/* Based on implementation from https://github.com/aprelev/libgost15 Parallelization and speed optimizations for VeraCrypt use. */ #include "kuznyechik.h" #include "cpu.h" #include "misc.h" #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE #if defined (_MSC_VER) && (_MSC_VER <= 1600) #define UNROLL_LOOPS #endif enum { NumberOfRounds = 10, NumberOfRoundsInKeySchedule = 8, BlockLengthInBytes = 128 / 8, KeyLengthInBytes = 256 / 8, }; typedef union { uint_8t asBytes[BlockLengthInBytes]; __m128i asXMMWord; } block_t; CRYPTOPP_ALIGN_DATA(16) const uint_8t roundConstants[512] CRYPTOPP_SECTION_ALIGN16 = { 0x6e, 0xa2, 0x76, 0x72, 0x6c, 0x48, 0x7a, 0xb8, 0x5d, 0x27, 0xbd, 0x10, 0xdd, 0x84, 0x94, 0x01, 0xdc, 0x87, 0xec, 0xe4, 0xd8, 0x90, 0xf4, 0xb3, 0xba, 0x4e, 0xb9, 0x20, 0x79, 0xcb, 0xeb, 0x02, 0xb2, 0x25, 0x9a, 0x96, 0xb4, 0xd8, 0x8e, 0x0b, 0xe7, 0x69, 0x04, 0x30, 0xa4, 0x4f, 0x7f, 0x03, 0x7b, 0xcd, 0x1b, 0x0b, 0x73, 0xe3, 0x2b, 0xa5, 0xb7, 0x9c, 0xb1, 0x40, 0xf2, 0x55, 0x15, 0x04, 0x15, 0x6f, 0x6d, 0x79, 0x1f, 0xab, 0x51, 0x1d, 0xea, 0xbb, 0x0c, 0x50, 0x2f, 0xd1, 0x81, 0x05, 0xa7, 0x4a, 0xf7, 0xef, 0xab, 0x73, 0xdf, 0x16, 0x0d, 0xd2, 0x08, 0x60, 0x8b, 0x9e, 0xfe, 0x06, 0xc9, 0xe8, 0x81, 0x9d, 0xc7, 0x3b, 0xa5, 0xae, 0x50, 0xf5, 0xb5, 0x70, 0x56, 0x1a, 0x6a, 0x07, 0xf6, 0x59, 0x36, 0x16, 0xe6, 0x05, 0x56, 0x89, 0xad, 0xfb, 0xa1, 0x80, 0x27, 0xaa, 0x2a, 0x08, 0x98, 0xfb, 0x40, 0x64, 0x8a, 0x4d, 0x2c, 0x31, 0xf0, 0xdc, 0x1c, 0x90, 0xfa, 0x2e, 0xbe, 0x09, 0x2a, 0xde, 0xda, 0xf2, 0x3e, 0x95, 0xa2, 0x3a, 0x17, 0xb5, 0x18, 0xa0, 0x5e, 0x61, 0xc1, 0x0a, 0x44, 0x7c, 0xac, 0x80, 0x52, 0xdd, 0xd8, 0x82, 0x4a, 0x92, 0xa5, 0xb0, 0x83, 0xe5, 0x55, 0x0b, 0x8d, 0x94, 0x2d, 0x1d, 0x95, 0xe6, 0x7d, 0x2c, 0x1a, 0x67, 0x10, 0xc0, 0xd5, 0xff, 0x3f, 0x0c, 0xe3, 0x36, 0x5b, 0x6f, 0xf9, 0xae, 0x07, 0x94, 0x47, 0x40, 0xad, 0xd0, 0x08, 0x7b, 0xab, 0x0d, 0x51, 0x13, 0xc1, 0xf9, 0x4d, 0x76, 0x89, 0x9f, 0xa0, 0x29, 0xa9, 0xe0, 0xac, 0x34, 0xd4, 0x0e, 0x3f, 0xb1, 0xb7, 0x8b, 0x21, 0x3e, 0xf3, 0x27, 0xfd, 0x0e, 0x14, 0xf0, 0x71, 0xb0, 0x40, 0x0f, 0x2f, 0xb2, 0x6c, 0x2c, 0x0f, 0x0a, 0xac, 0xd1, 0x99, 0x35, 0x81, 0xc3, 0x4e, 0x97, 0x54, 0x10, 0x41, 0x10, 0x1a, 0x5e, 0x63, 0x42, 0xd6, 0x69, 0xc4, 0x12, 0x3c, 0xd3, 0x93, 0x13, 0xc0, 0x11, 0xf3, 0x35, 0x80, 0xc8, 0xd7, 0x9a, 0x58, 0x62, 0x23, 0x7b, 0x38, 0xe3, 0x37, 0x5c, 0xbf, 0x12, 0x9d, 0x97, 0xf6, 0xba, 0xbb, 0xd2, 0x22, 0xda, 0x7e, 0x5c, 0x85, 0xf3, 0xea, 0xd8, 0x2b, 0x13, 0x54, 0x7f, 0x77, 0x27, 0x7c, 