Operation Manual
138
4. Decryption is considered successful if the first 4 bytes of the decrypted data contain the
ASCII string “VERA”, and if the CRC-32 checksum of the last 256 bytes of the decrypted
data (volume header) matches the value located at byte #8 of the decrypted data (this value
is unknown to an adversary because it is encrypted – see the section VeraCrypt Volume
Format Specification). If these conditions are not met, the process continues from (3) again,
but this time, instead of the data read in (1), the data read in (2) are used (i.e., possible
hidden volume header). If the conditions are not met again, mounting is terminated (wrong
password, corrupted volume, or not a VeraCrypt volume).
5. Now we know (or assume with very high probability) that we have the correct password, the
correct encryption algorithm, mode, key size, and the correct header key derivation
algorithm. If we successfully decrypted the data read in (2), we also know that we are
mounting a hidden volume and its size is retrieved from data read in (2) decrypted in (3).
6. The encryption routine is reinitialized with the primary master key
*
and the secondary
master key (XTS mode – see the section Modes of Operation), which are retrieved from the
decrypted volume header (see the section VeraCrypt Volume Format Specification). These
keys can be used to decrypt any sector of the volume, except the volume header area (or the
key data area, for system encryption), which has been encrypted using the header keys. The
volume is mounted.
See also section Modes of Operation and section Header Key Derivation, Salt, and Iteration Count
and also the chapter Security Model.
*
The master keys were generated during the volume creation and cannot be changed later. Volume password change is accomplished
by re-encrypting the volume header using a new header key (derived from a new password).