VeraCrypt

Documentation >> Security Requirements and Precautions >> Wear-Leveling

Wear-Leveling

Some storage devices (e.g., some solid-state drives, including USB flash drives) and some file systems utilize so-called wear-leveling mechanisms to extend the lifetime of the storage device or medium. These mechanisms ensure that even if an application repeatedly writes data to the same logical sector, the data is distributed evenly across the medium (logical sectors are remapped to different physical sectors). Therefore, multiple "versions" of a single sector may be available to an attacker. This may have various security implications. For instance, when you change a volume password/keyfile(s), the volume header is, under normal conditions, overwritten with a re-encrypted version of the header. However, when the volume resides on a device that utilizes a wear-leveling mechanism, VeraCrypt cannot ensure that the older header is really overwritten. If an adversary found the old volume header (which was to be overwritten) on the device, he could use it to mount the volume using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). Due to security reasons, we recommend that VeraCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that VeraCrypt is not used to encrypt any portions of such devices or filesystems).
If you decide not to follow this recommendation and you intend to use in-place encryption on a drive that utilizes wear-leveling mechanisms, make sure the partition/drive does not contain any sensitive data before you fully encrypt it (VeraCrypt cannot reliably perform secure in-place encryption of existing data on such a drive; however, after the partition/drive has been fully encrypted, any new data that will be saved to it will be reliably encrypted on the fly). That includes the following precautions: Before you run VeraCrypt to set up pre-boot authentication, disable the paging files and restart the operating system (you can enable the paging files after the system partition/drive has been fully encrypted). Hibernation must be prevented during the period between the moment when you start VeraCrypt to set up pre-boot authentication and the moment when the system partition/drive has been fully encrypted. However, note that even if you follow those steps, it is not guaranteed that you will prevent data leaks and that sensitive data on the device will be securely encrypted. For more information, see the sections Data Leaks, Paging File, Hibernation File, and Memory Dump Files.
If you need plausible deniability, you must not use VeraCrypt to encrypt any part of (or create encrypted containers on) a device (or file system) that utilizes a wear-leveling mechanism.

To find out whether a device utilizes a wear-leveling mechanism, please refer to documentation supplied with the device or contact the vendor/manufacturer.

80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 
/*
 Derived from source code of TrueCrypt 7.1a, which is
 Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
 by the TrueCrypt License 3.0.

 Modifications and additions to the original source code (contained in this file) 
 and all other portions of this file are Copyright (c) 2013-2015 IDRIX
 and are governed by the Apache License 2.0 the full text of which is
 contained in the file License.txt included in VeraCrypt binary and source
 code distribution packages.
*/

#include "System.h"
#include "Main/Application.h"
#include "UserPreferences.h"
#include "Xml.h"

namespace VeraCrypt
{
	void UserPreferences::SetValue (const wxString &cfgText, bool &cfgVar)
	{
		if (cfgText == L"0")
			cfgVar = false;
		else if (cfgText == L"1")
			cfgVar = true;
	}

	void UserPreferences::SetValue (const wxString &cfgText, int &cfgVar)
	{
		if (cfgText.empty())
			cfgVar = 0;
		else
			cfgVar = StringConverter::ToUInt32 (wstring (cfgText));
	}
	
	void UserPreferences::SetValue (const wxString &cfgText, uint64 &cfgVar)
	{
		if (cfgText.empty())
			cfgVar = 0;
		else
			cfgVar = StringConverter::ToUInt64 (wstring (cfgText));
	}

	void UserPreferences::SetValue (const wxString &cfgText, wstring &cfgVar)
	{
		cfgVar = cfgText;
	}

	void UserPreferences::SetValue (const wxString &cfgText, wxString &cfgVar)
	{
		cfgVar = cfgText;
	}

	void UserPreferences::SetValue (const wxString &cfgText, FilesystemPath &cfgVar)
	{
		cfgVar = wstring (cfgText);
	}

	void UserPreferences::Load()
	{
		// Preferences
		FilePath cfgPath = Application::GetConfigFilePath (GetPreferencesFileName());
		if (cfgPath.IsFile())
		{
			map <wxString, wxString> configMap;
			foreach (XmlNode node, XmlParser (cfgPath).GetNodes (L"config"))
			{
				configMap[node.Attributes[L"key"]] = node.InnerText;
			}

#define TC_CONFIG_SET(NAME) SetValue (configMap[L###NAME], NAME)