0xe9, 0x87, 0x74, 0x2e, 0xa9, 0x30, 0x83, 0xbc, 0xc2, 0x41, 0x14, 0x3a, 0xdd, 0x01, 0x55, 0x10, 0xa1, 0xfd, 0xcc, 0x73, 0x8e, 0x8d, 0x93, 0x61, 0x46, 0xd5, 0x15, 0x88, 0xf8, 0x9b, 0xc3, 0xa4, 0x79, 0x73, 0xc7, 0x94, 0xe7, 0x89, 0xa3, 0xc5, 0x09, 0xaa, 0x16, 0xe6, 0x5a, 0xed, 0xb1, 0xc8, 0x31, 0x09, 0x7f, 0xc9, 0xc0, 0x34, 0xb3, 0x18, 0x8d, 0x3e, 0x17, 0xd9, 0xeb, 0x5a, 0x3a, 0xe9, 0x0f, 0xfa, 0x58, 0x34, 0xce, 0x20, 0x43, 0x69, 0x3d, 0x7e, 0x18, 0xb7, 0x49, 0x2c, 0x48, 0x85, 0x47, 0x80, 0xe0, 0x69, 0xe9, 0x9d, 0x53, 0xb4, 0xb9, 0xea, 0x19, 0x05, 0x6c, 0xb6, 0xde, 0x31, 0x9f, 0x0e, 0xeb, 0x8e, 0x80, 0x99, 0x63, 0x10, 0xf6, 0x95, 0x1a, 0x6b, 0xce, 0xc0, 0xac, 0x5d, 0xd7, 0x74, 0x53, 0xd3, 0xa7, 0x24, 0x73, 0xcd, 0x72, 0x01, 0x1b, 0xa2, 0x26, 0x41, 0x31, 0x9a, 0xec, 0xd1, 0xfd, 0x83, 0x52, 0x91, 0x03, 0x9b, 0x68, 0x6b, 0x1c, 0xcc, 0x84, 0x37, 0x43, 0xf6, 0xa4, 0xab, 0x45, 0xde, 0x75, 0x2c, 0x13, 0x46, 0xec, 0xff, 0x1d, 0x7e, 0xa1, 0xad, 0xd5, 0x42, 0x7c, 0x25, 0x4e, 0x39, 0x1c, 0x28, 0x23, 0xe2, 0xa3, 0x80, 0x1e, 0x10, 0x03, 0xdb, 0xa7, 0x2e, 0x34, 0x5f, 0xf6, 0x64, 0x3b, 0x95, 0x33, 0x3f, 0x27, 0x14, 0x1f, 0x5e, 0xa7, 0xd8, 0x58, 0x1e, 0x14, 0x9b, 0x61, 0xf1, 0x6a, 0xc1, 0x45, 0x9c, 0xed, 0xa8, 0x20, }; /** Exponents table (generator = 0x02 in GF(256) modulo g(x) = 111000011). */ CRYPTOPP_ALIGN_DATA(16) const uint_8t exponentialTable[256] CRYPTOPP_SECTION_ALIGN16 = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0xc3, 0x45, 0x8a, 0xd7, 0x6d, 0xda, 0x77, 0xee, 0x1f, 0x3e, 0x7c, 0xf8, 0x33, 0x66, 0xcc, 0x5b, 0xb6, 0xaf, 0x9d, 0xf9, 0x31, 0x62, 0xc4, 0x4b, 0x96, 0xef, 0x1d, 0x3a, 0x74, 0xe8, 0x13, 0x26, 0x4c, 0x98, 0xf3, 0x25, 0x4a, 0x94, 0xeb, 0x15, 0x2a, 0x54, 0xa8, 0x93, 0xe5, 0x09, 0x12, 0x24, 0x48, 0x90, 0xe3, 0x05, 0x0a, 0x14, 0x28, 0x50, 0xa0, 0x83, 0xc5, 0x49, 0x92, 0xe7, 0x0d, 0x1a, 0x34, 0x68, 0xd0, 0x63, 0xc6, 0x4f, 0x9e, 0xff, 0x3d, 0x7a, 0xf4, 0x2b, 0x56, 0xac, 0x9b, 0xf5, 0x29, 0x52, 0xa4, 0x8b, 0xd5, 0x69, 0xd2, 0x67, 0xce, 0x5f, 0xbe, 0xbf, 0xbd, 0xb9, 0xb1, 0xa1, 0x81, 0xc1, 0x41, 0x82, 0xc7, 0x4d, 0x9a, 0xf7, 0x2d, 0x5a, 0xb4, 0xab, 0x95, 0xe9, 0x11, 0x22, 0x44, 0x88, 0xd3, 0x65, 0xca, 0x57, 0xae, 0x9f, 0xfd, 0x39, 0x72, 0xe4, 0x0b, 0x16, 0x2c, 0x58, 0xb0, 0xa3, 0x85, 0xc9, 0x51, 0xa2, 0x87, 0xcd, 0x59, 0xb2, 0xa7, 0x8d, 0xd9, 0x71, 0xe2, 0x07, 0x0e, 0x1c, 0x38, 0x70, 0xe0, 0x03, 0x06, 0x0c, 0x18, 0x30, 0x60, 0xc0, 0x43, 0x86, 0xcf, 0x5d, 0xba, 0xb7, 0xad, 0x99, 0xf1, 0x21, 0x42, 0x84, 0xcb, 0x55, 0xaa, 