enabled, the machine freezes completely for 5-10 seconds during the volume mount/unmount operation. This is caused by a conflict between Outpost System Guard option that protects "Active Desktop" objects and VeraCrypt waiting dialog displayed during mount/unmount operations.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
A workaround that fixes this issue is to disable VeraCrypt waiting dialog in the Preferences: use menu "Settings -> Preferences" and check the option "Don't show wait message dialog when performing operations".</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
More information can be found at <a href="https://sourceforge.net/p/veracrypt/tickets/100/">https://sourceforge.net/p/veracrypt/tickets/100/</a>
</div>
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
<p><span style="text-align:left; font-size:10px; line-height:12px">* The reason is that the VeraCrypt Boot Loader is smaller than the one used for cascades of ciphers and, therefore, there is enough space in the first drive track for a backup of the VeraCrypt
Boot Loader. Hence, whenever the VeraCrypt Boot Loader is damaged, its backup copy is run automatically instead.</span><br style="text-align:left">
<br style="text-align:left">
<br style="text-align:left">
<br style="text-align:left">
&nbsp;&nbsp;See also: <a href="Issues%20and%20Limitations.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">
Known Issues &amp; Limitations</a>,&nbsp;&nbsp;<a href="Troubleshooting.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Troubleshooting</a></p>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Introduction.html b/doc/html/Introduction.html
index 1a946be2..28009ec9 100644
--- a/doc/html/Introduction.html
+++ b/doc/html/Introduction.html
@@ -33,24 +33,24 @@
</p>
</div>
<div class="wikidoc">
<h1>Introduction</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user
intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta
data, etc).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Files can be copied to and from a mounted VeraCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied
from an encrypted VeraCrypt volume. Similarly, files that are being written or copied to the VeraCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does
<span style="text-align:left; font-style:italic">not</span> mean that the <span style="text-align:left; font-style:italic">
whole</span> file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for VeraCrypt. For an illustration of how this is accomplished, see the following paragraph.<br style="text-align:left">
<br style="text-align:left">
Let's suppose that there is an .avi video file stored on a VeraCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the VeraCrypt volume. When the user double clicks the icon
of the video file, the operating system launches the application associated with the file type &ndash; typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory)
in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading
another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).</div>
<p>Note that VeraCrypt never saves any decrypted data to a disk &ndash; it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume
- will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you
+ will be unmounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you
have to mount the volume (and provide the correct password and/or keyfile). For a quick start guide, please see the chapter Beginner's Tutorial.</p>
</div>
</body></html>
diff --git a/doc/html/Issues and Limitations.html b/doc/html/Issues and Limitations.html
index eed2e222..4fa1e0e3 100644
--- a/doc/html/Issues and Limitations.html
+++ b/doc/html/Issues and Limitations.html
@@ -28,82 +28,82 @@
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Issues%20and%20Limitations.html">Known Issues and Limitations</a>
</p></div>
<div class="wikidoc">
<h1>Known Issues &amp; Limitations</h1>
<h3>Known Issues</h3>
<ul>
<li>On Windows, it may happen that two drive letters are assigned to a mounted volume instead of a single one. This is caused by an issue with Windows Mount Manager cache and it can be solved by typing the command &quot;<strong>mountvol.exe /r</strong>&quot; in an elevated
command prompt (run as an administrator) before mounting any volume. If the issue persists after rebooting, the following procedure can be used to solve it:
<ul>
<li>Check the registry key &quot;HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices&quot; using regedit. Scroll down and you'll find entries starting with &quot;\DosDevices\&quot; or &quot;\Global??\&quot; which indicate the drive letters that are taken by the system. Before mounting any volume,
double click on each one and remove the ones contains the name &quot;VeraCrypt&quot; and &quot;TrueCrypt&quot;.
<br>
Also, there are other entries whose name start with &quot;#{&quot; and &quot;\??\Volume{&quot;: double click on each one of them and remove the ones whose data value contains the name &quot;VeraCrypt&quot; and &quot;TrueCrypt&quot;.
</li></ul>
</li>
-<li>On some Windows machines, VeraCrypt may hang intermittently when mounting or dismounting a volume. Similar hanging may affect other running applications during VeraCrypt mounting or dismounting operations.
-This issue is caused by a conflict between VeraCrypt waiting dialog displayed during mount/dismount operations and other software installed on the machine (e.g. Outpost Firewall Pro).
+<li>On some Windows machines, VeraCrypt may hang intermittently when mounting or unmounting a volume. Similar hanging may affect other running applications during VeraCrypt mounting or unmounting operations.
+This issue is caused by a conflict between VeraCrypt waiting dialog displayed during mount/unmount operations and other software installed on the machine (e.g. Outpost Firewall Pro).
In such situations, the issue can be solved by disabling VeraCrypt waiting dialog in the Preferences: use menu "Settings -> Preferences" and check the option "Don't show wait message dialog when performing operations".
</li>
</ul>
<h3 id="limitations">Limitations</h3>
<ul>
<li>[<em>Note: This limitation does not apply to users of Windows Vista and later versions of Windows.</em>] On Windows XP/2003, VeraCrypt does not support encrypting an entire system drive that contains extended (logical) partitions. You can encrypt an entire
system drive provided that it contains only primary partitions. Extended (logical) partitions must not be created on any system drive that is partially or fully encrypted (only primary partitions may be created on it).
<em>Note</em>: If you need to encrypt an entire drive containing extended partitions, you can encrypt the system partition and, in addition, create partition-hosted VeraCrypt volumes within any non- system partitions on the drive. Alternatively, you may want
to consider upgrading to Windows Vista or a later version of Windows. </li><li>VeraCrypt currently does not support encrypting a system drive that has been converted to a dynamic disk.
</li><li>To work around a Windows XP issue, the VeraCrypt boot loader is always automatically configured for the version of the operating system under which it is installed. When the version of the system changes (for example, the VeraCrypt boot loader is installed
when Windows Vista is running but it is later used to boot Windows XP) you may encounter various known and unknown issues (for example, on some notebooks, Windows XP may fail to display the log-on screen). Note that this affects multi-boot configurations,
VeraCrypt Rescue Disks, and decoy/hidden operating systems (therefore, if the hidden system is e.g. Windows XP, the decoy system should be Windows XP too).
</li><li>The ability to mount a partition that is within the key scope of system encryption without pre- boot authentication (for example, a partition located on the encrypted system drive of another operating system that is not running), which can be done e.g.
by selecting <em>System</em> &gt; <em>Mount Without Pre-Boot Authentication,</em> is limited to primary partitions (extended/logical partitions cannot be mounted this way).
</li><li>Due to a Windows 2000 issue, VeraCrypt does not support the Windows Mount Manager under Windows 2000. Therefore, some Windows 2000 built-in tools, such as Disk Defragmenter, do not work on VeraCrypt volumes. Furthermore, it is not possible to use the Mount
Manager services under Windows 2000, e.g., assign a mount point to a VeraCrypt volume (i.e., attach a VeraCrypt volume to a folder).
</li><li>VeraCrypt does not support pre-boot authentication for operating systems installed within VHD files, except when booted using appropriate virtual-machine software such as Microsoft Virtual PC.
</li><li>The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of system encryption (e.g. a system partition encrypted by VeraCrypt, or a non- system partition located on a system drive encrypted by VeraCrypt, mounted
when the encrypted operating system is running). Note: For other types of volumes, the Volume Shadow Copy Service is not supported because the documentation for the necessary API is not available.
</li><li>Windows boot settings cannot be changed from within a hidden operating system if the system does not boot from the partition on which it is installed. This is due to the fact that, for security reasons, the boot partition is mounted as read-only when the
hidden system is running. To be able to change the boot settings, please start the decoy operating system.
</li><li>Encrypted partitions cannot be resized except partitions on an entirely encrypted system drive that are resized while the encrypted operating system is running.
</li><li id="SysEncUpgrade">When the system partition/drive is encrypted, the system cannot be upgraded (for example, from Windows XP to Windows Vista) or repaired from within the pre-boot environment (using a Windows setup CD/DVD or the Windows pre-boot component).
In such cases, the system partition/drive must be decrypted first. Note: A running operating system can be
<em>updated</em> (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.
</li><li>System encryption is supported only on drives that are connected locally via an ATA/SCSI interface (note that the term ATA also refers to SATA and eSATA).
</li><li>When system encryption is used (this also applies to hidden operating systems), VeraCrypt does not support multi-boot configuration changes (for example, changes to the number of operating systems and their locations). Specifically, the configuration must
remain the same as it was when the VeraCrypt Volume Creation Wizard started to prepare the process of encryption of the system partition/drive (or creation of a hidden operating system).<br>
<br>
Note: The only exception is the multi-boot configuration where a running VeraCrypt-encrypted operating system is always located on drive #0, and it is the only operating system located on the drive (or there is one VeraCrypt-encrypted decoy and one VeraCrypt-encrypted
hidden operating system and no other operating system on the drive), and the drive is connected or disconnected before the computer is turned on (for example, using the power switch on an external eSATA drive enclosure). There may be any additional operating
systems (encrypted or unencrypted) installed on other drives connected to the computer (when drive #0 is disconnected, drive #1 becomes drive #0, etc.)
-</li><li>When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, VeraCrypt may fail to auto-dismount volumes in such cases.
+</li><li>When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, VeraCrypt may fail to auto-unmount volumes in such cases.
</li><li>Preserving of any timestamp of any file (e.g. a container or keyfile) is not guaranteed to be reliably and securely performed (for example, due to filesystem journals, timestamps of file attributes, or the operating system failing to perform it for various
documented and undocumented reasons). Note: When you write to a file-hosted hidden volume, the timestamp of the container may change. This can be plausibly explained as having been caused by changing the (outer) volume password. Also note that VeraCrypt never
preserves timestamps of system favorite volumes (regardless of the settings). </li><li>Special software (e.g., a low-level disk editor) that writes data to a disk drive in a way that circumvents drivers in the driver stack of the class &lsquo;DiskDrive&rsquo; (GUID of the class is 4D36E967- E325-11CE-BFC1-08002BE10318) can write unencrypted
data to a non-system drive hosting a mounted VeraCrypt volume (&lsquo;Partition0&rsquo;) and to encrypted partitions/drives that are within the key scope of active system encryption (VeraCrypt does not encrypt such data written that way). Similarly, software
that writes data to a disk drive circumventing drivers in the driver stack of the class &lsquo;Storage Volume&rsquo; (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F) can write unencrypted data to VeraCrypt partition-hosted volumes (even if they
are mounted). </li><li>For security reasons, when a hidden operating system is running, VeraCrypt ensures that all local unencrypted filesystems and non-hidden VeraCrypt volumes are read-only. However, this does not apply to filesystems on CD/DVD-like media and on custom, atypical,
or non-standard devices/media (for example, any devices/media whose class is other than the Windows device class &lsquo;Storage Volume&rsquo; or that do not meet the requirements of this class (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F)).
</li><li>Device-hosted VeraCrypt volumes located on floppy disks are not supported. Note: You can still create file-hosted VeraCrypt volumes on floppy disks.
</li><li>Windows Server editions don't allow the use of mounted VeraCrypt volumes as a path for server backup. This can solved by activating sharing on the VeraCrypt volume through Explorer interface (of course, you have to put the correct permission to avoid unauthorized
access) and then choosing the option &quot;Remote shared folder&quot; (it is not remote of course but Windows needs a network path). There, you can type the path of the shared drive (for example \\ServerName\sharename) and the backup will be configured correctly.
</li><li>Due to Microsoft design flaws in NTFS sparse files handling, you may encounter system errors when writing data to large Dynamic volumes (more than few hundreds GB). To avoid this, the recommended size for a Dynamic volume container file for maximum compatibility
is 300 GB. The following link gives more details concerning this limitation: <a href="http://www.flexhex.com/docs/articles/sparse-files.phtml#msdn" target="_blank">
http://www.flexhex.com/docs/articles/sparse-files.phtml#msdn</a> </li>
<li>In Windows 8 and Windows 10, a feature was introduced with the name &quot;<strong>Hybrid boot and shutdown</strong>&quot; and &quot;<strong>Fast Startup</strong>&quot; and which make Windows boot more quickly. This feature is enabled by default and it has side effects on VeraCrypt volumes usage. It is advised to disable this
feature (e.g. this <a href="https://www.maketecheasier.com/disable-hybrid-boot-and-shutdown-in-windows-8/" target="_blank">
link </a>explains how to disable it in Windows 8 and this <a href="https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html" target="_blank">link</a> gives equivalent instructions for Windows 10). Some examples of issues:
<ul>
<li>after a shutdown and a restart, mounted volume will continue to be mounted without typing the password: this due to the fact the new Windows 8 shutdown is not a real shutdown but a disguised hibernate/sleep.
</li>
<li>when using system encryption and when there are System Favorites configured to be mounted at boot time: after shutdown and restart, these system favorites will not be mounted.
</li>
</ul>
</li>
-<li>Windows system Repair/Recovery Disk can't be created when a VeraCrypt volume is mounted as a fixed disk (which is the default). To solve this, either dismount all volumes or mount volumes are removable media.
+<li>Windows system Repair/Recovery Disk can't be created when a VeraCrypt volume is mounted as a fixed disk (which is the default). To solve this, either unmount all volumes or mount volumes are removable media.
</li><li>Further limitations are listed in the section <a href="Security%20Model.html">
<em>Security Model</em></a>. </li></ul>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Main Program Window.html b/doc/html/Main Program Window.html
index 30ee175b..c232633f 100644
--- a/doc/html/Main Program Window.html
+++ b/doc/html/Main Program Window.html
@@ -28,83 +28,83 @@
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Main%20Program%20Window.html">Main Program Window</a>
</p></div>
<div class="wikidoc">
<h1>Main Program Window</h1>
<h3>Select File</h3>
<p>Allows you to select a file-hosted VeraCrypt volume. After you select it, you can perform various operations on it (e.g., mount it by clicking &lsquo;Mount&rsquo;). It is also possible to select a volume by dragging its icon to the &lsquo;VeraCrypt.exe&rsquo;
icon (VeraCrypt will be automatically launched then) or to the main program window.</p>
<h3>Select Device</h3>
<p>Allows you to select a VeraCrypt partition or a storage device (such as a USB memory stick). After it is selected, you can perform various operations with it (e.g., mount it by clicking &lsquo;Mount&rsquo;).<br>
<br>
Note: There is a more comfortable way of mounting VeraCrypt partitions/devices &ndash; see the section
<em>Auto-Mount Devices</em> for more information.</p>
<h3>Mount</h3>
<p>After you click &lsquo;Mount&rsquo;, VeraCrypt will try to mount the selected volume using cached passwords (if there are any) and if none of them works, it prompts you for a password. If you enter the correct password (and/or provide correct keyfiles),
the volume will be mounted.</p>
-<p>Important: Note that when you exit the VeraCrypt application, the VeraCrypt driver continues working and no VeraCrypt volume is dismounted.</p>
+<p>Important: Note that when you exit the VeraCrypt application, the VeraCrypt driver continues working and no VeraCrypt volume is unmounted.</p>
<h3 id="AutoMountDevices">Auto-Mount Devices</h3>
<p>This function allows you to mount VeraCrypt partitions/devices without having to select them manually (by clicking &lsquo;Select Device&rsquo;). VeraCrypt scans headers of all available partitions/devices on your system (except DVD drives and similar devices)
one by one and tries to mount each of them as a VeraCrypt volume. Note that a VeraCrypt partition/device cannot be identified, nor the cipher it has been encrypted with. Therefore, the program cannot directly &ldquo;find&rdquo; VeraCrypt partitions. Instead,
it has to try mounting each (even unencrypted) partition/device using all encryption algorithms and all cached passwords (if there are any). Therefore, be prepared that this process may take a long time on slow computers.<br>
<br>
If the password you enter is wrong, mounting is attempted using cached passwords (if there are any). If you enter an empty password and if
<em>Use keyfiles</em> is unchecked, only the cached passwords will be used when attempting to auto-mount partitions/devices. If you do not need to set mount options, you can bypass the password prompt by holding down the
<em>Shift</em> key when clicking <em>Auto- Mount Devices</em> (only cached passwords will be used, if there are any).<br>
<br>
Drive letters will be assigned starting from the one that is selected in the drive list in the main window.</p>
-<h3>Dismount</h3>
-<p>This function allows you to dismount the VeraCrypt volume selected in the drive list in the main window. To dismount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume.</p>
-<h3>Dismount All</h3>
+<h3>Unmount</h3>
+<p>This function allows you to unmount the VeraCrypt volume selected in the drive list in the main window. To unmount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume.</p>
+<h3>Unmount All</h3>
<p>Note: The information in this section applies to all menu items and buttons with the same or similar caption (for example, it also applies to the system tray menu item
-<em>Dismount All</em>).<br>
+<em>Unmount All</em>).<br>
<br>
-This function allows you to dismount multiple VeraCrypt volumes. To dismount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume. This function dismounts all mounted VeraCrypt volumes except the following:</p>
+This function allows you to unmount multiple VeraCrypt volumes. To unmount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume. This function unmounts all mounted VeraCrypt volumes except the following:</p>
<ul>
<li>Partitions/drives within the key scope of active system encryption (e.g., a system partition encrypted by VeraCrypt, or a non-system partition located on a system drive encrypted by VeraCrypt, mounted when the encrypted operating system is running).