			TC_CONFIG_SET (BackgroundTaskEnabled);
			TC_CONFIG_SET (BackgroundTaskMenuDismountItemsEnabled);
			TC_CONFIG_SET (BackgroundTaskMenuMountItemsEnabled);
			TC_CONFIG_SET (BackgroundTaskMenuOpenItemsEnabled);
			TC_CONFIG_SET (BeepAfterHotkeyMountDismount);
			SetValue (configMap[L"CachePasswords"], DefaultMountOptions.CachePassword);
			TC_CONFIG_SET (CloseBackgroundTaskOnNoVolumes);
			TC_CONFIG_SET (CloseExplorerWindowsOnDismount);
			TC_CONFIG_SET (CloseSecurityTokenSessionsAfterMount);
			TC_CONFIG_SET (DisableKernelEncryptionModeWarning);
			TC_CONFIG_SET (DismountOnInactivity);
			TC_CONFIG_SET (DismountOnLogOff);
			TC_CONFIG_SET (DismountOnPowerSaving);
			TC_CONFIG_SET (DismountOnScreenSaver);
			TC_CONFIG_SET (DisplayMessageAfterHotkeyDismount);
			TC_CONFIG_SET (BackgroundTaskEnabled);
			SetValue (configMap[L"FilesystemOptions"], DefaultMountOptions.FilesystemOptions);
			TC_CONFIG_SET (ForceAutoDismount);
			TC_CONFIG_SET (LastSelectedSlotNumber);
			TC_CONFIG_SET (MaxVolumeIdleTime);
			TC_CONFIG_SET (MountDevicesOnLogon);
			TC_CONFIG_SET (MountFavoritesOnLogon);

			bool readOnly;
			SetValue (configMap[L"MountVolumesReadOnly"], readOnly);
			DefaultMountOptions.Protection = readOnly ? VolumeProtection::ReadOnly : VolumeProtection::None;

			SetValue (configMap[L"MountVolumesRemovable"], DefaultMountOptions.Removable);
			SetValue (configMap[L"NoHardwareCrypto"], DefaultMountOptions.NoHardwareCrypto);
			SetValue (configMap[L"NoKernelCrypto"], DefaultMountOptions.NoKernelCrypto);
			TC_CONFIG_SET (OpenExplorerWindowAfterMount);
			SetValue (configMap[L"PreserveTimestamps"], DefaultMountOptions.PreserveTimestamps);
			TC_CONFIG_SET (SaveHistory);
			SetValue (configMap[L"SecurityTokenLibrary"], SecurityTokenModule);
			TC_CONFIG_SET (StartOnLogon);
			TC_CONFIG_SET (UseKeyfiles);
			TC_CONFIG_SET (WipeCacheOnAutoDismount);
			TC_CONFIG_SET (WipeCacheOnClose);
			
			SetValue (configMap[L"DefaultTrueCryptMode"], DefaultMountOptions.TrueCryptMode);
			
			wstring defaultPrf;
			SetValue (configMap[L"DefaultPRF"], defaultPrf);
			
			shared_ptr <Pkcs5Kdf> savedKdf;
			try
			{
				if (defaultPrf != L"autodetection")
					savedKdf = Pkcs5Kdf::GetAlgorithm (defaultPrf, DefaultMountOptions.TrueCryptMode);
			}
			catch (ParameterIncorrect&)
			{
			}
			
			DefaultMountOptions.Kdf = savedKdf;
			DefaultMountOptions.ProtectionKdf = savedKdf;				
		}

		// Default keyfiles
		cfgPath = Application::GetConfigFilePath (GetDefaultKeyfilesFileName());
		if (cfgPath.IsFile())
		{
			foreach (const XmlNode &node, XmlParser (cfgPath).GetNodes (L"keyfile"))
			{
				DefaultKeyfiles.push_back (make_shared <Keyfile> ((wstring) node.InnerText));
			}
		}
		
#ifdef TC_WINDOWS
		// Hotkeys
		Hotkeys = Hotkey::LoadList();
#endif
	}

	void UserPreferences::Save() const
	{
		// Preferences
		class ConfigXmlFormatter
		{
		public:
			void AddEntry (const wchar_t *key, const wxString &value)
			{
				if (!value.empty())
				{
					XmlNode config (L"config");
					config.Attributes[L"key"] = key;
					config.InnerText = value;
					XmlConfig.InnerNodes.push_back (config);
				}
			}

			void AddEntry (const wchar_t *key, bool value)
			{
				AddEntry (key, wxString (value ? L"1" : L"0"));
			}

			void AddEntry (const wchar_t *key, int value)
			{
				wstringstream s;
				s << value;
				AddEntry (key, s.str());
			}

			void AddEntry (const wchar_t *key, uint64 value)
			{
				wstringstream s;
				s << value;
				AddEntry (key, s.str());
			}