0x97, 0xed, 0x19, 0x32, 0x64, 0xc8, 0x53, 0xa6, 0x8f, 0xdd, 0x79, 0xf2, 0x27, 0x4e, 0x9c, 0xfb, 0x35, 0x6a, 0xd4, 0x6b, 0xd6, 0x6f, 0xde, 0x7f, 0xfe, 0x3f, 0x7e, 0xfc, 0x3b, 0x76, 0xec, 0x1b, 0x36, 0x6c, 0xd8, 0x73, 0xe6, 0x0f, 0x1e, 0x3c, 0x78, 0xf0, 0x23, 0x46, 0x8c, 0xdb, 0x75, 0xea, 0x17, 0x2e, 0x5c, 0xb8, 0xb3, 0xa5, 0x89, 0xd1, 0x61, 0xc2, 0x47, 0x8e, 0xdf, 0x7d, 0xfa, 0x37, 0x6e, 0xdc, 0x7b, 0xf6, 0x2f, 0x5e, 0xbc, 0xbb, 0xb5, 0xa9, 0x91, 0xe1, 0x01 }; /** Discrete logarithms table (generator = 0x02 in GF(256) modulo g(x) = 111000011). */ CRYPTOPP_ALIGN_DATA(16) const uint_8t logarithmicTable[256] CRYPTOPP_SECTION_ALIGN16 = { 0x00, 0x00, 0x01, 0x9d, 0x02, 0x3b, 0x9e, 0x97, 0x03, 0x35, 0x3c, 0x84, 0x9f, 0x46, 0x98, 0xd8, 0x04, 0x76, 0x36, 0x26, 0x3d, 0x2f, 0x85, 0xe3, 0xa0, 0xb5, 0x47, 0xd2, 0x99, 0x22, 0xd9, 0x10, 0x05, 0xad, 0x77, 0xdd, 0x37, 0x2b, 0x27, 0xbf, 0x3e, 0x58, 0x30, 0x53, 0x86, 0x70, 0xe4, 0xf7, 0xa1, 0x1c, 0xb6, 0x14, 0x48, 0xc3, 0xd3, 0xf2, 0x9a, 0x81, 0x23, 0xcf, 0xda, 0x50, 0x11, 0xcc, 0x06, 0x6a, 0xae, 0xa4, 0x78, 0x09, 0xde, 0xed, 0x38, 0x43, 0x2c, 0x1f, 0x28, 0x6d, 0xc0, 0x4d, 0x3f, 0x8c, 0x59, 0xb9, 0x31, 0xb1, 0x54, 0x7d, 0x87, 0x90, 0x71, 0x17, 0xe5, 0xa7, 0xf8, 0x61, 0xa2, 0xeb, 0x1d, 0x4b, 0xb7, 0x7b, 0x15, 0x5f, 0x49, 0x5d, 0xc4, 0xc6, 0xd4, 0x0c, 0xf3, 0xc8, 0x9b, 0x95, 0x82, 0xd6, 0x24, 0xe1, 0xd0, 0x0e, 0xdb, 0xbd, 0x51, 0xf5, 0x12, 0xf0, 0xcd, 0xca, 0x07, 0x68, 0x6b, 0x41, 0xaf, 0x8a, 0xa5, 0x8e, 0x79, 0xe9, 0x0a, 0x5b, 0xdf, 0x93, 0xee, 0xbb, 0x39, 0xfd, 0x44, 0x33, 0x2d, 0x74, 0x20, 0xb3, 0x29, 0xab, 0x6e, 0x56, 0xc1, 0x1a, 0x4e, 0x7f, 0x40, 0x67, 0x8d, 0x89, 0x5a, 0xe8, 0xba, 0x92, 0x32, 0xfc, 0xb2, 0x73, 0x55, 0xaa, 0x7e, 0x19, 0x88, 0x66, 0x91, 0xe7, 0x72, 0xfb, 0x18, 0xa9, 0xe6, 0x65, 0xa8, 0xfa, 0xf9, 0x64, 0x62, 0x63, 0xa3, 0x69, 0xec, 0x08, 0x1e, 0x42, 0x4c, 0x6c, 0xb8, 0x8b, 0x7c, 0xb0, 0x16, 0x8f, 0x60, 0xa6, 0x4a, 0xea, 0x5e, 0x7a, 0xc5, 0x5c, 0xc7, 0x0b, 0xd5, 0x94, 0x0d, 0xe0, 0xf4, 0xbc, 0xc9, 0xef, 0x9c, 0xfe, 0x96, 0x3a, 0x83, 0x34, 0xd7, 0x45, 0x25, 0x75, 0xe2, 0x2e, 0xd1, 0xb4, 0x0f, 0x21, 0xdc, 0xac, 0xbe, 0x2a, 0x52, 0x57, 0xf6, 0x6f, 0x13, 0x1b, 0xf1, 0xc2, 0xce, 0x80, 0xcb, 0x4f }; /** Pi substitution box defined by GOST 34.12 '2015. */ CRYPTOPP_ALIGN_DATA(16) const uint_8t Pi[256] CRYPTOPP_SECTION_ALIGN16 = { 0xfc, 0xee, 0xdd, 0x11, 0xcf, 0x6e, 0x31, 0x16, 0xfb, 0xc4, 0xfa, 0xda, 0x23, 0xc5, 0x04, 0x4d, 0xe9, 0x77, 0xf0, 0xdb, 0x93, 0x2e, 0x99, 0xba, 0x17, 0x36, 