</li><li>VeraCrypt volumes that are not fully accessible to the user account (e.g. a volume mounted from within another user account).
-</li><li>VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be dismounted by an instance of VeraCrypt without administrator privileges when the option '<em>Allow only administrators to
- view and dismount system favorite volumes in VeraCrypt</em>' is enabled. </li></ul>
+</li><li>VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be unmounted by an instance of VeraCrypt without administrator privileges when the option '<em>Allow only administrators to
+ view and unmount system favorite volumes in VeraCrypt</em>' is enabled. </li></ul>
<h3>Wipe Cache</h3>
<p>Clears all passwords (which may also contain processed keyfile contents) cached in driver memory. When there are no passwords in the cache, this button is disabled. For information on password cache, see the section
<a href="Mounting%20VeraCrypt%20Volumes.html">
<em>Cache Password in Driver Memory</em></a>.</p>
<h3>Never Save History</h3>
<p>If this option disabled, the file names and/or paths of the last twenty files/devices that were attempted to be mounted as VeraCrypt volumes will be saved in the History file (whose content can be displayed by clicking on the Volume combo-box in the main
window).<br>
<br>
When this option is enabled, VeraCrypt clears the registry entries created by the Windows file selector for VeraCrypt, and sets the &ldquo;current directory&rdquo; to the user&rsquo;s home directory (in portable mode, to the directory from which VeraCrypt was
launched) whenever a container or keyfile is selected via the Windows file selector. Therefore, the Windows file selector will not remember the path of the last mounted container (or the last selected keyfile). However, note that the operations described in
this paragraph are <em>not</em> guaranteed to be performed reliably and securely (see e.g.
<a href="Security%20Requirements%20and%20Precautions.html">
<em>Security Requirements and Precautions</em></a>) so we strongly recommend that you encrypt the system partition/drive instead of relying on them (see
<a href="System%20Encryption.html"><em>System Encryption</em></a>).<br>
<br>
Furthermore, if this option is enabled, the volume path input field in the main VeraCrypt window is cleared whenever you hide VeraCrypt.<br>
<br>
Note: You can clear the volume history by selecting <em>Tools</em> -&gt; <em>Clear Volume History</em>.</p>
<h3>Exit</h3>
-<p>Terminates the VeraCrypt application. The driver continues working and no VeraCrypt volumes are dismounted. When running in &lsquo;portable&rsquo; mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application
- and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, if you force dismount on a</p>
+<p>Terminates the VeraCrypt application. The driver continues working and no VeraCrypt volumes are unmounted. When running in &lsquo;portable&rsquo; mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application
+ and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, if you force unmount on a</p>
<p>VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may
<em>not</em> be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are
- applications using the dismounted volume).</p>
+ applications using the unmounted volume).</p>
<h3>Volume Tools</h3>
<h4>Change Volume Password</h4>
<p>See the section <a href="Program%20Menu.html">
<em>Volumes -&gt; Change Volume Password</em></a>.</p>
<h4>Set Header Key Derivation Algorithm</h4>
<p>See the section <a href="Program%20Menu.html">
<em>Volumes -&gt; Set Header Key Derivation Algorithm</em></a>.</p>
<h4>Backup Volume Header</h4>
<p>See the section <a href="Program%20Menu.html#tools-backup-volume-header">
<em>Tools -&gt; Backup Volume Header</em></a>.</p>
<h4>Restore Volume Header</h4>
<p>See the section <a href="Program%20Menu.html#tools-restore-volume-header">
<em>Tools -&gt; Restore Volume Header</em></a>.</p>
<p>&nbsp;</p>
<p><a href="Program%20Menu.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Multi-User Environment.html b/doc/html/Multi-User Environment.html
index 99456293..94c0f5e0 100644
--- a/doc/html/Multi-User Environment.html
+++ b/doc/html/Multi-User Environment.html
@@ -29,27 +29,27 @@
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Multi-User%20Environment.html">Multi-User Environment</a>
</p></div>
<div class="wikidoc">
<div>
<h1>Multi-User Environment</h1>
<p>Keep in mind, that the content of a mounted VeraCrypt volume is visible (accessible) to all logged on users. NTFS file/folder permissions can be set to prevent this, unless the volume is mounted as removable medium (see section
<a href="Removable%20Medium%20Volume.html">
<em>Volume Mounted as Removable Medium</em></a>) under a desktop edition of Windows Vista or later (sectors of a volume mounted as removable medium may be accessible at the volume level to users without administrator privileges, regardless of whether it is
accessible to them at the file-system level).<br>
<br>
Moreover, on Windows, the password cache is shared by all logged on users (for more information, please see the section
<em>Settings -&gt; Preferences</em>, subsection <em>Cache passwords in driver memory</em>).<br>
<br>
Also note that switching users in Windows XP or later (<em>Fast User Switching</em> functionality) does
-<em>not</em> dismount a successfully mounted VeraCrypt volume (unlike system restart, which dismounts all mounted VeraCrypt volumes).<br>
+<em>not</em> unmount a successfully mounted VeraCrypt volume (unlike system restart, which unmounts all mounted VeraCrypt volumes).<br>
<br>
On Windows 2000, the container file permissions are ignored when a file-hosted VeraCrypt volume is to be mounted. On all supported versions of Windows, users without administrator privileges can mount any partition/device-hosted VeraCrypt volume (provided that
- they supply the correct password and/or keyfiles). A user without administrator privileges can dismount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default)
-<em>Settings</em> &gt; &lsquo;<em>System Favorite Volumes</em>&rsquo; &gt; &lsquo;<em>Allow only administrators to view and dismount system favorite volumes in VeraCrypt</em>&rsquo;.</p>
+ they supply the correct password and/or keyfiles). A user without administrator privileges can unmount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default)
+<em>Settings</em> &gt; &lsquo;<em>System Favorite Volumes</em>&rsquo; &gt; &lsquo;<em>Allow only administrators to view and unmount system favorite volumes in VeraCrypt</em>&rsquo;.</p>
</div>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Normal Dismount vs Force Dismount.html b/doc/html/Normal Unmount vs Force Unmount.html
index 4ebd52c8..72da246b 100644
--- a/doc/html/Normal Dismount vs Force Dismount.html
+++ b/doc/html/Normal Unmount vs Force Unmount.html
@@ -12,66 +12,66 @@
<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="/code/">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
-<a href="Normal%20Dismount%20vs%20Force%20Dismount.html">Normal Dismount vs Force Dismount</a>
+<a href="Normal%20Unmount%20vs%20Force%20Unmount.html">Normal Unmount vs Force Unmount</a>
</p></div>
<div class="wikidoc">
-<h1>Normal Dismount vs Force Dismount</h1>
-<p>Understanding the distinction between "Normal Dismount" and "Force Dismount" operation is important due to the potential impact on user data.</p>
+<h1>Normal Unmount vs Force Unmount</h1>
+<p>Understanding the distinction between "Normal Unmount" and "Force Unmount" operation is important due to the potential impact on user data.</p>
-<h2>Normal Dismount Process</h2>
+<h2>Normal Unmount Process</h2>
-<p>During a normal dismount process, VeraCrypt performs the following steps:</p>
+<p>During a normal unmount process, VeraCrypt performs the following steps:</p>
<ol>
<li>Requests the Windows operating system to lock the volume, prohibiting further I/O operations.</li>
<li>Requests Windows to gracefully eject the volume from the system. This step is analogous to user-initiated device ejection via the system tray.</li>
<li>Instructs the Windows Mount Manager to unmount the volume.</li>
<li>Deletes the link between the drive letter and the volume's virtual device.</li>
<li>Deletes the volume's virtual device, which includes erasing the encryption keys from RAM.</li>
</ol>
<p>In this flow, steps 1 and 2 may fail if there are open files on the volume. Notably, even if all user applications accessing files on the volume are closed, Windows might still keep the files open until the I/O cache is completely flushed.</p>
-<h2>Force Dismount Process</h2>
+<h2>Force Unmount Process</h2>
-<p>The Force Dismount process is distinct but largely similar to the Normal Dismount. It essentially follows the same steps but disregards any failures that might occur during steps 1 and 2, and carries on with the rest of the procedure. However, if there are files open by the user or if the volume I/O cache has not yet been flushed, this could result in potential data loss. This situation parallels forcibly removing a USB device from your computer while Windows is still indicating its active usage.</p>
+<p>The Force Unmount process is distinct but largely similar to the Normal Unmount. It essentially follows the same steps but disregards any failures that might occur during steps 1 and 2, and carries on with the rest of the procedure. However, if there are files open by the user or if the volume I/O cache has not yet been flushed, this could result in potential data loss. This situation parallels forcibly removing a USB device from your computer while Windows is still indicating its active usage.</p>
-<p>Provided all applications using files on the mounted volume have been successfully closed and the I/O cache is fully flushed, neither data loss nor data/filesystem corruption should occur when executing a 'force dismount'. As in a normal dismount, the encryption keys are erased from RAM upon successful completion of a 'Force Dismount'.</p>
+<p>Provided all applications using files on the mounted volume have been successfully closed and the I/O cache is fully flushed, neither data loss nor data/filesystem corruption should occur when executing a 'force unmount'. As in a normal unmount, the encryption keys are erased from RAM upon successful completion of a 'Force Unmount'.</p>
-<h2>How to Trigger Force Dismount</h2>
+<h2>How to Trigger Force Unmount</h2>
-<p>There are three approaches to trigger a force dismount in VeraCrypt:</p>
+<p>There are three approaches to trigger a force unmount in VeraCrypt:</p>
<ol>
- <li>Through the popup window that appears if a normal dismount attempt is unsuccessful.</li>
- <li>Via Preferences, by checking the "force auto-dismount" option in the "Auto-Dismount" section.</li>
- <li>Using the command line, by incorporating the /force or /f switch along with the /d or /dismount switch.</li>
+ <li>Through the popup window that appears if a normal unmount attempt is unsuccessful.</li>
+ <li>Via Preferences, by checking the "force auto-unmount" option in the "Auto-Unmount" section.</li>
+ <li>Using the command line, by incorporating the /force or /f switch along with the /d or /unmount switch.</li>
</ol>
-<p>In order to avoid inadvertent data loss or corruption, always ensure to follow suitable precautions when dismounting a VeraCrypt volume. This includes</p>
+<p>In order to avoid inadvertent data loss or corruption, always ensure to follow suitable precautions when unmounting a VeraCrypt volume. This includes</p>
<ol>
- <li>Ensuring all files on the volume are closed before initiating a dismount.</li>
+ <li>Ensuring all files on the volume are closed before initiating a unmount.</li>
<li>Allowing some time after closing all files to ensure Windows has completely flushed the I/O cache.</li>
- <li>Take note that some antivirus software may keep file handles open on the volume after performing a scan, hindering a successful Normal Dismount. If you experience this issue, you might consider excluding the VeraCrypt volume from your antivirus scans. Alternatively, consult with your antivirus software provider to understand how their product interacts with VeraCrypt volumes and how to ensure it doesn't retain open file handles.</li>
+ <li>Take note that some antivirus software may keep file handles open on the volume after performing a scan, hindering a successful Normal Unmount. If you experience this issue, you might consider excluding the VeraCrypt volume from your antivirus scans. Alternatively, consult with your antivirus software provider to understand how their product interacts with VeraCrypt volumes and how to ensure it doesn't retain open file handles.</li>
</ol>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Portable Mode.html b/doc/html/Portable Mode.html
index b26cb35b..006c7d0f 100644
--- a/doc/html/Portable Mode.html
+++ b/doc/html/Portable Mode.html
@@ -47,41 +47,41 @@ Note: No matter what kind of software you use, as regards personal privacy in mo
<em>not</em> safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys.</td>
</tr>
</tbody>
</table>
</li><li>After examining the registry file, it may be possible to tell that VeraCrypt was run (and that a VeraCrypt volume was mounted) on a Windows system even if it had been run in portable mode.
</li></ol>
<p><strong>Note</strong>: If that is a problem, see <a href="FAQ.html#notraces" target="_blank.html">
this question</a> in the FAQ for a possible solution.<br>
<br>
There are two ways to run VeraCrypt in portable mode:</p>
<ol>
<li>After you extract files from the VeraCrypt self-extracting package, you can directly run
<em>VeraCrypt.exe</em>.<br>
<br>
Note: To extract files from the VeraCrypt self-extracting package, run it, and then select
<em>Extract</em> (instead of <em>Install</em>) on the second page of the VeraCrypt Setup wizard.
</li><li>You can use the <em>Traveler Disk Setup</em> facility to prepare a special traveler disk and launch VeraCrypt from there.
</li></ol>
<p>The second option has several advantages, which are described in the following sections in this chapter.</p>
<p>Note: When running in &lsquo;portable&rsquo; mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However,
- if you force dismount on a VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may
+ if you force unmount on a VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may
<em>not</em> be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are
- applications using the dismounted volume).</p>
+ applications using the unmounted volume).</p>
<h3>Tools -&gt; Traveler Disk Setup</h3>
<p>You can use this facility to prepare a special traveler disk and launch VeraCrypt from there. Note that VeraCrypt &lsquo;traveler disk&rsquo; is
<em>not</em> a VeraCrypt volume but an <em>unencrypted</em> volume. A &lsquo;traveler disk&rsquo; contains VeraCrypt executable files and optionally the &lsquo;autorun.inf&rsquo; script (see the section
<em>AutoRun Configuration</em> below). After you select <em>Tools -&gt; Traveler Disk Setup</em>, the
<em>Traveler Disk Setup</em> dialog box should appear. Some of the parameters that can be set within the dialog deserve further explanation:</p>
<h4>Include VeraCrypt Volume Creation Wizard</h4>
<p>Check this option, if you need to create new VeraCrypt volumes using VeraCrypt run from the traveler disk you will create. Unchecking this option saves space on the traveler disk.</p>
<h4>AutoRun Configuration (autorun.inf)</h4>
<p>In this section, you can configure the &lsquo;traveler disk&rsquo; to automatically start VeraCrypt or mount a specified VeraCrypt volume when the &lsquo;traveler disk&rsquo; is inserted. This is accomplished by creating a special script file called &lsquo;<em>autorun.inf</em>&rsquo;
on the traveler disk. This file is automatically executed by the operating system each time the &lsquo;traveler disk&rsquo; is inserted.<br>
<br>
Note, however, that this feature only works for removable storage devices such as CD/DVD (Windows XP SP2, Windows Vista, or a later version of Windows is required for this feature to work on USB memory sticks) and only when it is enabled in the operating system.