			XmlNode XmlConfig;
		};

		ConfigXmlFormatter formatter;
		formatter.XmlConfig.Name = L"configuration";

#define TC_CONFIG_ADD(NAME) formatter.AddEntry (L###NAME, NAME)

		TC_CONFIG_ADD (BackgroundTaskEnabled);
		TC_CONFIG_ADD (BackgroundTaskMenuDismountItemsEnabled);
		TC_CONFIG_ADD (BackgroundTaskMenuMountItemsEnabled);
		TC_CONFIG_ADD (BackgroundTaskMenuOpenItemsEnabled);
		TC_CONFIG_ADD (BeepAfterHotkeyMountDismount);
		formatter.AddEntry (L"CachePasswords", DefaultMountOptions.CachePassword);
		TC_CONFIG_ADD (CloseBackgroundTaskOnNoVolumes);
		TC_CONFIG_ADD (CloseExplorerWindowsOnDismount);
		TC_CONFIG_ADD (CloseSecurityTokenSessionsAfterMount);
		TC_CONFIG_ADD (DisableKernelEncryptionModeWarning);
		TC_CONFIG_ADD (DismountOnInactivity);
		TC_CONFIG_ADD (DismountOnLogOff);
		TC_CONFIG_ADD (DismountOnPowerSaving);
		TC_CONFIG_ADD (DismountOnScreenSaver);
		TC_CONFIG_ADD (DisplayMessageAfterHotkeyDismount);
		TC_CONFIG_ADD (BackgroundTaskEnabled);
		formatter.AddEntry (L"FilesystemOptions", DefaultMountOptions.FilesystemOptions);
		TC_CONFIG_ADD (ForceAutoDismount);
		TC_CONFIG_ADD (LastSelectedSlotNumber);
		TC_CONFIG_ADD (MaxVolumeIdleTime);
		TC_CONFIG_ADD (MountDevicesOnLogon);
		TC_CONFIG_ADD (MountFavoritesOnLogon);
		formatter.AddEntry (L"MountVolumesReadOnly", DefaultMountOptions.Protection == VolumeProtection::ReadOnly);
		formatter.AddEntry (L"MountVolumesRemovable", DefaultMountOptions.Removable);
		formatter.AddEntry (L"NoHardwareCrypto", DefaultMountOptions.NoHardwareCrypto);
		formatter.AddEntry (L"NoKernelCrypto", DefaultMountOptions.NoKernelCrypto);
		TC_CONFIG_ADD (OpenExplorerWindowAfterMount);
		formatter.AddEntry (L"PreserveTimestamps", DefaultMountOptions.PreserveTimestamps);
		TC_CONFIG_ADD (SaveHistory);
		formatter.AddEntry (L"SecurityTokenLibrary", wstring (SecurityTokenModule));
		TC_CONFIG_ADD (StartOnLogon);
		TC_CONFIG_ADD (UseKeyfiles);
		TC_CONFIG_ADD (WipeCacheOnAutoDismount);
		TC_CONFIG_ADD (WipeCacheOnClose);
		
		formatter.AddEntry (L"DefaultTrueCryptMode", DefaultMountOptions.TrueCryptMode);	
			
		wstring defaultPrf = L"autodetection";
		if (DefaultMountOptions.Kdf)
			defaultPrf = DefaultMountOptions.Kdf->GetName ();		
		formatter.AddEntry (L"DefaultPRF", defaultPrf);

		XmlWriter writer (Application::GetConfigFilePath (GetPreferencesFileName(), true));
		writer.WriteNode (formatter.XmlConfig);
		writer.Close();

		// Default keyfiles
		FilePath keyfilesCfgPath = Application::GetConfigFilePath (GetDefaultKeyfilesFileName(), true);
		
		if (DefaultKeyfiles.empty())
		{
			if (keyfilesCfgPath.IsFile())
				keyfilesCfgPath.Delete();
		}
		else
		{
			XmlNode keyfilesXml (L"defaultkeyfiles");

			foreach_ref (const Keyfile &keyfile, DefaultKeyfiles)
			{
				keyfilesXml.InnerNodes.push_back (XmlNode (L"keyfile", wxString (wstring(FilesystemPath (keyfile)))));
			}

			XmlWriter keyfileWriter (keyfilesCfgPath);
			keyfileWriter.WriteNode (keyfilesXml);
			keyfileWriter.Close();
		}

#ifdef TC_WINDOWS
		// Hotkeys
		Hotkey::SaveList (Hotkeys);
#endif
	}
}