0xf1, 0xbb, 0x14, 0xcd, 0x5f, 0xc1, 0xf9, 0x18, 0x65, 0x5a, 0xe2, 0x5c, 0xef, 0x21, 0x81, 0x1c, 0x3c, 0x42, 0x8b, 0x01, 0x8e, 0x4f, 0x05, 0x84, 0x02, 0xae, 0xe3, 0x6a, 0x8f, 0xa0, 0x06, 0x0b, 0xed, 0x98, 0x7f, 0xd4, 0xd3, 0x1f, 0xeb, 0x34, 0x2c, 0x51, 0xea, 0xc8, 0x48, 0xab, 0xf2, 0x2a, 0x68, 0xa2, 0xfd, 0x3a, 0xce, 0xcc, 0xb5, 0x70, 0x0e, 0x56, 0x08, 0x0c, 0x76, 0x12, 0xbf, 0x72, 0x13, 0x47, 0x9c, 0xb7, 0x5d, 0x87, 0x15, 0xa1, 0x96, 0x29, 0x10, 0x7b, 0x9a, 0xc7, 0xf3, 0x91, 0x78, 0x6f, 0x9d, 0x9e, 0xb2, 0xb1, 0x32, 0x75, 0x19, 0x3d, 0xff, 0x35, 0x8a, 0x7e, 0x6d, 0x54, 0xc6, 0x80, 0xc3, 0xbd, 0x0d, 0x57, 0xdf, 0xf5, 0x24, 0xa9, 0x3e, 0xa8, 0x43, 0xc9, 0xd7, 0x79, 0xd6, 0xf6, 0x7c, 0x22, 0xb9, 0x03, 0xe0, 0x0f, 0xec, 0xde, 0x7a, 0x94, 0xb0, 0xbc, 0xdc, 0xe8, 0x28, 0x50, 0x4e, 0x33, 0x0a, 0x4a, 0xa7, 0x97, 0x60, 0x73, 0x1e, 0x00, 0x62, 0x44, 0x1a, 0xb8, 0x38, 0x82, 0x64, 0x9f, 0x26, 0x41, 0xad, 0x45, 0x46, 0x92, 0x27, 0x5e, 0x55, 0x2f, 0x8c, 0xa3, 0xa5, 0x7d, 0x69, 0xd5, 0x95, 0x3b, 0x07, 0x58, 0xb3, 0x40, 0x86, 0xac, 0x1d, 0xf7, 0x30, 0x37, 0x6b, 0xe4, 0x88, 0xd9, 0xe7, 0x89, 0xe1, 0x1b, 0x83, 0x49, 0x4c, 0x3f, 0xf8, 0xfe, 0x8d, 0x53, 0xaa, 0x90, 0xca, 0xd8, 0x85, 0x61, 0x20, 0x71, 0x67, 0xa4, 0x2d, 0x2b, 0x09, 0x5b, 0xcb, 0x9b, 0x25, 0xd0, 0xbe, 0xe5, 0x6c, 0x52, 0x59, 0xa6, 0x74, 0xd2, 0xe6, 0xf4, 0xb4, 0xc0, 0xd1, 0x66, 0xaf, 0xc2, 0x39, 0x4b, 0x63, 0xb6, }; /** Inversed Pi substitution box. */ CRYPTOPP_ALIGN_DATA(16) const uint_8t InversedPi[256] CRYPTOPP_SECTION_ALIGN16 = { 0xa5, 0x2d, 0x32, 0x8f, 0x0e, 0x30, 0x38, 0xc0, 0x54, 0xe6, 0x9e
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="/code/">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Hidden%20Volume.html">Hidden Volume</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Security%20Requirements%20for%20Hidden%20Volumes.html">Security Requirements for Hidden Volumes</a>
</p></div>
<div class="wikidoc">
<h1>Security Requirements and Precautions Pertaining to Hidden Volumes</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
If you use a <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden VeraCrypt volume</a>, you must follow the security requirements and precautions listed below in this section. Disclaimer: This section is not guaranteed to contain a list of