Depending on the operating system configuration, these auto-run and auto-mount features may work only when the traveler disk files are created on a non-writable CD/DVD-like medium (which is not a bug in VeraCrypt but a limitation of Windows).<br>
<br>
Also note that the &lsquo;<em>autorun.inf</em>&rsquo; file must be in the root directory (i.e., for example
<em>G:\</em>, <em>X:\</em>, or <em>Y:\</em> etc.) of an <strong>unencrypted </strong>
disk in order for this feature to work.</p>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Program Menu.html b/doc/html/Program Menu.html
index c7ea0534..cbc52b84 100644
--- a/doc/html/Program Menu.html
+++ b/doc/html/Program Menu.html
@@ -24,43 +24,43 @@
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Main%20Program%20Window.html">Main Program Window</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Program%20Menu.html">Program Menu</a>
</p></div>
<div class="wikidoc">
<h2>Program Menu</h2>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<p>Note: To save space, only the menu items that are not self-explanatory are described in this documentation.</p>
<h3>Volumes -&gt; Auto-Mount All Device-Hosted Volumes</h3>
<p>See the section <a href="Main%20Program%20Window.html">
<em>Auto-Mount Devices.</em></a></p>
-<h3>Volumes -&gt; Dismount All Mounted Volumes</h3>
+<h3>Volumes -&gt; Unmount All Mounted Volumes</h3>
<p>See the section <a href="Main%20Program%20Window.html">
-<em>Dismount All.</em></a></p>
+<em>Unmount All.</em></a></p>
<h3>Volumes -&gt; Change Volume Password</h3>
<p>Allows changing the password of the currently selected VeraCrypt volume (no matter whether the volume is hidden or standard). Only the header key and the secondary header key (XTS mode) are changed &ndash; the master key remains unchanged. This function
re-encrypts the volume header using<br>
<br>
a header encryption key derived from a new password. Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will
<em>not</em> be lost after you use this function (password change will only take a few seconds).<br>
<br>
To change a VeraCrypt volume password, click on <em>Select File</em> or <em>Select Device</em>, then select the volume, and from the
<em>Volumes</em> menu select <em>Change Volume Password</em>.<br>
<br>
Note: For information on how to change a password used for pre-boot authentication, please see the section
<em>System -&gt; Change Password</em>.<br>
<br>
See also the chapter <a href="Security%20Requirements%20and%20Precautions.html">
<em>Security Requirements and Precautions</em></a>.</p>
<div style="margin-left:50px">
<h4>PKCS-5 PRF</h4>
<p>In this field you can select the algorithm that will be used in deriving new volume header keys (for more information, see the section
<a href="Header%20Key%20Derivation.html">
<em>Header Key Derivation, Salt, and Iteration Count</em></a>) and in generating the new salt (for more information, see the section
@@ -169,37 +169,37 @@ Disable this option if you experience stability issues (like volume access issue
<p>When checked, passwords and/or processed keyfile contents for up to last four successfully mounted VeraCrypt volumes are cached. If the 'Include PIM when caching a password' option is enabled in the Preferences, non-default PIM values are cached alongside the passwords. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. VeraCrypt never saves
any password or PIM values to a disk (however, see the chapter <a href="Security%20Requirements%20and%20Precautions.html">
<em>Security Requirements and Precautions</em></a>). Password caching can be enabled/disabled in the Preferences (<em>Settings</em> -&gt;
<em>Preferences</em>) and in the password prompt window. If the system partition/drive is encrypted, caching of the pre-boot authentication password can be enabled or disabled in the system encryption settings (<em>Settings</em> &gt; &lsquo;<em>System Encryption</em>&rsquo;).</p>
<h4>Temporary Cache password during &quot;Mount Favorite Volumes&quot; operations</h4>
<p>When this option is unchecked (this is the default), VeraCrypt will display the password prompt window for every favorite volume during the execution of the &quot;Mount Favorite Volumes&quot; operation and each password is erased once the volume is mounted (unless
password caching is enabled).<br>
<br>
If this option is checked and if there are two or more favorite volumes, then during the operation &quot;Mount Favorite Volumes&quot;, VeraCrypt will first try the password of the previous favorite and if it doesn't work, it will display password prompt window. This
logic applies starting from the second favorite volume onwards. Once all favorite volumes are processed, the password is erased from memory.</p>
<p>This option is useful when favorite volumes share the same password since the password prompt window will only be displayed once for the first favorite and VeraCrypt will automatically mount all subsequent favorites.</p>
<p>Please note that since we can't assume that all favorites use the same PRF (hash) nor the same TrueCrypt mode, VeraCrypt uses Autodetection for the PRF of subsequent favorite volumes and it tries both TrueCryptMode values (false, true) which means that the
total mounting time will be slower compared to the individual mounting of each volume with the manual selection of the correct PRF and the correct TrueCryptMode.</p>
<h4>Open Explorer window for successfully mounted volume</h4>
<p>If this option is checked, then after a VeraCrypt volume has been successfully mounted, an Explorer window showing the root directory of the volume (e.g., T:\) will be automatically opened.</p>
<h4>Use a different taskbar icon when there are mounted volumes</h4>
<p>If enabled, the appearance of the VeraCrypt taskbar icon (shown within the system tray notification area) is different while a VeraCrypt volume is mounted, except the following:</p>
<ul>
<li>Partitions/drives within the key scope of active system encryption (e.g., a system partition encrypted by VeraCrypt, or a non-system partition located on a system drive encrypted by VeraCrypt, mounted when the encrypted operating system is running).
</li><li>VeraCrypt volumes that are not fully accessible to the user account (e.g. a volume mounted from within another user account).
-</li><li>VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be dismounted by an instance of VeraCrypt without administrator privileges when the option '<em>Allow only administrators to
- view and dismount system favorite volumes in VeraCrypt</em>' is enabled. </li></ul>
+</li><li>VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be unmounted by an instance of VeraCrypt without administrator privileges when the option '<em>Allow only administrators to
+ view and unmount system favorite volumes in VeraCrypt</em>' is enabled. </li></ul>
<h4>VeraCrypt Background Task &ndash; Enabled</h4>
<p>See the chapter <a href="VeraCrypt%20Background%20Task.html">
<em>VeraCrypt Background Task</em></a>.</p>
<h4>VeraCrypt Background Task &ndash; Exit when there are no mounted volumes</h4>
<p>If this option is checked, the VeraCrypt background task automatically and silently exits as soon as there are no mounted VeraCrypt volumes. For more information, see the chapter
<a href="VeraCrypt%20Background%20Task.html">
<em>VeraCrypt Background Task</em></a>. Note that this option cannot be disabled when VeraCrypt runs in portable mode.</p>
-<h4>Auto-dismount volume after no data has been read/written to it for</h4>
-<p>After no data has been written/read to/from a VeraCrypt volume for <em>n</em> minutes, the volume is automatically dismounted.</p>
-<h4>Force auto-dismount even if volume contains open files or directories</h4>
-<p>This option applies only to auto-dismount (not to regular dismount). It forces dismount (without prompting) on the volume being auto-dismounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).</p>
+<h4>Auto-unmount volume after no data has been read/written to it for</h4>
+<p>After no data has been written/read to/from a VeraCrypt volume for <em>n</em> minutes, the volume is automatically unmounted.</p>
+<h4>Force auto-unmount even if volume contains open files or directories</h4>
+<p>This option applies only to auto-unmount (not to regular unmount). It forces unmount (without prompting) on the volume being auto-unmounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).</p>
<p>&nbsp;</p>
<p><a href="Mounting%20VeraCrypt%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p>
</div>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Protection of Hidden Volumes.html b/doc/html/Protection of Hidden Volumes.html
index 3e3e5890..ce320d21 100644
--- a/doc/html/Protection of Hidden Volumes.html
+++ b/doc/html/Protection of Hidden Volumes.html
@@ -44,80 +44,80 @@ hidden volume</a>, you may <em style="text-align:left">read</em> data stored on
<em style="text-align:left">save</em> data to the outer volume, there is a risk that the hidden volume will get damaged (overwritten). To prevent this, you should protect the hidden volume in a way described in this section.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
When mounting an outer volume, type in its password and before clicking <em style="text-align:left">
OK, </em>click <em style="text-align:left">Mount Options</em>:</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<img src="Protection of Hidden Volumes_Image_027.jpg" alt="VeraCrypt GUI"></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
&nbsp;</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
In the <em style="text-align:left">Mount Options </em>dialog window, enable the option '<em style="text-align:left">Protect hidden volume against damage caused by writing to outer volume</em> '. In the '<em style="text-align:left">Password to hidden volume</em>'
input field, type the password for the hidden volume. Click <em style="text-align:left">
OK </em>and, in the main password entry dialog, click <em style="text-align:left">
OK</em>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<img src="Protection of Hidden Volumes_Image_028.jpg" alt="Mounting with hidden protection"></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<br style="text-align:left">
Both passwords must be correct; otherwise, the outer volume will not be mounted. When hidden volume protection is enabled, VeraCrypt does
<em style="text-align:left">not</em> actually mount the hidden volume. It only decrypts its header (in RAM) and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save
- data to the area of the hidden volume will be rejected (until the outer volume is dismounted).
-<strong style="text-align:left">Note that VeraCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When
+ data to the area of the hidden volume will be rejected (until the outer volume is unmounted).
+<strong style="text-align:left">Note that VeraCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is unmounted, the protection is lost. When
the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each
time they mount the outer volume). <br style="text-align:left">
</strong><br style="text-align:left">
-As soon as a write operation to the hidden volume area is denied/prevented (to protect the hidden volume), the entire host volume (both the outer and the hidden volume) becomes write-protected until dismounted (the VeraCrypt driver reports the 'invalid parameter'
+As soon as a write operation to the hidden volume area is denied/prevented (to protect the hidden volume), the entire host volume (both the outer and the hidden volume) becomes write-protected until unmounted (the VeraCrypt driver reports the 'invalid parameter'
error to the system upon each attempt to write data to the volume). This preserves plausible deniability (otherwise certain kinds of inconsistency within the file system could indicate that this volume has used hidden volume protection). When damage to hidden
volume is prevented, a warning is displayed (provided that the VeraCrypt Background Task is enabled &ndash; see the chapter
<a href="VeraCrypt%20Background%20Task.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
VeraCrypt Background Task</a>). Furthermore, the type of the mounted outer volume displayed in the main window changes to '<em style="text-align:left">Outer(!)</em> ':</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<img src="Protection of Hidden Volumes_Image_029.jpg" alt="VeraCrypt GUI"></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<br style="text-align:left">
Moreover, the field <em style="text-align:left">Hidden Volume Protected </em>in the
<em style="text-align:left">Volume Properties </em>dialog window says:<br style="text-align:left">
'<em style="text-align:left">Yes (damage prevented!)</em>'<em style="text-align:left">.</em><br style="text-align:left">
<br style="text-align:left">
Note that when damage to hidden volume is prevented, <em style="text-align:left">
-no</em> information about the event is written to the volume. When the outer volume is dismounted and mounted again, the volume properties will
+no</em> information about the event is written to the volume. When the outer volume is unmounted and mounted again, the volume properties will
<em style="text-align:left">not </em>display the string &quot;<em style="text-align:left">damage prevented</em>&quot;.<em style="text-align:left"><br style="text-align:left">
</em></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
There are several ways to check that a hidden volume is being protected against damage:</div>
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A confirmation message box saying that hidden volume is being protected is displayed after the outer volume is mounted (if it is not displayed, the hidden volume is not protected!).
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
In the <em style="text-align:left">Volume Properties </em>dialog, the field <em style="text-align:left">
Hidden Volume Protected </em>says '<em style="text-align:left">Yes</em>': </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
The type of the mounted outer volume is <em style="text-align:left">Outer</em>: </li></ol>
<p><img src="Protection of Hidden Volumes_Image_030.jpg" alt="VeraCrypt GUI"></p>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left"><br style="text-align:left">
<strong style="text-align:left">Important: You are the only person who can mount your outer volume with the hidden volume protection enabled (since nobody else knows your hidden volume password). When an adversary asks you to mount an outer volume, you of course
must </strong></em><strong style="text-align:left">not</strong><em style="text-align:left"><strong style="text-align:left"> mount it with the hidden volume protection enabled. You must mount it as a normal volume (and then VeraCrypt will not show the volume
type &quot;Outer&quot; but &quot;Normal&quot;). The reason is that, during the time when an outer volume is mounted with the hidden volume protection enabled, the adversary
-</strong></em><strong style="text-align:left">can</strong><em style="text-align:left"><strong style="text-align:left"> find out that a hidden volume exists within the outer volume (he/she will be able to find it out until the volume is dismounted and possibly
+</strong></em><strong style="text-align:left">can</strong><em style="text-align:left"><strong style="text-align:left"> find out that a hidden volume exists within the outer volume (he/she will be able to find it out until the volume is unmounted and possibly
even some time after the computer has been powered off - see <a href="Unencrypted%20Data%20in%20RAM.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Unencrypted Data in RAM</a>).</strong></em> <br style="text-align:left">
<br style="text-align:left">
<br style="text-align:left">
<br style="text-align:left">
<em style="text-align:left">Warning</em>: Note that the option '<em style="text-align:left">Protect hidden volume against damage caused by writing to outer volume</em>' in the
<em style="text-align:left">Mount Options </em>dialog window is automatically disabled after a mount attempt is completed, no matter whether it is successful or not (all hidden volumes that are already being protected will, of course, continue to be protected).
