From 5e1fffa87191c3566bcbe20c6e8d29d5f21651d5 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 13 May 2017 17:34:16 +0200 Subject: Add HTML documentation. --- doc/html/Wear-Leveling.html | 64 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 doc/html/Wear-Leveling.html (limited to 'doc/html/Wear-Leveling.html') diff --git a/doc/html/Wear-Leveling.html b/doc/html/Wear-Leveling.html new file mode 100644 index 00000000..10db9f2b --- /dev/null +++ b/doc/html/Wear-Leveling.html @@ -0,0 +1,64 @@ + + + + +VeraCrypt - Free Open source disk encryption with strong security for the Paranoid + + + + + + +
+VeraCrypt +
+ + + +
+

+Documentation +>> +Security Requirements and Precautions +>> +Wear-Leveling +

+ +
+

Wear-Leveling

+
+Some storage devices (e.g., some solid-state drives, including USB flash drives) and some file systems utilize so-called wear-leveling mechanisms to extend the lifetime of the storage device or medium. These mechanisms ensure that even if an application repeatedly + writes data to the same logical sector, the data is distributed evenly across the medium (logical sectors are remapped to different physical sectors). Therefore, multiple "versions" of a single sector may be available to an attacker. This may have various + security implications. For instance, when you change a volume password/keyfile(s), the volume header is, under normal conditions, overwritten with a re-encrypted version of the header. However, when the volume resides on a device that utilizes a wear-leveling + mechanism, VeraCrypt cannot ensure that the older header is really overwritten. If an adversary found the old volume header (which was to be overwritten) on the device, he could use it to mount the volume using an old compromised password (and/or using compromised + keyfiles that were necessary to mount the volume before the volume header was re-encrypted). Due to security reasons, we recommend that + +VeraCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that VeraCrypt is not used to encrypt any portions of such devices or filesystems).
+
+If you decide not to follow this recommendation and you intend to use in-place encryption on a drive that utilizes wear-leveling mechanisms, make sure the partition/drive does not contain any sensitive data before you fully encrypt it (VeraCrypt cannot reliably + perform secure in-place encryption of existing data on such a drive; however, after the partition/drive has been fully encrypted, any new data that will be saved to it will be reliably encrypted on the fly). That includes the following precautions: Before + you run VeraCrypt to set up pre-boot authentication, disable the paging files and restart the operating system (you can enable the + +paging files after the system partition/drive has been fully encrypted). +Hibernation must be prevented during the period between the moment when you start VeraCrypt to set up pre-boot authentication and the moment when the system partition/drive has been fully encrypted. However, note that even if you follow those steps, it + is not guaranteed that you will prevent data leaks and that sensitive data on the device will be securely encrypted. For more information, see the sections + +Data Leaks, +Paging File, +Hibernation File, and +Memory Dump Files.
+
+If you need +plausible deniability, you must not use VeraCrypt to encrypt any part of (or create encrypted containers on) a device (or file system) that utilizes a wear-leveling mechanism.
+

To find out whether a device utilizes a wear-leveling mechanism, please refer to documentation supplied with the device or contact the vendor/manufacturer.

+
\ No newline at end of file -- cgit v1.2.3