<em style="text-align:left">all</em> security issues and attacks that might adversely affect or limit the ability of VeraCrypt to secure data stored in a hidden VeraCrypt volume and the ability to provide plausible deniability.</div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If an adversary has access to a (dismounted) VeraCrypt volume at several points over time, he may be able to determine which sectors of the volume are changing. If you change the contents of a
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden volume</a> (e.g., create/copy new files to the hidden volume or modify/delete/rename/move files stored on the hidden volume, etc.), the contents of sectors (ciphertext) in the hidden volume area will change. After being given the password to the outer
volume, the adversary might demand an explanation why these sectors changed. Your failure to provide a plausible explanation might indicate the existence of a hidden volume within the outer volume.<br style="text-align:left">
<br style="text-align:left">
Note that issues similar to the one described above may also arise, for example, in the following cases:<br style="text-align:left">
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
The file system in which you store a file-hosted VeraCrypt container has been defragmented and a copy of the VeraCrypt container (or of its fragment) remains in the free space on the host volume (in the defragmented file system). To prevent this, do one of
the following:
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Securely erase free space on the host volume (in the defragmented file system) after defragmenting. On Windows, this can be done using the Microsoft
<a href="https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx">free utility SDelete</a>. On Linux, the
<em>shred</em> utility from GNU coreutils package can be used for this purpose. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Do not defragment file systems in which you store VeraCrypt volumes. </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS). A copy of the VeraCrypt container (or of its fragment) may remain on the host volume. To prevent this, do one the following:
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Store the container in a non-journaling file system (for example, FAT32). </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A VeraCrypt volume resides on a device/filesystem that utilizes a wear-leveling mechanism (e.g. a flash-memory SSD or USB flash drive). A copy of (a fragment of) the VeraCrypt volume may remain on the device. Therefore, do not store hidden volumes on such devices/filesystems.
