Operation Manual

regular VeraCrypt volume in the previous step) and store the image directly on the mounted

backup volume.

IMPORTANT: If you store the backup volume in any location that an adversary can

repeatedly access (for example, on a device kept in a bank’s safe deposit box), you should

repeat all of the above steps (including the step 2) each time you want to back up the

volume (see below).

If you follow the above steps, you will help prevent adversaries from finding out:



Which sectors of the volumes are changing (because you always follow step 2). This is

particularly important, for example, if you store the backup volume on a device kept in a

bank’s safe deposit box (or in any other location that an adversary can repeatedly access)

and the volume contains a hidden volume (for more information, see the subsection

Security Requirements and Precautions Pertaining to Hidden Volumes in the chapter

Plausible Deniability).



That one of the volumes is a backup of the other.

General Notes

If you store the backup volume in any location where an adversary can make a copy of the volume,

consider encrypting the volume with a cascade of ciphers (for example, with AES-Twofish-

Serpent). Otherwise, if the volume is encrypted only with a single encryption algorithm and the

algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able

to decrypt his copies of the volume. The probability that three distinct encryption algorithms

will be broken is significantly lower than the probability that only one of them will be broken.