Therefore, you need to check that option <em style="text-align:left">each </em>time you attempt to mount the outer volume (if you wish the hidden volume to be protected):<br style="text-align:left">
<br style="text-align:left">
<img src="Protection of Hidden Volumes_Image_031.jpg" alt="VeraCrypt GUI"></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
If you want to mount an outer volume and protect a hidden volume within using cached passwords, then follow these steps: Hold down the
<em style="text-align:left">Control </em>(<em style="text-align:left">Ctrl</em>) key when clicking
<em style="text-align:left">Mount </em>(or select <em style="text-align:left">Mount with Options
</em>from the <em style="text-align:left">Volumes </em>menu). This will open the <em style="text-align:left">
Mount Options </em>dialog. Enable the option '<em style="text-align:left">Protect hidden volume against damage caused by writing to outer volume</em>' and leave the password box empty. Then click
<em style="text-align:left">OK</em>.</div>
<p>If you need to mount an outer volume and you know that you will not need to save any data to it, then the most comfortable way of protecting the hidden volume against damage is mounting the outer volume as read-only (see the section
<a href="Mounting%20VeraCrypt%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
diff --git a/doc/html/Release Notes.html b/doc/html/Release Notes.html
index dfca8b81..a35d2f3d 100644
--- a/doc/html/Release Notes.html
+++ b/doc/html/Release Notes.html
@@ -23,45 +23,64 @@
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Release%20Notes.html">Version History</a>
</p></div>
<div class="wikidoc">
<h1>Release Notes</h1>
<p>
<strong>Note to users who created volumes with 1.17 version of VeraCrypt or earlier: </strong><br/>
<span style="color:#ff0000;">To avoid hinting whether your volumes contain a hidden volume or not, or if you depend on plausible deniability when using hidden volumes/OS, then you must recreate both the outer and hidden volumes including system encryption and hidden OS, discarding existing volumes created prior to 1.18a version of VeraCrypt.</span></li>
</p>
-<p><strong style="text-align:left">1.26.19</strong> (January 22<sup>nd</sup>, 2025):</p>
+<p><strong style="text-align:left">1.26.20</strong> (February 3<sup>rd</sup>, 2025):</p>
<ul>
+<li><strong>All OSes:</strong>
+ <ul>
+ <li>Implement SHA-256 acceleration on ARM64 platforms using CPU instructions.</li>
+ <li>Update translations.</li>
+ <li>Replace "Dismount" with "Unmount" across the UI and documentation to align with IT standards.</li>
+ </ul>
+</li>
+<li><strong>Windows:</strong>
+ <ul>
+ <li>Fix regression in driver that always allowed defragmentation and caused other side effects.</li>
+ <li>Revert to the previous method of gathering system entropy due to stability issues reported by users.</li>
+ </ul>
+</li>
+<li><strong>Linux:</strong>
+ <ul>
+ <li>Fix a regression in Linux Mint affecting administrator password authentication (GH #1473).</li>
+ </ul>
+</li>
<li><strong>macOS:</strong>
<ul>
-<li>Fix regression that blocked dismounting of volumes. (GH #1467)</li>
+<li>Fix a regression that prevented volume unmounting (GH #1467).</li>
+<li>Resolve a wxWidgets 3.2.6 assertion error related to the undefined switch <code>use-dummy-sudo-password</code> (GH #1470).</li>
</ul>
</li>
</ul>
<p><strong style="text-align:left">1.26.18</strong> (January 20<sup>th</sup>, 2025):</p>
<ul>
<li><strong>All OSes:</strong>
<ul>
<li>Added support for SHA-256 x86 intrinsic to enhance the performance of PBKDF2-HMAC-SHA256.</li>
<li>Added support for AES hardware on ARM64 platforms (e.g. Windows ARM64, macOS on Apple Silicon Mx).</li>
<li>Updated translations</li>
</ul>
</li>
<li><strong>Windows:</strong>
<ul>
<li>Dropped support for Windows 32-bit.</li>
<li>Set Windows 10 October 2018 Update (version 1809) as the minimum supported version.</li>
<li>Reduce driver deadlock occurences under low-memory scenarios caused by re-entrant IRP completions.</li>
<li>Fixed failed EFI detection on some PCs where the BootOrder variable is not defined (proposed by @kriegste, GH #360).</li>
<li>Fixed "Access Denied" error when updating VeraCrypt using EXE setup following a Windows upgrade.</li>
@@ -232,41 +251,41 @@
<li>Enhancements to dependency dlls safe loading, including delay loading.</li>
<li>Remove recommendation of keyfiles files extensions and update documentation to mention risks of third-party file extensions.</li>
<li>Add support for more language in the setup installer</li>
<li>Update LZMA library to version 23.01</li>
<li>Update libzip to version 1.10.1 and zlib to version 1.3</li>
</ul>
</li>
<li><strong>Linux:</strong>
<ul>
<li>Fix bug in Random generator on Linux when used with Blake2s that was triggering a self test failure.</li>
<li>Modify Random Generator on Linux to exactly match official documentation and the Windows implementation.</li>
<li>Fix compatibility issues with Ubuntu 23.04.</li>
<li>Fix assert messages displayed when using wxWidgets 3.1.6 and newer.</li>
<li>Fix issues launching fsck on Linux.</li>
<li>Fix privilege escalation prompts being ignored.</li>
<li>Fix wrong size for hidden volume when selecting the option to use all free space.</li>
<li>Fix failure to create hidden volume on a disk using CLI caused by wrong maximum size detection.</li>
<li>Fix various issues when running in Text mode:
<ul>
<li>Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.</li>
-<li>Fix wrong dismount message displayed when mounting a volume.</li>
+<li>Fix wrong unmount message displayed when mounting a volume.</li>
<li>Hide PIM during entry and re-ask PIM when user entered a wrong value.</li>
<li>Fix printing error when checking free space during volume creation in path doesn't exist.</li>
</ul>
</li>
<li>Use wxWidgets 3.2.2.1 for static builds (e.g. console only version)</li>
<li>Fix compatibility of generic installers with old Linux distros</li>
<li>Update help message to indicate that when cascading algorithms they must be separated by dash</li>
<li>Better compatibility with building under Alpine Linux and musl libc</li>
</ul>
</li>
<li><strong>macOS:</strong>
<ul>
<li>Fix issue of VeraCrypt window becoming unusable in use cases involving multiple monitors and change in resolution.</li>
</ul>
</li>
</ul>
<p><strong style="text-align:left">1.25.9</strong> (February 19<sup>th</sup>, 2022):</p>
<ul>
<li><strong>All OSes:</strong>
@@ -480,41 +499,41 @@
<li><strong>Windows:</strong>
<ul>
<li>Optimize performance for CPUs that have more than 64 logical processors (contributed by Sachin Keswani from AMD)</li>
<li>Support specifying keyfiles (both in tokens and in filesystem) when creating file containers using command line (switches /keyfile, /tokenlib and /tokenpin supported in VeraCrypt Format)</li>
<li>Fix leak of keyfiles path and name after VeraCrypt process exits.</li>
<li>Add CLI switch /secureDesktop to VeraCrypt Format.</li>
<li>Update libzip to version 1.6.1</li>
<li>Minor UI fixes</li>
</ul>
</li>
</ul>
<p><strong style="text-align:left">1.24-Update4 </strong>(January 23<sup>rd</sup>, 2020):</p>
<ul>
<li><strong>Windows:</strong>
<ul>
<li>Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.</li>
<li>Fix failure of Screen Readers (Accessibility support) to read UI by disabling newly introduced memory protection by default and adding a CLI switch (/protectMemory) to enable it when needed.</li>
<li>Fix side effects related to the fix for CVE-2019-19501 which caused links in UI not to open.</li>
<li>Add switch /signalExit to support notifying <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR</a> Windows command when VeraCrypt.exe exits if /q was specified in CLI (cf documentation for usage).</li>
-<li>Don't display mount/dismount examples in help dialog for command line in Format and Expander.</li>
+<li>Don't display mount/unmount examples in help dialog for command line in Format and Expander.</li>
<li>Documentation and translation updates.</li>
</ul>
</li>
<li><strong>Linux:</strong>
<ul>
<li>Fix regression that limited the size available for hidden volumes created on disk or partition.</li>
</ul>
</li>
<li><strong>MacOSX:</strong>
<ul>
<li>Fix regression that limited the size available for hidden volumes created on disk or partition.</li>
</ul>
</li>
</ul>
<p><strong style="text-align:left">1.24-Update3 </strong>(December 21<sup>nd</sup>, 2019):</p>
<ul>
<li><strong>Linux:</strong>
<ul>
<li>Fix console-only build to remove dependency on GTK that is not wanted on headless servers.</li>
@@ -754,41 +773,41 @@
<p><strong style="text-align:left">1.22 </strong>(March 30<sup>th</sup>, 2018):</p>
<ul>
<li><strong>All OSs:</strong>
<ul>
<li>SIMD speed optimization for Kuznyechik cipher implementation (up to 2x speedup).</li>
<li>Add 5 new cascades of cipher algorithms: Camellia-Kuznyechik, Camellia-Serpent, Kuznyechik-AES, Kuznyechik-Serpent-Camellia and Kuznyechik-Twofish.</li>
</ul>
</li>
<li><strong>Windows:</strong>
<ul>
<li>MBR Bootloader: Fix failure to boot hidden OS on some machines.</li>
<li>MBR Bootloader: Reduce CPU usage during password prompt.</li>
<li>Security enhancement: Add option to block TRIM command for system encryption on SSD drives.</li>
<li>Implement TRIM support for non-system SSD drives and add option to enable it (TRIM is disabled by default for non-system volumes).</li>
<li>Better fix for "Parameter Incorrect" issues during EFI system encryption in some machines.</li>
<li>Driver: remove unnecessary dependency to wcsstr which can cause issues on some machines.</li>
<li>Driver: Fix "Incorrect Parameter" error when mounting volumes on some machines.</li>
<li>Fix failure to mount system favorites during boot on some machines.</li>
<li>Fix current application losing focus when VeraCrypt is run in command line with /quit /silent switches.</li>
-<li>Fix some cases of external applications freezing during mount/dismount.</li>
+<li>Fix some cases of external applications freezing during mount/unmount.</li>
<li>Fix rare cases of secure desktop for password dialog not visible which caused UI to block.</li>
<li>Update libzip to version 1.5.0 that include fixes for some security issues.</li>
<li>Extend Secure Desktop feature to smart card PIN entry dialog.</li>
<li>Fix truncated license text in installer wizard.</li>
<li>Add portable package that allows extracting binaries without asking for admin privileges.</li>
<li>Simplify format of language XML files.</li>
<li>Workaround for cases where password dialog doesn't get keyboard focus if Secure Desktop is not enabled.</li>
</ul>
<li><strong>Linux:</strong>
<ul>
<li>Fix failure to install GUI version under recent versions of KDE.</li>
<li>Fix wxWidgets assertion failed when backing up/restoring volume header.</li>
</ul>
</li>
<li><strong>MacOSX:</strong>
<ul>
<li>Fix issue preventing some local help files from opening in the browser.</li>
</ul>
</li>
</ul>
@@ -1043,113 +1062,113 @@ incorrect Impersonation Token Handling. </li></ul>
<ul>
<li>Solve TOR crashing when run from a VeraCrypt volume. </li></ul>
</li></ul>
<p><strong style="text-align:left">1.12 </strong>(August 5<sup>th</sup>, 2015):</p>
<ul>
<li><strong>All OSs:</strong>
<ul>
<li>Implement &quot;Dynamic Mode&quot; by supporting a Personal Iterations Multiplier (PIM). See documentation for more information.
</li></ul>
</li></ul>
<ul>
<li><strong>Windows:</strong>
<ul>
<li>Detect Boot Loader tampering (&quot;Evil Maid&quot; attacks) for system encryption and propose recovery options.
</li><li>Fix buffer overrun issue and other memory related bugs when parsing language XML files.
</li><li>Fix wrongly reported bad sectors by chkdsk caused by a bug in&nbsp;IOCTL_DISK_VERIFY handling.
</li><li>Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used (reported by Liran Elharar)
</li><li>Fix system favorites not always mounting after cold start. </li><li>Solve installer error when updating VeraCrypt on Windows 10. </li><li>Implement decryption of non-system partition/drive. </li><li>Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
</li><li>Allow using drive letters A: and B: for mounting volumes </li><li>Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
</li><li>Add possibility to show system encryption password in Windows GUI and bootloader
-</li><li>Solve &quot;Class Already exists&quot; error that was happening for some users. </li><li>Solve some menu items and GUI fields not translatable </li><li>Make volumes correctly report Physical Sector size to Windows. </li><li>Correctly detect switch user/RDP disconnect operations for autodismount on session locked.
+</li><li>Solve &quot;Class Already exists&quot; error that was happening for some users. </li><li>Solve some menu items and GUI fields not translatable </li><li>Make volumes correctly report Physical Sector size to Windows. </li><li>Correctly detect switch user/RDP disconnect operations for autounmount on session locked.
</li><li>Add manual selection of partition when resuming in-place encryption. </li><li>Add command line option (/cache f) to temporarily cache password during favorites mounting.
</li><li>Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI. </li><li>Add extra information to displayed error message in order to help analyze reported issues.
</li><li>Disable menu entry for changing system encryption PRF since it's not yet implemented.
</li><li>Fix failure to change password when UAC required (inherited from TrueCrypt) </li><li>Minor fixes and changes (see Git history for more details) </li></ul>
</li></ul>
<ul>
<li><strong>Linux:</strong>
<ul>
<li>Solve installer issue under KDE when xterm not available </li><li>Fix warnings on about/LegalNotice dialogs when wxWidgets linked dynamically (N/A for official binary)
</li><li>Support hash names with '-' in command line (sha-256, sha-512 and ripemd-160)
</li><li>Remove &quot;--current-hash&quot; switch and add &quot;--new-hash&quot; to be more coherent with existing switches.
</li><li>When only keyfile specified in command line, don't try to mount using empty password.
<ul>
<li>If mounting using empty password is needed, explicitly specify so using: -p &quot;&quot;
</li></ul>
</li></ul>
</li></ul>
<p id="1.0f-2"><strong style="text-align:left">1.0f-2</strong>(April 5<sup>th</sup>, 2015):</p>
<ul>
<li><strong>All OSs:</strong>
<ul>
<li>Mounting speed improvement, up to 20% quicker on 64-bit (contributed by Nils Maier)
</li><li>Add option to set default hash/TrueCryptMode used for mounting volumes. </li><li>Use TrueCryptMode/Hash specified in command line in password dialog. </li></ul>
</li><li><strong>Windows:</strong>
<ul>
<li>Solve CryptAcquireContext vulnerability reported by Open Crypto Audit Phase II.
</li><li>Proper handling of random generator failures. Inform user in such cases. </li><li>TrueCrypt Mode related changes:
<ul>
<li>Support mounting TrueCrypt system partition (no conversion yet) </li><li>Support TrueCrypt volumes as System Favorites. </li><li>Correct displaying wrong TrueCrypt mode in volume properties when SHA-256 is used.
</li></ul>
</li><li>Solve PIN BLOCKED issue with smart cards in a special case. </li><li>Correctly handle file access errors when mounting containers. </li><li>Solve several issues reported by the Static Code Analysis too Coverity. </li><li>Bootloader: Add &quot;Verifying Password...&quot; message. </li><li>When UAC prompt fails (for example timeout), offer the user to retry the operation.
</li><li>Uninstall link now open the standard &quot;Add/Remove Programs&quot; window. </li><li>On uninstall, remove all VeraCrypt references from registry and disk. </li><li>Included VeraCryptExpander in the Setup. </li><li>Add option to temporary cache password when mounting multiple favorites. </li><li>Minor fixes and enhancements (see git history for more information) </li></ul>
</li><li><strong>MacOSX:</strong>
<ul>
-<li>Solve issue volumes not auto-dismounting when quitting VeraCrypt<strong>.</strong>
+<li>Solve issue volumes not auto-unmounting when quitting VeraCrypt<strong>.</strong>
</li><li>Solve issue VeraCrypt window not reopening by clicking dock icon. </li></ul>
</li><li><strong>Linux/MacOSX:</strong>
<ul>
<li>Solve preferences dialog not closing when clicking on the 'X' icon. </li><li>Solve read-only issue when mounting non-FAT volumes in some cases. </li><li>Support opening/exploring mounted volumes on desktops other than Gnome/KDE. </li><li>Solve various installer issues when running on less common configurations </li><li>Minor fixes (see git history for more information) </li></ul>
</li></ul>
<p><strong style="text-align:left">1.0f-1 </strong>(January 4<sup>th</sup>, 2015)</p>
<ul>
<li><strong>All OSs</strong>:
<ul>
<li>Add support for old TrueCrypt 6.0. </li><li>Change naming of cascades algorithms in GUI for a better description. </li></ul>
</li><li><strong>Linux/MacOSX:</strong>
<ul>
<li>Make cancel button of the preference dialog working. </li><li>Solve impossibility to enter a one digit size for the volume. </li><li>Add wait dialog to the benchmark calculation. </li></ul>
</li><li><strong>Windows:</strong>
<ul>
<li>Add TrueCrypt mode to the mounted volume information. </li><li>For Windows XP, correct the installer graphical artefacts. </li></ul>
</li></ul>
<p><strong style="text-align:left">1.0f </strong>(December 30, 2014)</p>
<ul>
<li><strong>All OSs</strong>:
<ul>
<li>Add support for mounting TrueCrypt volumes. </li><li>Add support for converting TrueCrypt containers and non-system partitions. </li><li>Add support for SHA-256 for volume encryption. </li><li>Make SHA-512 the default key derivation algorithm and change the order of preference of derivation algorithms : SHA-512 -&gt; Whirlpool -&gt; SHA-256 -&gt; RIPEMD160
</li><li>Deprecate RIPEMD160 for non-system encryption. </li><li>Speedup mount operation by enabling choice of correct hash algorithm. </li><li>Display a wait dialog during lengthy operations to avoid freezing the GUI. </li><li>Implement creation of multiple keyfiles at once, with predefined or random size.
