Operation Manual
88
Security Model
VeraCrypt is a computer software program whose primary purposes are to:
Secure data by encrypting it before it is written to a disk.
Decrypt encrypted data after it is read from the disk.
VeraCrypt does not:
Encrypt or secure any portion of RAM (the main memory of a computer).
Secure any data on a computer
*
if an attacker has administrator privileges
†
under an
operating system installed on the computer.
Secure any data on a computer if the computer contains any malware (e.g. a virus, Trojan
horse, spyware) or any other piece of software (including VeraCrypt or an operating system
component) that has been altered, created, or can be controlled, by an attacker.
Secure any data on a computer if an attacker has physical access to the computer before
or while VeraCrypt is running on it.
Secure any data on a computer if an attacker has physical access to the computer between
the time when VeraCrypt is shut down and the time when the entire contents of all volatile
memory modules connected to the computer (including memory modules in peripheral
devices) have been permanently and irreversibly erased/lost.
Secure any data on a computer if an attacker can remotely intercept emanations from the
computer hardware (e.g. the monitor or cables) while VeraCrypt is running on it (or
otherwise remotely monitor the hardware and its use, directly or indirectly, while VeraCrypt
is running on it).
Secure any data stored in a VeraCrypt volume
‡
if an attacker without administrator
privileges can access the contents of the mounted volume (e.g. if file/folder/volume
permissions do not prevent such an attacker from accessing it).
Preserve/verify the integrity or authenticity of encrypted or decrypted data.
Prevent traffic analysis when encrypted data is transmitted over a network.
Prevent an attacker from determining in which sectors of the volume the content changed
(and when and how many times) if he or she can observe the volume (dismounted or
mounted) before and after data is written to it, or if the storage medium/device allows the
attacker to determine such information (for example, the volume resides on a device that
saves metadata that can be used to determine when data was written to a particular
sector).
Encrypt any existing unencrypted data in place (or re-encrypt or erase data) on
devices/filesystems that use wear-leveling or otherwise relocate data internally.
Ensure that users choose cryptographically strong passwords or keyfiles.
* In this section (Security Model), the phrase “data on a computer” means data on internal and external storage
devices/media (including removable devices and network drives) connected to the computer.
†
In this section (Security Model), the phrase “administrator privileges” does not necessarily refer to a valid administrator
account. It may also refer to an attacker who does not have a valid administrator account but who is able (for example,
due to improper configuration of the system or by exploiting a vulnerability in the operating system or a third-party
application) to perform any action that only a user with a valid administrator account is normally allowed to perform (for
example, to read or modify an arbitrary part of a drive or the RAM, etc.)
‡
“VeraCrypt volume” also means a VeraCrypt-encrypted system partition/drive (see the chapter System Encryption).
Note to security researchers: If you intend to report a security issue or publish an attack on
VeraCrypt, please make sure it does not disregard the security model of VeraCrypt described
below. If it does, the attack (or security issue report) will be considered invalid/bogus.