VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc/html/Defragmenting.html
blob: c7c16534b73feb4ee48b9c162b0ab88adfdf427f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>

<div>                      
<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>

<div id="menu">
	<ul>
	  <li><a href="Home.html">Home</a></li>
	  <li><a href="/code/">Source Code</a></li>
	  <li><a href="Downloads.html">Downloads</a></li>
	  <li><a class="active" href="Documentation.html">Documentation</a></li>
	  <li><a href="Donation.html">Donate</a></li>
	  <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
	</ul>
</div>

<div>
<p>
<a href="Documentation.html">Documentation</a>           
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20and%20Precautions.html">Security Requirements and Precautions</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Defragmenting.html">Defragmenting</a>
</p></div>

<div class="wikidoc">
<h1>Defragmenting</h1>
<p>When you (or the operating system) defragment the file system in which a file-hosted VeraCrypt container is stored, a copy of the VeraCrypt container (or of its fragment) may remain in the free space on the host volume (in the defragmented file system).
 This may have various security implications. For example, if you change the volume password/keyfile(s) afterwards, and an adversary finds the old copy or fragment (the old header) of the VeraCrypt volume, he might use it to mount the volume using an old compromised
 password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). To prevent this and other possible security issues (such as those mentioned in the section
<a href="Volume%20Clones.html"><em>Volume Clones</em></a>), do one of the following:</p>
<ul>
<li>Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li><em>Securely</em> erase free space on the host volume (in the defragmented file system) after defragmenting. On Windows, this can be done using the Microsoft free utility
<code>SDelete</code> (<a href="https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx" rel="nofollow">https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx</a>). On Linux, the
<code>shred</code> utility from GNU coreutils package can be used for this purpose.&nbsp;
</li><li>Do not defragment file systems in which you store VeraCrypt volumes. </li></ul>
</div><div class="ClearBoth"></div></body></html>
span class="p">] = 'a'; if (xtra[1] != 'z') xtra[1]++; else xtra[1] = 'a'; } /* * check the target directory; if you have six X's and it * doesn't exist this runs for a *very* long time. */ for (start = trv + 1;; --trv) { if (trv <= path) break; if (*trv == '/') { *trv = '\0'; if (stat(path, &sbuf)) return (0); if (!S_ISDIR(sbuf.st_mode)) { errno = ENOTDIR; return (0); } *trv = '/'; break; } } for (;;) { if ((fd=open(path, O_CREAT|O_EXCL|O_RDWR|O_BINARY, 0600)) >= 0) return (fd); if (errno != EEXIST) return (0); /* tricky little algorithm for backward compatibility */ for (trv = start;;) { if (!*trv) return (0); if (*trv == 'z') *trv++ = 'a'; else { if (isdigit((unsigned char)*trv)) *trv = 'a'; else ++*trv; break; } } } /*NOTREACHED*/ #endif }