VeraCrypt

Documentation >> Security Model

Security Model

Note to security researchers: If you intend to report a security issue or publish an attack on VeraCrypt, please make sure it does not disregard the security model of VeraCrypt described below. If it does, the attack (or security issue report) will be considered invalid/bogus.

VeraCrypt is a computer software program whose primary purposes are to:

VeraCrypt does not:

Under Windows, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):

Under Linux, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):

Under Mac OS X, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):

VeraCrypt does not support the set-euid root mode of execution.

Additional information and details regarding the security model are contained in the chapter Security Requirements and Precautions.

* In this section (Security Model), the phrase “data on a computer” means data on internal and external storage devices/media (including removable devices and network drives) connected to the computer.

† In this section (Security Model), the phrase “administrator privileges” does not necessarily refer to a valid administrator account. It may also refer to an attacker who does not have a valid administrator account but who is able (for example, due to improper configuration of the system or by exploiting a vulnerability in the operating system or a third-party application) to perform any action that only a user with a valid administrator account is normally allowed to perform (for example, to read or modify an arbitrary part of a drive or the RAM, etc.)

‡ “VeraCrypt volume” also means a VeraCrypt-encrypted system partition/drive (see the chapter System Encryption).