Manualshelf

Operation Manual

ManualsBrandsVeraCrypt ManualsSoftware1.16
919293949596979899100
96
at the volume level to users without administrator privileges, regardless of whether it is accessible
to them at the file-system level).
Moreover, on Windows, the password cache is shared by all logged on users (for more information,
please see the section Settings -> Preferences, subsection Cache passwords in driver
memory).
Also note that switching users in Windows XP or later (Fast User Switching functionality) does not
dismount a successfully mounted VeraCrypt volume (unlike system restart, which dismounts all
mounted VeraCrypt volumes).
On Windows 2000, the container file permissions are ignored when a file-hosted VeraCrypt volume
is to be mounted. On all supported versions of Windows, users without administrator privileges can
mount any partition/device-hosted VeraCrypt volume (provided that they supply the correct
password and/or keyfiles). A user without administrator privileges can dismount only volumes that
he or she mounted. However, this does not apply to system favorite volumes unless you enable the
option (disabled by default) Settings > System Favorite Volumes > Allow only administrators to
view and dismount system favorite volumes in VeraCrypt’.
Authenticity and Integrity
VeraCrypt uses encryption to preserve the confidentiality of data it encrypts. VeraCrypt neither
preserves nor verifies the integrity or authenticity of data it encrypts or decrypts. Hence, if you allow
an adversary to modify data encrypted by VeraCrypt, he can set the value of any 16-byte block
of the data to a random value or to a previous value, which he was able to obtain in the past.
Note that the adversary cannot choose the value that you will obtain when VeraCrypt decrypts the
modified block the value will be random unless the attacker restores an older version of the
encrypted block, which he was able to obtain in the past. It is your responsibility to verify the
integrity and authenticity of data encrypted or decrypted by VeraCrypt (for example, by using
appropriate third-party software).
See also: Physical Security, Security Model
Choosing Passwords and Keyfiles
It is very important that you choose a good password. You must avoid choosing one that contains
only a single word that can be found in a dictionary (or a combination of such words). It must not
contain any names, dates of birth, account numbers, or any other items that could be easy to
guess. A good password is a random combination of upper and lower case letters, numbers, and
special characters, such as @ ^ = $ * + etc. We strongly recommend choosing a password
consisting of more than 20 characters (the longer, the better). Short passwords are easy to crack
using brute-force techniques.
To make brute-force attacks on a keyfile infeasible, the size of the keyfile must be at least 30
bytes. If a volume uses multiple keyfiles, then at least one of the keyfiles must be 30 bytes in size
or larger. Note that the 30-byte limit assumes a large amount of entropy in the keyfile. If the first
1024 kilobytes of a file contain only a small amount of entropy, it must not be used as a keyfile
(regardless of the file size). If you are not sure what entropy means, we recommend that you let
VeraCrypt generate a file with random content and that you use it as a keyfile (select Tools ->
Keyfile Generator).