For more information on wear-leveling, see the section <a href="Wear-Leveling.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Wear-Leveling</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Security Requirements and Precautions</a>. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A VeraCrypt volume resides on a device/filesystem that saves data (or on a device/filesystem that is controlled or monitored by a system/device that saves data) (e.g. the value of a timer or counter) that can be used to determine that a block had been written
earlier than another block and/or to determine how many times a block has been written/read. Therefore, do not store hidden volumes on such devices/filesystems. To find out whether a device/system saves such data, please refer to documentation supplied with
the device/system or contact the vendor/manufacturer. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A VeraCrypt volume resides on a device that is prone to wear (it is possible to determine that a block has been written/read more times than another block). Therefore, do not store hidden volumes on such devices/filesystems. To find out whether a device is
prone to such wear, please refer to documentation supplied with the device or contact the vendor/manufacturer.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
You back up content of a hidden volume by cloning its host volume or create a new hidden volume by cloning its host volume. Therefore, you must not do so. Follow the instructions in the chapter
<a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
How to Back Up Securely</a> and in the section <a href="Volume%20Clones.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Volume Clones</a>. </li></ul>
</li></ul>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Make sure that <em style="text-align:left">Quick Format</em> is disabled when encrypting a partition/device within which you intend to create a hidden volume.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
On Windows, make sure you have not deleted any files within a volume within which you intend to create a hidden volume (the cluster bitmap scanner does not detect deleted files).
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
On Linux or Mac OS X, if you intend to create a hidden volume within a file-hosted VeraCrypt volume, make sure that the volume is not sparse-file-hosted (the Windows version of VeraCrypt verifies this and disallows creation of hidden volumes within sparse files).
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When a hidden volume is mounted, the operating system and third-party applications may write to non-hidden volumes (typically, to the unencrypted system volume) unencrypted information about the data stored in the hidden volume (e.g. filenames and locations
of recently accessed files, databases created by file indexing tools, etc.), the data itself in an unencrypted form (temporary files, etc.), unencrypted information about the filesystem residing in the hidden volume (which might be used e.g. to identify the
filesystem and to determine whether it is the filesystem residing in the outer volume), the password/key for the hidden volume, or other types of sensitive data. Therefore, the following security requirements and precautions must be followed:
<br style="text-align:left">
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">Windows</em>: Create a hidden operating system (for information on how to do so, see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hidden Operating System</a>) and mount hidden volumes only when the hidden operating system is running.
<span style="text-align:left; font-size:10px; line-height:12px">Note: When a hidden operating system is running, VeraCrypt ensures that all local unencrypted filesystems and non-hidden VeraCrypt volumes are read-only (i.e. no files can be written to such filesystems
or VeraCrypt volumes).<a href="#hidden_os_exception">*</a> Data is allowed to be written to filesystems within
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden VeraCrypt volumes</a>.</span> Alternatively, if a hidden operating system cannot be used, use a "live-CD" Windows PE system (entirely stored on and booted from a CD/DVD) that ensures that any data written to the system volume is written to a RAM disk.
Mount hidden volumes only when such a "live-CD" system is running (if a hidden operating system cannot be used). In addition, during such a "live-CD" session, only filesystems that reside in hidden VeraCrypt volumes may be mounted in read-write mode (outer
or unencrypted volumes/filesystems must be mounted as read-only or must not be mounted/accessible at all); otherwise, you must ensure that applications and the operating system do not write any sensitive data (see above) to non-hidden volumes/filesystems during
the "live-CD" session. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">Linux</em>: Download or create a "live-CD" version of your operating system (i.e. a "live" Linux system entirely stored on and booted from a CD/DVD) that ensures that any data written to the system volume is written to a RAM disk.