</li><li>Always display random gathering dialog before performing sensitive operations.
</li><li>Links in the application now points to the online resources on Codeplex </li><li>First version of proper VeraCrypt User Guide </li></ul>
</li><li><strong>MacOSX:</strong>
<ul>
<li>Implement support for hard drives with a large sector size (&gt; 512). </li><li>Link against new wxWidgets version 3.0.2. </li><li>Solve truncated text in some Wizard windows. </li></ul>
</li><li><strong>Linux:</strong>
<ul>
<li>Add support of NTFS formatting of volumes. </li><li>Correct issue on opening of the user guide PDF. </li><li>Better support for hard drives with a large sector size (&gt; 512). </li><li>Link against new wxWidgets version 3.0.2. </li></ul>
</li><li><strong>Windows:</strong><br>
<ul>
<li>Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
</li><li>Add support for SHA-256 in system boot encryption. </li><li>Various optimizations in bootloader. </li><li>Complete fix of ShellExecute security issue. </li><li>Kernel driver: check that the password length received from bootloader is less or equal to 64.
</li><li>Correct a random crash when clicking the link for more information on keyfiles
-</li><li>Implement option to auto-dismount when user session is locked </li><li>Add self-test vectors for SHA-256 </li><li>Modern look-and-feel by enabling visual styles </li><li>few minor fixed. </li></ul>
+</li><li>Implement option to auto-unmount when user session is locked </li><li>Add self-test vectors for SHA-256 </li><li>Modern look-and-feel by enabling visual styles </li><li>few minor fixed. </li></ul>
</li></ul>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">1.0e </strong>(September 4, 2014)</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<ul>
<li><strong style="text-align:left">Improvements and bug fixes:</strong>
<ul>
<li>Correct most of the security vulnerabilities reported by the Open Crypto Audit Project.
</li><li>Correct security issues detected by Static Code Analysis, mainly under Windows.
</li><li>Correct issue of unresponsiveness when changing password/key file of a volume. Reduce overall time taken for creating encrypted volume/partition.
</li><li>Minor improvements and bug fixes (look at git history for more details). </li></ul>
</li></ul>
</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">1.0d </strong>(June 3, 2014)</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<ul>
<li><strong style="text-align:left">Improvements and bug fixes:</strong>
<ul>
diff --git a/doc/html/Removable Medium Volume.html b/doc/html/Removable Medium Volume.html
index 63c59c55..2be8297c 100644
--- a/doc/html/Removable Medium Volume.html
+++ b/doc/html/Removable Medium Volume.html
@@ -30,27 +30,27 @@
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Miscellaneous.html">Miscellaneous</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Removable%20Medium%20Volume.html">Removable Medium Volume</a>
</p></div>
<div class="wikidoc">
<h2>Volume Mounted as Removable Medium</h2>
<p>This section applies to VeraCrypt volumes mounted when one of the following options is enabled (as applicable):</p>
<ul>
<li><em>Settings</em> &gt; <em>Preferences</em> &gt; <em>Mount volumes as removable media</em>
</li><li><em>Mount Options</em> &gt; <em>Mount volume as removable medium</em> </li><li><em>Favorites</em> &gt; <em>Organize Favorite Volumes</em> &gt; <em>Mount selected volume as removable medium</em>
</li><li><em>Favorites</em> &gt; <em>Organize System Favorite Volumes</em> &gt; <em>Mount selected volume as removable medium</em>
</li></ul>
<p>VeraCrypt Volumes that are mounted as removable media have the following advantages and disadvantages:</p>
<ul>
<li>Windows is prevented from automatically creating the &lsquo;<em>Recycled</em>&rsquo; and/or the &lsquo;<em>System Volume Information</em>&rsquo; folders on VeraCrypt volumes (in Windows, these folders are used by the Recycle Bin and System Restore features).
</li><li>Windows 8 and later is prevented from writing an Event 98 to the Events Log that contains the device name (\\device\VeraCryptVolumeXX) of VeraCrypt volumes formatted using NTFS. This event log &quot;feature&quot; was introduced in Windows 8 as part of newly introduced
NTFS health checks as <a href="https://blogs.msdn.microsoft.com/b8/2012/05/09/redesigning-chkdsk-and-the-new-ntfs-health-model/" target="_blank">
-explained here</a>. Big thanks to Liran Elharar for discovering this. </li><li>Windows may use caching methods and write delays that are normally used for removable media (for example, USB flash drives). This might slightly decrease the performance but at the same increase the likelihood that it will be possible to dismount the volume
- quickly without having to force the dismount. </li><li>The operating system may tend to keep the number of handles it opens to such a volume to a minimum. Hence, volumes mounted as removable media might require fewer forced dismounts than other volumes.
+explained here</a>. Big thanks to Liran Elharar for discovering this. </li><li>Windows may use caching methods and write delays that are normally used for removable media (for example, USB flash drives). This might slightly decrease the performance but at the same increase the likelihood that it will be possible to unmount the volume
+ quickly without having to force the unmount. </li><li>The operating system may tend to keep the number of handles it opens to such a volume to a minimum. Hence, volumes mounted as removable media might require fewer forced unmounts than other volumes.
</li><li>Under Windows Vista and earlier, the &lsquo;<em>Computer</em>&rsquo; (or &lsquo;<em>My Computer</em>&rsquo;) list does not show the amount of free space on volumes mounted as removable (note that this is a Windows limitation, not a bug in VeraCrypt).
</li><li>Under desktop editions of Windows Vista or later, sectors of a volume mounted as removable medium may be accessible to all users (including users without administrator privileges; see section
<a href="Multi-User%20Environment.html">
<em>Multi-User Environment</em></a>). </li></ul>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Removing Encryption.html b/doc/html/Removing Encryption.html
index c2baf5c6..3f3bf139 100644
--- a/doc/html/Removing Encryption.html
+++ b/doc/html/Removing Encryption.html
@@ -26,41 +26,41 @@
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Miscellaneous.html">Miscellaneous</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Removing%20Encryption.html">Removing Encryption</a>
</p></div>
<div class="wikidoc">
<h1>How to Remove Encryption</h1>
<p>Please note that VeraCrypt can in-place decrypt only <strong>partitions and drives
</strong>(select <em>System</em> &gt; <em>Permanently Decrypt System Partition/Drive
</em>for system partition/drive and select <em>Volumes -&gt; Permanently Decrypt </em>
for non-system partition/drive). If you need to remove encryption (e.g., if you no longer need encryption) from a
<strong>file-hosted volume</strong>, please follow these steps:</p>
<ol>
<li>Mount the VeraCrypt volume. </li><li>Move all files from the VeraCrypt volume to any location outside the VeraCrypt volume (note that the files will be decrypted on the fly).
-</li><li>Dismount the VeraCrypt volume. </li><li>delete it (the container) just like you delete any other file. </li></ol>
+</li><li>Unmount the VeraCrypt volume. </li><li>delete it (the container) just like you delete any other file. </li></ol>
<p>If in-place decryption of non-system partitions/drives is not desired, it is also possible in this case to follow the steps 1-3 described above.<br>
<br>
In all cases, if the steps 1-3 are followed, the following extra operations can be performed:</p>
<ul>
<li><strong>If the volume is partition-hosted (applies also to USB flash drives)</strong>
</li></ul>
<ol type="a">
<ol>
<li>Right-click the &lsquo;<em>Computer</em>&rsquo; (or &lsquo;<em>My Computer</em>&rsquo;) icon on your desktop, or in the Start Menu, and select
<em>Manage</em>. The &lsquo;<em>Computer Management</em>&rsquo; window should appear.
</li><li>In the <em>Computer Management</em> window, from the list on the left, select &lsquo;<em>Disk Management</em>&rsquo; (within the
<em>Storage</em> sub-tree). </li><li>Right-click the partition you want to decrypt and select &lsquo;<em>Change Drive Letter and Paths</em>&rsquo;.
</li><li>The &lsquo;<em>Change Drive Letter and Paths</em>&rsquo; window should appear. If no drive letter is displayed in the window, click
<em>Add</em>. Otherwise, click <em>Cancel</em>.<br>
<br>
If you clicked <em>Add</em>, then in the &lsquo;<em>Add Drive Letter or Path</em>&rsquo; (which should have appeared), select a drive letter you want to assign to the partition and click
<em>OK</em>. </li><li>In the <em>Computer Management</em> window, right-click the partition you want to decrypt again and select
<em>Format</em>. The <em>Format</em> window should appear. </li><li>In the <em>Format</em> window, click <em>OK</em>. After the partition is formatted, it will no longer be required to mount it with VeraCrypt to be able to save or load files to/from the partition.
</li></ol>
</ol>
diff --git a/doc/html/Security Model.html b/doc/html/Security Model.html
index 79e154d2..edac59d2 100644
--- a/doc/html/Security Model.html
+++ b/doc/html/Security Model.html
@@ -34,76 +34,76 @@
<div class="wikidoc">
<div>
<h1>Security Model</h1>
<div>
<h4>Note to security researchers: If you intend to report a security issue or publish an attack on VeraCrypt, please make sure it does not disregard the security model of VeraCrypt described below. If it does, the attack (or security issue report) will be considered
invalid/bogus.</h4>
</div>
<p>VeraCrypt is a computer software program whose primary purposes are to:</p>
<ul>
<li>Secure data by encrypting it before it is written to a disk. </li><li>Decrypt encrypted data after it is read from the disk. </li></ul>
<p>VeraCrypt does <strong>not</strong>:</p>
<ul>
<li>Encrypt or secure any portion of RAM (the main memory of a computer). </li><li>Secure any data on a computer* if an attacker has administrator privileges&dagger; under an operating system installed on the computer.
</li><li>Secure any data on a computer if the computer contains any malware (e.g. a virus, Trojan horse, spyware) or any other piece of software (including VeraCrypt or an operating system component) that has been altered, created, or can be controlled, by an attacker.
</li><li>Secure any data on a computer if an attacker has physical access to the computer before or while VeraCrypt is running on it.
</li><li>Secure any data on a computer if an attacker has physical access to the computer between the time when VeraCrypt is shut down and the time when the entire contents of all volatile memory modules connected to the computer (including memory modules in peripheral
devices) have been permanently and irreversibly erased/lost. </li><li>Secure any data on a computer if an attacker can remotely intercept emanations from the computer hardware (e.g. the monitor or cables) while VeraCrypt is running on it (or otherwise remotely monitor the hardware and its use, directly or indirectly, while
VeraCrypt is running on it). </li><li>Secure any data stored in a VeraCrypt volume&Dagger; if an attacker without administrator privileges can access the contents of the mounted volume (e.g. if file/folder/volume permissions do not prevent such an attacker from accessing it).
</li><li>Preserve/verify the integrity or authenticity of encrypted or decrypted data.
-</li><li>Prevent traffic analysis when encrypted data is transmitted over a network. </li><li>Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if he or she can observe the volume (dismounted or mounted) before and after data is written to it, or if the storage medium/device allows
+</li><li>Prevent traffic analysis when encrypted data is transmitted over a network. </li><li>Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if he or she can observe the volume (unmounted or mounted) before and after data is written to it, or if the storage medium/device allows
the attacker to determine such information (for example, the volume resides on a device that saves metadata that can be used to determine when data was written to a particular sector).
</li><li>Encrypt any existing unencrypted data in place (or re-encrypt or erase data) on devices/filesystems that use wear-leveling or otherwise relocate data internally.
</li><li>Ensure that users choose cryptographically strong passwords or keyfiles. </li><li>Secure any computer hardware component or a whole computer. </li><li>Secure any data on a computer where the security requirements or precautions listed in the chapter
<a href="Security%20Requirements%20and%20Precautions.html">
<em>Security Requirements and Precautions</em></a> are not followed. </li><li>Do anything listed in the section <a href="Issues%20and%20Limitations.html#limitations">
Limitations </a>(chapter <a href="Issues%20and%20Limitations.html">
Known Issues &amp; Limitations</a>). </li></ul>
<p>Under <strong>Windows</strong>, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):</p>
<ul>
<li>Mount any file-hosted VeraCrypt volume provided that the file permissions of the container allow it.
</li><li>Mount any partition/device-hosted VeraCrypt volume. </li><li>Complete the pre-boot authentication process and, thus, gain access to data on an encrypted system partition/drive (and start the encrypted operating system).
</li><li>Skip the pre-boot authentication process (this can be prevented by disabling the option
<em>Settings</em> &gt; &lsquo;<em>System Encryption</em>&rsquo; &gt; &lsquo;<em>Allow pre-boot authentication to be bypassed by pressing the Esc key</em>&rsquo;; note that this option can be enabled or disabled only by an administrator).
-</li><li>Dismount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her. However, this does not apply to &lsquo;system favorite volumes&rsquo;, which he or she can dismount (etc.)
+</li><li>Unmount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her. However, this does not apply to &lsquo;system favorite volumes&rsquo;, which he or she can unmount (etc.)
regardless of who mounted them (this can be prevented by enabling the option <em>
-Settings</em> &gt; &lsquo;<em>System Favorite Volumes</em>&rsquo; &gt; &lsquo;<em>Allow</em> only administrators to view and dismount system favorite volumes in VeraCrypt&rsquo;; note that this option can be enabled or disabled only by an administrator).
+Settings</em> &gt; &lsquo;<em>System Favorite Volumes</em>&rsquo; &gt; &lsquo;<em>Allow</em> only administrators to view and unmount system favorite volumes in VeraCrypt&rsquo;; note that this option can be enabled or disabled only by an administrator).
</li><li>Create a file-hosted VeraCrypt volume containing a FAT or no file system (provided that the relevant folder permissions allow it).
</li><li>Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted VeraCrypt volume (provided that the file permissions allow it).
</li><li>Access the filesystem residing within a VeraCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this).
</li><li>Use passwords (and processed keyfiles) stored in the password cache (note that caching can be disabled; for more information see the section
<em>Settings -&gt; Preferences</em>, subsection <em>Cache passwords in</em> driver memory).
</li><li>View the basic properties (e.g. the size of the encrypted area, encryption and hash algorithms used, etc.) of the encrypted system partition/drive when the encrypted system is running.
</li><li>Run and use the VeraCrypt application (including the VeraCrypt Volume Creation Wizard) provided that the VeraCrypt device driver is running and that the file permissions allow it.
</li></ul>
<p>Under <strong>Linux</strong>, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):</p>
<ul>
<li>Create a file-hosted or partition/device-hosted VeraCrypt volume containing a FAT or no file system provided that the relevant folder/device permissions allow it.
</li><li>Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted VeraCrypt volume provided that the file/device permissions allow it.
</li><li>Access the filesystem residing within a VeraCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this).
</li><li>Run and use the VeraCrypt application (including the VeraCrypt Volume Creation Wizard) provided that file permissions allow it.
</li><li>In the VeraCrypt application window, see the path to and properties of any VeraCrypt volume mounted by him or her.
</li></ul>
<p>Under <strong>Mac OS X</strong>, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):</p>
<ul>
<li>Mount any file-hosted or partition/device-hosted VeraCrypt volume provided that the file/device permissions allow it.
-</li><li>Dismount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her.
+</li><li>Unmount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her.
</li><li>Create a file-hosted or partition/device-hosted VeraCrypt volume provided that the relevant folder/device permissions allow it.
</li><li>Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted VeraCrypt volume (provided that the file/device permissions allow it).
</li><li>Access the filesystem residing within a VeraCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this).
</li><li>Run and use the VeraCrypt application (including the VeraCrypt Volume Creation Wizard) provided that the file permissions allow it.
</li></ul>
<p>VeraCrypt does not support the set-euid root mode of execution.<br>
<br>
Additional information and details regarding the security model are contained in the chapter
<a href="Security%20Requirements%20and%20Precautions.html">
<em>Security Requirements and Precautions</em></a>.</p>
<p>* In this section (<em>Security Model</em>), the phrase &ldquo;data on a computer&rdquo; means data on internal and external storage devices/media (including removable devices and network drives) connected to the computer.</p>
<p>&dagger; In this section (<em>Security Model</em>), the phrase &ldquo;administrator privileges&rdquo; does not necessarily refer to a valid administrator account. It may also refer to an attacker who does not have a valid administrator account but who is
able (for example, due to improper configuration of the system or by exploiting a vulnerability in the operating system or a third-party application) to perform any action that only a user with a valid administrator account is normally allowed to perform (for
example, to read or modify an arbitrary part of a drive or the RAM, etc.)</p>
<p>&Dagger; &ldquo;VeraCrypt volume&rdquo; also means a VeraCrypt-encrypted system partition/drive (see the chapter
<a href="System%20Encryption.html"><em>System Encryption</em></a>).</p>
</div>
</div>
</body></html>
diff --git a/doc/html/Security Requirements for Hidden Volumes.html b/doc/html/Security Requirements for Hidden Volumes.html
index 3b5dbdb3..7ac28c40 100644
--- a/doc/html/Security Requirements for Hidden Volumes.html
+++ b/doc/html/Security Requirements for Hidden Volumes.html
@@ -27,41 +27,41 @@
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Hidden%20Volume.html">Hidden Volume</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">Security Requirements for Hidden Volumes</a>
</p></div>
<div class="wikidoc">
<h1>Security Requirements and Precautions Pertaining to Hidden Volumes</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
If you use a <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden VeraCrypt volume</a>, you must follow the security requirements and precautions listed below in this section. Disclaimer: This section is not guaranteed to contain a list of
<em style="text-align:left">all</em> security issues and attacks that might adversely affect or limit the ability of VeraCrypt to secure data stored in a hidden VeraCrypt volume and the ability to provide plausible deniability.</div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
-If an adversary has access to a (dismounted) VeraCrypt volume at several points over time, he may be able to determine which sectors of the volume are changing. If you change the contents of a
+If an adversary has access to a (unmounted) VeraCrypt volume at several points over time, he may be able to determine which sectors of the volume are changing. If you change the contents of a
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden volume</a> (e.g., create/copy new files to the hidden volume or modify/delete/rename/move files stored on the hidden volume, etc.), the contents of sectors (ciphertext) in the hidden volume area will change. After being given the password to the outer
volume, the adversary might demand an explanation why these sectors changed. Your failure to provide a plausible explanation might indicate the existence of a hidden volume within the outer volume.<br style="text-align:left">
<br style="text-align:left">
Note that issues similar to the one described above may also arise, for example, in the following cases:<br style="text-align:left">
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
The file system in which you store a file-hosted VeraCrypt container has been defragmented and a copy of the VeraCrypt container (or of its fragment) remains in the free space on the host volume (in the defragmented file system). To prevent this, do one of
the following:
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Securely erase free space on the host volume (in the defragmented file system) after defragmenting. On Windows, this can be done using the Microsoft
<a href="https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx">free utility SDelete</a>. On Linux, the
<em>shred</em> utility from GNU coreutils package can be used for this purpose. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Do not defragment file systems in which you store VeraCrypt volumes. </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS). A&nbsp;copy of the VeraCrypt container (or of its fragment) may remain on the host volume. To prevent this, do one the following:
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
diff --git a/doc/html/Sharing over Network.html b/doc/html/Sharing over Network.html
index 829838b9..f1969f0f 100644
--- a/doc/html/Sharing over Network.html
+++ b/doc/html/Sharing over Network.html
@@ -28,29 +28,29 @@
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Miscellaneous.html">Miscellaneous</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Sharing%20over%20Network.html">Sharing over Network</a>
</p></div>
<div class="wikidoc">
<h1>Sharing over Network</h1>
<p>If there is a need to access a single VeraCrypt volume simultaneously from multiple operating systems, there are two options:</p>
<ol>
<li>A VeraCrypt volume is mounted only on a single computer (for example, on a server) and only the content of the mounted VeraCrypt volume (i.e., the file system within the VeraCrypt volume) is shared over a network. Users on other computers or systems will
not mount the volume (it is already mounted on the server).
<p><strong>Advantages</strong><span>: All users can write data to the VeraCrypt volume. The shared volume may be both file-hosted and partition/device-hosted.</span></p>
<p><strong>Disadvantage</strong><span>: Data sent over the network will not be encrypted. However, it is still possible to encrypt them using e.g. SSL, TLS, VPN, or other technologies.</span></p>
<p><strong>Remarks</strong>: Note that, when you restart the system, the network share will be automatically restored only if the volume is a system favorite volume or an encrypted system partition/drive (for information on how to configure a volume as a system
favorite volume, see the chapter <a href="System%20Favorite%20Volumes.html">
<em>System Favorite Volumes</em></a>).</p>
-</li><li>A dismounted VeraCrypt file container is stored on a single computer (for example, on a server). This encrypted file is shared over a network. Users on other computers or systems will locally mount the shared file. Thus, the volume will be mounted simultaneously
+</li><li>A unmounted VeraCrypt file container is stored on a single computer (for example, on a server). This encrypted file is shared over a network. Users on other computers or systems will locally mount the shared file. Thus, the volume will be mounted simultaneously
under multiple operating systems.
<p><strong>Advantage</strong><span>: Data sent over the network will be encrypted (however, it is still recommended to encrypt them using e.g. SSL, TLS, VPN, or other appropriate technologies to make traffic analysis more difficult and to preserve the integrity
of the data).</span></p>
<p><strong>Disadvantages</strong>: The shared volume may be only file-hosted (not partition/device-hosted). The volume must be mounted in read-only mode under each of the systems (see the section
<em>Mount Options</em> for information on how to mount a volume in read-only mode). Note that this requirement applies to unencrypted volumes too. One of the reasons is, for example, the fact that data read from a conventional file system under one OS while
the file system is being modified by another OS might be inconsistent (which could result in data corruption).</p>
</li></ol>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/System Favorite Volumes.html b/doc/html/System Favorite Volumes.html
index 491a6698..3dd06b74 100644
--- a/doc/html/System Favorite Volumes.html
+++ b/doc/html/System Favorite Volumes.html
@@ -35,42 +35,42 @@
</p></div>
<div class="wikidoc">
<h1>System Favorite Volumes</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<p>System favorites are useful, for example, in the following cases:</p>
<ul>
<li>You have volumes that need to be <strong>mounted before system and application services start and before users start logging on</strong>.
</li><li>There are network-shared folders located on VeraCrypt volumes. If you configure these volumes as system favorites, you will ensure that the
<strong>network shares will be automatically restored </strong>by the operating system each time it is restarted.
</li><li>You need each such volume to be mounted as <strong>the same drive letter </strong>
each time the operating system starts. </li></ul>
<p>Note that, unlike the regular (non-system) favorites, <strong>system favorite volumes use the pre-boot authentication password
</strong>and, therefore, require your system partition/drive to be encrypted (also note it is not required to enable caching of the pre-boot authentication password). Moreover, since the pre-boot password is typed using
<strong>US keyboard layout</strong> (BIOS requirement), the password of the system favorite volume must be entered during its creation process using the
<strong>US keyboard layout</strong> by typing the same keyboard keys you type when you enter the pre-boot authentication password. If the password of the system favorite volume is not identical to the pre-boot authentication password under the US keyboard layout,
then<strong> it will fail to mount</strong>.</p>
<p>When creating a volume that you want to make a system favorite later, you must explicitly set the keyboard layout associated with VeraCrypt to US layout and you have to type the same keyboard keys you type when you enter the pre-boot authentication password.<br>
<br>
System favorite volumes <strong>can be configured to be available within VeraCrypt only to users with administrator privileges
-</strong>(select <em>Settings </em>&gt; &lsquo;<em>System Favorite Volumes</em>&rsquo; &gt; &lsquo;<em>Allow only administrators to view and dismount system favorite volumes in VeraCrypt</em>&rsquo;). This option should be enabled on servers to ensure that
- system favorite volumes cannot be dismounted by users without administrator privileges. On non-server systems, this option can be used to prevent normal VeraCrypt volume actions (such as &lsquo;<em>Dismount All</em>&rsquo;, auto-dismount, etc.) from affecting
+</strong>(select <em>Settings </em>&gt; &lsquo;<em>System Favorite Volumes</em>&rsquo; &gt; &lsquo;<em>Allow only administrators to view and unmount system favorite volumes in VeraCrypt</em>&rsquo;). This option should be enabled on servers to ensure that
+ system favorite volumes cannot be unmounted by users without administrator privileges. On non-server systems, this option can be used to prevent normal VeraCrypt volume actions (such as &lsquo;<em>Unmount All</em>&rsquo;, auto-unmount, etc.) from affecting
system favorite volumes. In addition, when VeraCrypt is run without administrator privileges (the default on Windows Vista and later), system favorite volumes will not be displayed in the drive letter list in the main VeraCrypt application window.</p>
<h3>To configure a VeraCrypt volume as a system favorite volume, follow these steps:</h3>
<ol>
<li>Mount the volume (to the drive letter to which you want it to be mounted every time).
</li><li>Right-click the mounted volume in the drive list in the main VeraCrypt window and select &lsquo;<em>Add to System Favorites</em>&rsquo;.
</li><li>The System Favorites Organizer window should appear now. In this window, enable the option &lsquo;<em>Mount system favorite volumes when Windows starts</em>&rsquo; and click
<em>OK</em>. </li></ol>
<p>The order in which system favorite volumes are displayed in the System Favorites Organizer window (<em>Favorites
</em>&gt; &lsquo;<em>Organize System Favorite Volumes</em>&rsquo;) is <strong>the order in which the volumes are mounted</strong>. You can use the
<em>Move Up </em>and <em>Move Down </em>buttons to change the order of the volumes.</p>
<p id="Label">A special label can be assigned to each system favorite volume. This label is not the same as the filesystem label and it is shown within the VeraCrypt user interface instead of the volume path. To assign such a label, follow these steps:</p>
<ol>
<li>Select <em>Favorites </em>&gt; &lsquo;<em>Organize System Favorite Volumes</em>&rsquo;.
</li><li>The System Favorites Organizer window should appear now. In this window, select the volume whose label you want to edit.
</li><li>Enter the label in the &lsquo;<em>Label of selected favorite volume</em>&rsquo; input field and click OK.
</li></ol>
<p>Note that the System Favorites Organizer window (<em>Favorites </em>&gt; &lsquo;<em>Organize System Favorite Volumes</em>&rsquo;) allows you to
<strong>set various options for each system favorite volume</strong>. For example, any of them can be mounted as read-only or as removable medium.<br>
<br>
Warning: When the drive letter assigned to a system favorite volume (saved in the configuration file) is not free, the volume is not mounted and no error message is displayed.<br>
diff --git a/doc/html/Troubleshooting.html b/doc/html/Troubleshooting.html
index 3eece663..e3cfb49f 100644
--- a/doc/html/Troubleshooting.html
+++ b/doc/html/Troubleshooting.html
@@ -297,41 +297,41 @@ Note: For other possible solutions to this problem, see the other sections of th
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Problem:</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">When the system partition/drive is encrypted, the operating system 'freezes' for approx. 10-60 seconds every 5-60 minutes (100% CPU usage may co-occur).</em></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Probable Cause: </strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
A CPU and/or motherboard issue.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Possible Solutions: </strong></div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Try disabling all power-saving-related features (including any special CPU enhanced halt functions) in the BIOS settings and in the 'Power Options' Windows control panel.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Replace the processor with a different one (different type and/or brand). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Replace the motherboard with a different one (different type and/or brand). </li></ul>
<hr style="text-align:left">
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Problem:</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-<em style="text-align:left">When mounting or dismounting a VeraCrypt volume, the system crashes (a 'blue screen' error screen appears or the
+<em style="text-align:left">When mounting or unmounting a VeraCrypt volume, the system crashes (a 'blue screen' error screen appears or the
<span style="text-align:left">computer abruptly restarts)</span>.</em></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
OR</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">Since I installed VeraCrypt, the operating system has been crashing frequently.</em></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Possible Causes: </strong></div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A bug in a third-party application (e.g. antivirus, system &quot;tweaker&quot;, driver, etc.)
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A bug in VeraCrypt </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A bug in Windows or a malfunctioning hardware component </li></ul>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left">Possible Solutions: </strong></div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Try disabling any antivirus tools, system &quot;tweakers&quot;, and any other similar applications. If it does not help, try uninstalling them and restarting Windows.