Mount hidden volumes only when such a "live-CD" system is running. During the session, only filesystems that reside in hidden VeraCrypt volumes may be mounted in read-write mode (outer or unencrypted volumes/filesystems must be mounted as read-only or must
not be mounted/accessible at all). If you cannot comply with this requirement and you are not able to ensure that applications and the operating system do not write any sensitive data (see above) to non-hidden volumes/filesystems, you must not mount or create
hidden VeraCrypt volumes under Linux. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">Mac OS X</em>: If you are not able to ensure that applications and the operating system do not write any sensitive data (see above) to non-hidden volumes/filesystems, you must not mount or create hidden VeraCrypt volumes under Mac
OS X. </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When an outer volume is mounted with <a href="Protection%20of%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden volume protection</a> enabled (see section <a href="Protection%20of%20Hidden%20Volumes.html">
Protection of Hidden Volumes Against Damage</a>), you must follow the same security requirements and precautions that you are required to follow when a hidden volume is mounted (see above). The reason is that the operating system might leak the password/key
for the hidden volume to a non-hidden or unencrypted volume. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If you use an <strong style="text-align:left">operating system residing within a hidden volume</strong> (see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hidden Operating System</a>), then, in addition to the above, you must follow these security requirements and precautions:
<br style="text-align:left">
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
You should use the decoy operating system as frequently as you use your computer. Ideally, you should use it for all activities that do not involve sensitive data. Otherwise, plausible deniability of the hidden operating system might be adversely affected (if
you revealed the password for the decoy operating system to an adversary, he could find out that the system is not used very often, which might indicate the existence of a hidden operating system on your computer). Note that you can save data to the decoy
system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is
<em style="text-align:left">not</em> installed in the outer volume). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the operating system requires activation, it must be activated before it is cloned (cloning is part of the process of creation of a hidden operating system — see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hidden Operating System</a>) and the hidden operating system (i.e. the clone) must never be reactivated. The reason is that the hidden operating system is created by copying the content of the system partition to a hidden volume (so if the operating system
is not activated, the hidden operating system will not be activated either). If you activated or reactivated a hidden operating system, the date and time of the activation (and other data) might be logged on a Microsoft server (and on the hidden operating
system) but not on the <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
decoy operating system</a>. Therefore, if an adversary had access to the data stored on the server or intercepted your request to the server (and if you revealed the password for the decoy operating system to him), he might find out that the decoy operating
system was activated (or reactivated) at a different time, which might indicate the existence of a hidden operating system on your computer.<br style="text-align:left">
<br style="text-align:left">
For similar reasons, any software that requires activation must be installed and activated before you start creating the hidden operating system.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When you need to shut down the hidden system and start the decoy system, do <em style="text-align:left">
not</em> restart the computer. Instead, shut it down or hibernate it and then leave it powered off for at least several minutes (the longer, the better) before turning the computer on and booting the decoy system. This is required to clear the memory, which
may contain sensitive data. For more information, see the section <a href="Unencrypted%20Data%20in%20RAM.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Unencrypted Data in RAM</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Security Requirements and Precautions</a>. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
The computer may be connected to a network (including the internet) only when the decoy operating system is running. When the hidden operating system is running, the computer should not be connected to any network, including the internet (one of the most reliable
ways to ensure it is to unplug the network cable, if there is one). Note that if data is downloaded from or uploaded to a remote server, the date and time of the connection, and other data, are typically logged on the server. Various kinds of data are also
logged on the operating system (e.g. Windows auto-update data, application logs, error logs, etc.) Therefore, if an adversary had access to the data stored on the server or intercepted your request to the server (and if you revealed the password for the decoy
operating system to him), he might find out that the connection was not made from within the decoy operating system, which might indicate the existence of a hidden operating system on your computer.
<br style="text-align:left">
<br style="text-align:left">
Also note that similar issues would affect you if there were any filesystem shared over a network under the hidden operating system (regardless of whether the filesystem is remote or local). Therefore, when the hidden operating system is running, there must
be no filesystem shared over a network (in any direction). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Any actions that can be detected by an adversary (or any actions that modify any data outside mounted hidden volumes) must be performed only when the decoy operating system is running (unless you have a plausible alternative explanation, such as using a "live-CD"
system to perform such actions). For example, the option '<em style="text-align:left">Auto-adjust for daylight saving time</em>' option may be enabled only on the decoy system.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the BIOS, EFI, or any other component logs power-down events or any other events that could indicate a hidden volume/system is used (e.g. by comparing such events with the events in the Windows event log), you must either disable such logging or ensure that
the log is securely erased after each session (or otherwise avoid such an issue in an appropriate way).
</li></ul>
</li></ul>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
In addition to the above, you must follow the security requirements and precautions listed in the following chapters:</div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Security Requirements and Precautions</a>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left"><a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none.html">How to Back Up Securely</a></strong>
</li></ul>
<p><a href="VeraCrypt%20Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></p>
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
<p id="hidden_os_exception"><span style="text-align:left; font-size:10px; line-height:12px">* This does not apply to filesystems on CD/DVD-like media and on custom, untypical, or non-standard devices/media.</span></p>
</div><div class="ClearBoth"></div></body></html>