<br style="text-align:left">
<br style="text-align:left">
diff --git a/doc/html/Unencrypted Data in RAM.html b/doc/html/Unencrypted Data in RAM.html
index 9c4de777..96fe5813 100644
--- a/doc/html/Unencrypted Data in RAM.html
+++ b/doc/html/Unencrypted Data in RAM.html
@@ -23,55 +23,55 @@
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Unencrypted%20Data%20in%20RAM.html">Unencrypted Data in RAM</a>
</p></div>
<div class="wikidoc">
<h1>Unencrypted Data in RAM</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
It is important to note that VeraCrypt is <em style="text-align:left">disk</em> encryption software, which encrypts only disks, not RAM (memory).</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Keep in mind that most programs do not clear the memory area (buffers) in which they store unencrypted (portions of) files they load from a VeraCrypt volume. This means that after you exit such a program, unencrypted data it worked with may remain in memory
- (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*). Also note that if you open a file stored on a VeraCrypt volume, for example, in a text editor and then force dismount on the VeraCrypt
- volume, then the file will remain unencrypted in the area of memory (RAM) used by (allocated to) the text editor. This also applies to forced auto-dismount.</div>
+ (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*). Also note that if you open a file stored on a VeraCrypt volume, for example, in a text editor and then force unmount on the VeraCrypt
+ volume, then the file will remain unencrypted in the area of memory (RAM) used by (allocated to) the text editor. This also applies to forced auto-unmount.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-Inherently, unencrypted master keys have to be stored in RAM too. When a non-system VeraCrypt volume is dismounted, VeraCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted (or cleanly shut down), all non-system VeraCrypt volumes
- are automatically dismounted and, thus, all master keys stored in RAM are erased by the VeraCrypt driver (except master keys for system partitions/drives &mdash; see below). However, when power supply is abruptly interrupted, when the computer is reset (not
+Inherently, unencrypted master keys have to be stored in RAM too. When a non-system VeraCrypt volume is unmounted, VeraCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted (or cleanly shut down), all non-system VeraCrypt volumes
+ are automatically unmounted and, thus, all master keys stored in RAM are erased by the VeraCrypt driver (except master keys for system partitions/drives &mdash; see below). However, when power supply is abruptly interrupted, when the computer is reset (not
cleanly restarted), or when the system crashes, <strong style="text-align:left">
VeraCrypt naturally stops running and therefore cannot </strong>erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be
reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.**</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Starting from version 1.24, VeraCrypt introduces a mechanism to encrypt master keys and cached passwords in RAM. This RAM encryption mechanism must be activated manually in "Performance/Driver Configuration" dialog. RAM encryption comes with a performance overhead (between 5% and 15% depending on the CPU speed) and it disables Windows hibernate. <br>
Moreover, VeraCrypt 1.24 and above provide an additional security mechanism when system encryption is used that makes VeraCrypt erase master keys from RAM when a new device is connected to the PC. This additional mechanism can be activated using an option in System Settings dialog.<br/>
Even though both above mechanisms provides strong protection for masterskeys and cached password, users should still take usual precautions related for the safery of sensitive data in RAM.</div>
<table style="border-collapse:separate; border-spacing:0px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif">
<tbody style="text-align:left">
<tr style="text-align:left">
<td style="text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; color:#ff0000; padding:15px; border:1px solid #000000">
To summarize, VeraCrypt <strong style="text-align:left">cannot</strong> and does <strong style="text-align:left">
not</strong> ensure that RAM contains no sensitive data (e.g. passwords, master keys, or decrypted data). Therefore, after each session in which you work with a VeraCrypt volume or in which an encrypted operating system is running, you must shut down (or, if
the <a href="Hibernation%20File.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hibernation file</a> is <a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
encrypted</a>, hibernate) the computer and then leave it powered off for at least several minutes (the longer, the better) before turning it on again. This is required to clear the RAM (also see the section
<a href="Hibernation%20File.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hibernation File</a>).</td>
</tr>
</tbody>
</table>
<p>&nbsp;</p>
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
<p><span style="text-align:left; font-size:10px; line-height:12px">* Allegedly, for 1.5-35 seconds under normal operating temperatures (26-44 &deg;C) and up to several hours when the memory modules are cooled (when the computer is running) to very low temperatures
(e.g. -50&nbsp;&deg;C). New types of memory modules allegedly exhibit a much shorter decay time (e.g. 1.5-2.5 seconds) than older types (as of 2008).</span><br style="text-align:left">
-<span style="text-align:left; font-size:10px; line-height:12px">** Before a key can be erased from RAM, the corresponding VeraCrypt volume must be dismounted. For non-system volumes, this does not cause any problems. However, as Microsoft currently does not
- provide any appropriate API for handling the final phase of the system shutdown process, paging files located on encrypted system volumes that are dismounted during the system shutdown process may still contain valid swapped-out memory pages (including portions
- of Windows system files). This could cause 'blue screen' errors. Therefore, to prevent 'blue screen' errors, VeraCrypt does not dismount encrypted system volumes and consequently cannot clear the master keys of the system volumes when the system is shut down
+<span style="text-align:left; font-size:10px; line-height:12px">** Before a key can be erased from RAM, the corresponding VeraCrypt volume must be unmounted. For non-system volumes, this does not cause any problems. However, as Microsoft currently does not
+ provide any appropriate API for handling the final phase of the system shutdown process, paging files located on encrypted system volumes that are unmounted during the system shutdown process may still contain valid swapped-out memory pages (including portions
+ of Windows system files). This could cause 'blue screen' errors. Therefore, to prevent 'blue screen' errors, VeraCrypt does not unmount encrypted system volumes and consequently cannot clear the master keys of the system volumes when the system is shut down
or restarted.</span></p>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/Using VeraCrypt Without Administrator Privileges.html b/doc/html/Using VeraCrypt Without Administrator Privileges.html
index 742ae0e9..1bb1bbb9 100644
--- a/doc/html/Using VeraCrypt Without Administrator Privileges.html
+++ b/doc/html/Using VeraCrypt Without Administrator Privileges.html
@@ -23,37 +23,37 @@
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Miscellaneous.html">Miscellaneous</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Using%20VeraCrypt%20Without%20Administrator%20Privileges.html">Using Without Admin Rights</a>
</p></div>
<div class="wikidoc">
<div>
<h2>Using VeraCrypt Without Administrator Privileges</h2>
<p>In Windows, a user who does not have administrator privileges <em>can</em> use VeraCrypt, but only after a system administrator installs VeraCrypt on the system. The reason for that is that VeraCrypt needs a device driver to provide transparent on-the-fly
encryption/decryption, and users without administrator privileges cannot install/start device drivers in Windows.<br>
<br>
-After a system administrator installs VeraCrypt on the system, users without administrator privileges will be able to run VeraCrypt, mount/dismount any type of VeraCrypt volume, load/save data from/to it, and create file-hosted VeraCrypt volumes on the system.
+After a system administrator installs VeraCrypt on the system, users without administrator privileges will be able to run VeraCrypt, mount/unmount any type of VeraCrypt volume, load/save data from/to it, and create file-hosted VeraCrypt volumes on the system.
However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall VeraCrypt, cannot change passwords/keyfiles for VeraCrypt partitions/devices, cannot backup/restore headers of VeraCrypt
partitions/devices, and they cannot run VeraCrypt in &lsquo;portable&rsquo; mode.</p>
<div>
<table style="border-collapse:separate; border-spacing:0px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif">
<tbody style="text-align:left">
<tr style="text-align:left">
<td style="text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif; color:#ff0000; padding:15px; border:1px solid #000000">
Warning: No matter what kind of software you use, as regards personal privacy in most cases, it is
<em>not</em> safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys.</td>
</tr>
</tbody>
</table>
<p>&nbsp;</p>
</div>
</div>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/VeraCrypt Background Task.html b/doc/html/VeraCrypt Background Task.html
index 2ded6d50..bc56155b 100644
--- a/doc/html/VeraCrypt Background Task.html
+++ b/doc/html/VeraCrypt Background Task.html
@@ -22,33 +22,33 @@
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Miscellaneous.html">Miscellaneous</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="VeraCrypt%20Background%20Task.html">Background Task</a>
</p></div>
<div class="wikidoc">
<div>
<h1>VeraCrypt Background Task</h1>
<p>When the main VeraCrypt window is closed, the VeraCrypt Background Task takes care of the following tasks/functions:</p>
<ol>
-<li>Hot keys </li><li>Auto-dismount (e.g., upon logoff, inadvertent host device removal, time-out, etc.)
+<li>Hot keys </li><li>Auto-unmount (e.g., upon logoff, inadvertent host device removal, time-out, etc.)
</li><li>Auto-mount of favorite volumes </li><li>Notifications (e.g., when damage to hidden volume is prevented) </li><li>Tray icon </li></ol>
<p>WARNING: If neither the VeraCrypt Background Task nor VeraCrypt is running, the above- mentioned tasks/functions are disabled.<br>
<br>
The VeraCrypt Background Task is actually the Vera<em>Crypt.exe</em> application, which continues running in the background after you close the main VeraCrypt window. Whether it is running or not can be determined by looking at the system tray area. If you
can see the VeraCrypt icon there, then the VeraCrypt Background Task is running. You can click the icon to open the main VeraCrypt window. Right-click on the icon opens a popup menu with various VeraCrypt-related functions.<br>
<br>
You can shut down the Background Task at any time by right-clicking the VeraCrypt tray icon and selecting
<em>Exit</em>. If you need to disable the VeraCrypt Background Task completely and permanently, select
<em>Settings</em> -&gt; <em>Preferences</em> and uncheck the option <em>Enabled</em> in the Vera<em>Crypt Background Task</em> area of the
<em>Preferences</em> dialog window.</p>
</div>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/VeraCrypt Hidden Operating System.html b/doc/html/VeraCrypt Hidden Operating System.html
index 8881b925..fcaeef57 100644
--- a/doc/html/VeraCrypt Hidden Operating System.html
+++ b/doc/html/VeraCrypt Hidden Operating System.html
@@ -202,41 +202,41 @@ Provided that you encrypt the outer volume with a cascade encryption algorithm (
<br style="text-align:left">
<br style="text-align:left">
Note: When the user attempts to encrypt the system partition with a cascade encryption algorithm, VeraCrypt warns him or her that it can cause the following problems (and implicitly recommends to choose a non-cascade encryption algorithm instead):
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px; font-size:10px; line-height:12px">
For cascade encryption algorithms, the VeraCrypt Boot Loader is larger than normal and, therefore, there is not enough space in the first drive track for a backup of the VeraCrypt Boot Loader. Hence,
<em style="text-align:left">whenever</em> it gets damaged (which often happens, for example, during inappropriately designed anti-piracy activation procedures of certain programs), the user must use the VeraCrypt Rescue Disk to repair the VeraCrypt Boot Loader
or to boot. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px; font-size:10px; line-height:12px">
On some computers, resuming from hibernation takes longer. </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
In contrast to a password for a non-system VeraCrypt volume, a pre-boot authentication password needs to be typed each time the computer is turned on or restarted. Therefore, if the pre-boot authentication password is long (which is required for security purposes),
it may be very tiresome to type it so frequently. Hence, you can answer that it was more convenient for you to use a short (and therefore weaker) password for the system partition (i.e. the decoy system) and that it is more convenient for you to store the
most sensitive data (which you do not need to access as often) in the non-system VeraCrypt partition (i.e. in the outer volume) for which you chose a very long password.
<br style="text-align:left">
<br style="text-align:left">
As the password for the system partition is not very strong (because it is short), you do not intentionally store sensitive data on the system partition. However, you still prefer the system partition to be encrypted, because potentially sensitive or mildly
sensitive data is stored on it as a result of your everyday use of the computer (for example, passwords to online forums you visit, which can be automatically remembered by your browser, browsing history, applications you run, etc.)
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When an attacker gets hold of your computer when a VeraCrypt volume is mounted (for example, when you use a laptop outside), he can, in most cases, read any data stored on the volume (data is decrypted on the fly as he reads it). Therefore, it may be wise to
limit the time the volume is mounted to a minimum. Obviously, this may be impossible or difficult if the sensitive data is stored on an encrypted system partition or on an entirely encrypted system drive (because you would also have to limit the time you work
- with the computer to a minimum). Hence, you can answer that you created a separate partition (encrypted with a different key than your system partition) for your most sensitive data and that you mount it only when necessary and dismount it as soon as possible
+ with the computer to a minimum). Hence, you can answer that you created a separate partition (encrypted with a different key than your system partition) for your most sensitive data and that you mount it only when necessary and unmount it as soon as possible
(so as to limit the time the volume is mounted to a minimum). On the system partition, you store data that is less sensitive (but which you need to access often) than data you store on the non-system partition (i.e. on the outer volume).
</li></ul>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
&nbsp;</div>
<h4 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:12px; margin-bottom:1px">
Safety/Security Precautions and Requirements Pertaining to Hidden Operating Systems</h4>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
As a hidden operating system resides in a hidden VeraCrypt volume, a user of a hidden operating system must follow all of the security requirements and precautions that apply to normal hidden VeraCrypt volumes. These requirements and precautions, as well as
additional requirements and precautions pertaining specifically to hidden operating systems, are listed in the subsection
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Security Requirements and Precautions Pertaining to Hidden Volumes</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
WARNING: If you do not protect the hidden volume (for information on how to do so, refer to the section
<a href="Protection%20of%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Protection of Hidden Volumes Against Damage</a>), do <em style="text-align:left">
not</em> write to the outer volume (note that the decoy operating system is <em style="text-align:left">
not</em> installed in the outer volume). Otherwise, you may overwrite and damage the hidden volume (and the hidden operating system within it)!</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
If all the instructions in the wizard have been followed and if the security requirements and precautions listed in the subsection
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
diff --git a/doc/html/VeraCrypt RAM Encryption.html b/doc/html/VeraCrypt RAM Encryption.html
index 5bfb6aa5..033a4522 100644
--- a/doc/html/VeraCrypt RAM Encryption.html
+++ b/doc/html/VeraCrypt RAM Encryption.html
@@ -41,41 +41,41 @@
<p>
VeraCrypt RAM Encryption aims to protect disk encryption keys stored in volatile memory against certain types of attacks. The primary objectives of this mechanism are:
</p><ul>
<li>To protect against cold boot attacks.</li>
<li>To add an obfuscation layer to significantly complicate the recovery of encryption master keys from memory dumps, be it live or offline.</li>
</ul>
<p></p>
<h3>Implementation Overview</h3>
<p>Here's a summary of how RAM encryption is achieved:</p>
<ol>
<li>At Windows startup, the VeraCrypt driver allocates a 1MiB memory region. If this fails, we device the size by two until allocation succeeds (minimal size being 8KiB). All these variables are allocated in non-paged Kernel memory space.</li>
<li>This memory region is then populated with random bytes generated by a CSPRNG based on ChaCha20.</li>
<li>Two random 64-bit integers, <code>HashSeedMask</code> and <code>CipherIVMask</code>, are generated.</li>
<li>For every master key of a volume, the RAM encryption algorithm derives a unique key from a combination of the memory region and unique values extracted from the memory to be encrypted. This ensures a distinct key for each encrypted memory region. The use of location-dependent keys and IVs prevents master keys from being easily extracted from memory dumps.</li>
<li>The master keys are decrypted for every request, requiring a fast decryption algorithm. For this, ChaCha12 is utilized.</li>
<li>Once a volume is mounted, its master keys are immediately encrypted using the described algorithm.</li>
<li>For each I/O request for a volume, the master keys are decrypted only for the duration of that request and then securely wiped.</li>
- <li>Upon volume dismounting, the encrypted master keys are securely removed from memory.</li>
+ <li>Upon volume unmounting, the encrypted master keys are securely removed from memory.</li>
<li>At Windows shutdown or reboot, the memory region allocated during startup is securely wiped.</li>
</ol>
<h3>Protection against Cold Boot Attacks</h3>
<p>
The mitigation of cold boot attacks is achieved by utilizing a large memory page for key derivation. This ensures that attackers cannot recover the master key since parts of this large memory area would likely be corrupted and irrecoverable after shutdown. Further details on cold boot attacks and mitigation techniques can be found in the referenced papers:
</p>
<ul>
<li><a href="https://www.blackhat.com/presentations/bh-usa-08/McGregor/BH_US_08_McGregor_Cold_Boot_Attacks.pdf" target="_blank">Cold Boot Attacks (BlackHat)</a></li>
<li><a href="https://www.grc.com/sn/files/RAM_Hijacks.pdf" target="_blank">RAM Hijacks</a></li>
</ul>
<h3>Incompatibility with Windows Hibernate and Fast Startup</h3>
<p>
RAM Encryption in VeraCrypt is not compatible with the Windows Hibernate and Fast Startup features. Before activating RAM Encryption, these features will be disabled by VeraCrypt to ensure the security and functionality of the encryption mechanism.
</p>
<h3>Algorithm Choices</h3>
diff --git a/doc/html/ru/Command Line Usage.html b/doc/html/ru/Command Line Usage.html
index c3fc1efe..e0d41dfa 100644
--- a/doc/html/ru/Command Line Usage.html
+++ b/doc/html/ru/Command Line Usage.html
@@ -65,41 +65,41 @@
</td>
</tr>
<tr>
<td>&nbsp;<em>/letter</em> или <em>/l</em></td>
<td>После этого ключа указывается буква диска, присваиваемая монтируемому тому. Если ключ <code>/l</code> не указан и используется ключ <code>/a</code>, тогда тому присваивается первая незанятая буква диска.</td>
</tr>
<tr>
<td>&nbsp;<em>/explore</em> или <em>/e</em></td>
<td>Открыть окно Проводника после монтирования тома.</td>
</tr>
<tr>
<td>&nbsp;<em>/beep</em> или <em>/b</em></td>
<td>Звуковой сигнал после успешного монтирования или размонтирования.</td>
</tr>
<tr>
<td>&nbsp;<em>/auto</em> или <em>/a</em></td>
<td>Если этот ключ указан без параметров, то выполняется автоматическое монтирование тома. Если указан параметр <code>devices</code> (например, <code>/a devices</code>), то выполняется автомонтирование всех доступных в данный момент томов VeraCrypt на основе устройств/разделов. Если указан параметр <code>favorites</code>, то выполняется автомонтирование
избранных томов. Обратите внимание, что ключ <code>/auto</code> подразумевается, если указаны ключи <code>/quit</code> и <code>/volume</code>. Если требуется подавить вывод на экран окна программы, используйте ключ <code>/quit</code>.</td>
</tr>
<tr>
-<td>&nbsp;<em>/dismount</em> или <em>/d</em></td>
+<td>&nbsp;<em>/unmount</em> или <em>/d</em></td>
<td>Размонтировать том с указанной буквой диска (пример: <code>/d x</code>). Если буква диска не указана, то будут размонтированы все смонтированные на данный момент тома VeraCrypt.</td>
</tr>
<tr>
<td>&nbsp;<em>/force</em> или <em>/f</em></td>
<td>Принудительно размонтировать (если размонтируемый том содержит файлы, используемые системой или какой-либо программой) и принудительно смонтировать в совместно используемом (shared) режиме (то есть без эксклюзивного доступа).</td>
</tr>
<tr>
<td>&nbsp;<em>/keyfile</em> или <em>/k</em></td>
<td>После этого ключа указывается ключевой файл или путь поиска ключевых файлов. Если ключевых файлов несколько, то они указываются, например, так: <code>/k c:\keyfile1.dat /k d:\KeyfileFolder /k c:\kf2</code>. Чтобы указать ключевой файл, находящийся на токене безопасности или смарт-карте, используйте следующий синтаксис:
<code>token://slot/SLOT_NUMBER/file/FILE_NAME</code></td>
</tr>
<tr id="tryemptypass">
<td>&nbsp;<em>/tryemptypass&nbsp;&nbsp; </em></td>
<td>Этот ключ применяется, <em>только</em> если сконфигурирован ключевой файл по умолчанию или ключевой файл указан в командной строке.<br>
Если после этого ключа указан параметр <strong>y</strong> или <strong>yes</strong>, либо параметр не указан: попытаться смонтировать, используя пустой пароль и ключевой файл, прежде чем показать запрос пароля.<br>
Если после этого ключа указан параметр <strong>n</strong> или <strong>no</strong>: не пытаться смонтировать, используя пустой пароль и ключевой файл, и сразу показать запрос пароля.</td>
</tr>
<tr>
<td>&nbsp;<em>/nowaitdlg</em></td>
<td>Если после этого ключа указан параметр <strong>y</strong> или <strong>yes</strong>, либо параметр не указан: не показывать окно ожидания при выполнении таких операций, как, например, монтирование томов.<br>
diff --git a/doc/html/ru/Documentation.html b/doc/html/ru/Documentation.html
index 00fcc0ea..81f74c84 100644
--- a/doc/html/ru/Documentation.html
+++ b/doc/html/ru/Documentation.html
@@ -42,41 +42,41 @@
</li><li><strong><a href="System%20Encryption.html">Шифрование системы</a></strong>
<ul>
<li><a href="Hidden%20Operating%20System.html">Скрытая операционная система</a>
</li><li><a href="Supported%20Systems%20for%20System%20Encryption.html">Операционные системы, поддерживающие системное шифрование</a>
</li><li><a href="VeraCrypt%20Rescue%20Disk.html">Диск восстановления VeraCrypt (Rescue Disk)</a>
</li></ul>
</li><li><strong><a href="Plausible%20Deniability.html">Правдоподобное отрицание наличия шифрования</a></strong><br>
<ul>
<li><a href="Hidden%20Volume.html">Скрытый том</a>
<ul>
<li><a href="Protection%20of%20Hidden%20Volumes.html">Защита скрытых томов от повреждений</a>
</li><li><a href="Security%20Requirements%20for%20Hidden%20Volumes.html">Требования безопасности и меры предосторожности, касающиеся скрытых томов</a>
</li></ul>
</li><li><a href="VeraCrypt%20Hidden%20Operating%20System.html">Скрытая операционная система</a>
</li></ul>
</li><li><strong><a href="Main%20Program%20Window.html">Главное окно программы</a></strong>
<ul>
<li><a href="Program%20Menu.html">Меню программы</a>
</li><li><a href="Mounting%20VeraCrypt%20Volumes.html">Монтирование томов</a>
</li></ul>
-</li><li><strong><a href="Normal%20Dismount%20vs%20Force%20Dismount.html">Обычное размонтирование против принудительного</a></strong>
+</li><li><strong><a href="Normal%20Unmount%20vs%20Force%20Unmount.html">Обычное размонтирование против принудительного</a></strong>
</li><li><strong><a href="Avoid%20Third-Party%20File%20Extensions.html">О рисках, связанных со сторонними расширениями файлов</a></strong>
</li><li><strong><a href="Parallelization.html">Распараллеливание</a></strong>
</li><li><strong><a href="Pipelining.html">Конвейеризация</a></strong>
</li><li><strong><a href="Hardware%20Acceleration.html">Аппаратное ускорение</a></strong>
</li><li><strong><a href="Hot%20Keys.html">Горячие клавиши</a></strong>
</li><li><strong><a href="Keyfiles%20in%20VeraCrypt.html">Ключевые файлы</a></strong>
</li><li><strong><a href="Security%20Tokens%20%26%20Smart%20Cards.html">Токены безопасности и смарт-карты</a></strong>
</li><li><strong><a href="EMV%20Smart%20Cards.html">Смарт-карты EMV</a></strong>
</li><li><strong><a href="Portable%20Mode.html">Портативный (переносной) режим</a></strong>
</li><li><strong><a href="TrueCrypt%20Support.html">Поддержка TrueCrypt</a></strong>
</li><li><strong><a href="Converting%20TrueCrypt%20volumes%20and%20partitions.html">Преобразование томов и разделов TrueCrypt в формат VeraCrypt</a></strong>
</li><li><strong><a href="Conversion_Guide_VeraCrypt_1.26_and_Later.html">Руководство по преобразованию томов для версий 1.26 и новее</a></strong>
</li><li><strong><a href="Default%20Mount%20Parameters.html">Параметры монтирования по умолчанию</a></strong>
</li><li><strong><a href="Language%20Packs.html">Языковые пакеты</a></strong>
</li><li><strong><a href="Encryption%20Algorithms.html">Алгоритмы шифрования</a></strong>
<ul>
<li><a href="AES.html">AES</a> </li><li><a href="Camellia.html">Camellia</a>
</li><li><a href="Kuznyechik.html">Kuznyechik</a>
</li><li><a href="Serpent.html">Serpent</a> </li><li><a href="Twofish.html">Twofish</a> </li><li><a href="Cascades.html">Каскады шифров</a>
</li></ul>
diff --git a/doc/html/ru/Normal Dismount vs Force Dismount.html b/doc/html/ru/Normal Unmount vs Force Unmount.html
index 1bc91dcf..1d02e6db 100644
--- a/doc/html/ru/Normal Dismount vs Force Dismount.html
+++ b/doc/html/ru/Normal Unmount vs Force Unmount.html
@@ -12,66 +12,66 @@
<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Начало</a></li>
<li><a href="/code/">Исходный код</a></li>
<li><a href="Downloads.html">Загрузить</a></li>
<li><a class="active" href="Documentation.html">Документация</a></li>
<li><a href="Donation.html">Поддержать разработку</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Форум</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Документация</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
-<a href="Normal%20Dismount%20vs%20Force%20Dismount.html">Чем обычное размонтирование отличается от принудительного</a>
+<a href="Normal%20Unmount%20vs%20Force%20Unmount.html">Чем обычное размонтирование отличается от принудительного</a>
</p></div>
<div class="wikidoc">
<h1>Чем обычное размонтирование отличается от принудительного</h1>
<p>Важно понимать различия между операциями <em>Обычное размонтирование</em> и <em>Принудительное размонтирование</em>, так как это потенциально влияет на пользовательские данные.</p>
<h2>Обычное размонтирование</h2>
<p>Во время обычного размонтирования VeraCrypt выполняет следующие действия:</p>
<ol>
<li>Даёт запрос операционной системе Windows заблокировать том, запрещая дальнейшие операции ввода-вывода.</li>
<li>Даёт запрос Windows аккуратно изъять том из системы. Этот шаг аналогичен выполняемому пользователем извлечению устройства через область уведомлений в панели задач.</li>
<li>Указывает диспетчеру монтирования Windows размонтировать том.</li>
<li>Удаляет связь между буквой диска и виртуальным устройством тома.</li>
<li>Удаляет виртуальное устройство тома и стирает ключи шифрования из ОЗУ.</li>
</ol>
<p>В этой последовательности действий шаги 1 и 2 могут завершиться ошибкой, если в томе есть открытые файлы. Имейте в виду, что даже если все пользовательские приложения, обращающиеся к файлам на томе, закрыты, Windows может по-прежнему держать файлы открытыми до тех пор, пока не будет полностью очищен кэш ввода-вывода.</p>
<h2>Принудительное размонтирование</h2>
<p>Процесс принудительного размонтирования хотя и отличается, но во многом он похож на обычное размонтирование. По сути, выполняются те же действия, но игнорируются любые сбои, которые могут возникнуть на шагах 1 и 2, после чего продолжается остальная часть процедуры. Однако если есть файлы, открытые пользователем, или ещё не очищен кэш ввода-вывода тома, это может привести к потенциальной потере данных. Эта ситуация аналогична принудительному удалению USB-устройства из компьютера, когда Windows всё ещё сообщает, что оно используется.</p>
<p>Если все приложения, использующие файлы на подключённом томе, были успешно закрыты, а кэш ввода-вывода полностью очищен, то при выполнении принудительного размонтирования не должно происходить ни потери данных, ни повреждения данных или файловой системы. Как и при обычном размонтировании, после успешного завершения принудительного размонтирования ключи шифрования стираются из ОЗУ.</p>
<h2>Как выполнить принудительное размонтирование</h2>
<p>В VeraCrypt есть три способа выполнить принудительное размонтирование:</p>
<ol>
<li>Через всплывающее окно, которое появляется, если не удалась попытка обычного размонтирования.</li>
<li>Через настройки программы, включив опцию <em>Принудительное авторазмонтирование даже при открытых файлах или папках</em> в группе параметров <em>Автоматическое размонтирование</em>.</li>
- <li>Через командную строку, указав ключ /force или /f вместе с ключом /d или /dismount.</li>
+ <li>Через командную строку, указав ключ /force или /f вместе с ключом /d или /unmount.</li>
</ol>
<p>Во избежание непреднамеренной потери или повреждения данных всегда соблюдайте следующие меры предосторожности при размонтировании тома VeraCrypt:</p>
<ol>
<li>Перед размонтированием убедитесь, что все файлы на томе закрыты.</li>
<li>После закрытия всех файлов не спешите, дайте Windows некоторое время, чтобы полностью очистился кэш ввода-вывода.</li>
<li>Учтите, что некоторые антивирусные программы после сканирования могут оставлять дескрипторы файлов в томе открытыми, препятствуя обычному размонтированию. Если возникает такая проблема, попробуйте исключить том VeraCrypt из сканирования антивирусным ПО. Кроме того, проконсультируйтесь с поставщиком вашего антивируса, чтобы понять, как его продукт взаимодействует с томами VeraCrypt и как убедиться, что он не удерживает открытыми дескрипторы файлов.</li>
</ol>
</div><div class="ClearBoth"></div></body></html>
diff --git a/doc/html/ru/Release Notes.html b/doc/html/ru/Release Notes.html
index 071f56aa..8e867f78 100644
--- a/doc/html/ru/Release Notes.html
+++ b/doc/html/ru/Release Notes.html
@@ -26,45 +26,64 @@
</div>
<div>
<p>
<a href="Documentation.html">Документация</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Release%20Notes.html">История версий</a>
</p></div>
<div class="wikidoc">
<h1>История версий</h1>
<p>
<strong>Примечание для тех, кто создавал тома с помощью VeraCrypt версии 1.17 или более ранней:</strong><br/>
<span style="color:#ff0000;">Чтобы избежать намёков на то, что ваши тома (не) содержат скрытый том, или если вам необходимо
правдоподобно отрицать наличие шифрования при использовании скрытых томов/ОС, вы должны <em>создать заново</em> как
внешние, так и скрытые тома, включая шифрование системы и скрытую ОС, и удалить существующие тома, созданные версией
VeraCrypt старее, чем 1.18a.</span></li>
</p>
-<p><strong style="text-align:left">1.26.19</strong> (22 января 2025 года):</p>
+<p><strong style="text-align:left">1.26.20</strong> (3 февраля 2025 года):</p>
<ul>
+<li><strong>Все ОС:</strong>
+ <ul>
+ <li>Ускорено вычисление SHA-256 на платформах ARM64 с помощью инструкций процессора.</li>
+ <li>Обновлены переводы.</li>
+ <li>Во всём интерфейсе и документации (на английском языке) термин "Dismount" заменён на "Unmount" для соответствия ИТ-стандартам.</li>
+ </ul>
+</li>
+<li><strong>Windows:</strong>
+ <ul>
+ <li>Устранена регрессия в драйвере, приводившая к постоянному разрешению дефрагментации и вызывавшая другие побочные эффекты.</li>
+ <li>Восстановлен предыдущий метод сбора системной энтропии из-за сообщений пользователей о проблемах со стабильностью.</li>
+ </ul>
+</li>
+<li><strong>Linux:</strong>
+ <ul>
+ <li>Исправлена регрессия в Linux Mint, влияющая на аутентификацию администратора по паролю (GH #1473).</li>
+ </ul>
+</li>
<li><strong>macOS:</strong>
<ul>
<li>Исправлена регрессия, из-за которой было невозможно размонтировать тома (GH #1467).</li>
+ <li>Исправлена ошибка утверждения wxWidgets 3.2.6, связанная с неопределённым параметром <code>use-dummy-sudo-password</code> (GH #1470).</li>
</ul>
</li>
</ul>
<p><strong style="text-align:left">1.26.18</strong> (20 января 2025 года):</p>
<ul>
<li><strong>Все ОС:</strong>
<ul>
<li>Добавлена поддержка встроенного интерфейса SHA-256 x86 для ускорения PBKDF2-HMAC-SHA256.</li>
<li>Добавлена поддержка аппаратного шифрования AES на платформах ARM64 (например, Windows ARM64, macOS на компьютерах с процессорами Apple Silicon Mx).</li>
<li>Обновлены переводы.</li>
</ul>
</li>
<li><strong>Windows:</strong>
<ul>
<li>Прекращена поддержка 32-разрядных версий Windows.</li>
<li>Минимально поддерживаемая версия Windows 10 – обновление от октября 2018 года (версия 1809).</li>
<li>Уменьшена вероятность взаимоблокировок драйверов при нехватке памяти из-за повторных завершений IRP.</li>
<li>Исправлено определение EFI на некоторых компьютерах, где не определена переменная BootOrder (предложено @kriegste, GH #360).</li>
<li>Исправлена ошибка отказа в доступе при обновлении VeraCrypt с помощью EXE-установщика после обновления Windows.</li>