Operation Manual

When creating a volume, encrypting a system partition/drive, or changing passwords/keyfiles, you

must not allow any third party to choose or modify the password/keyfile(s) before/while the volume

is created or the password/keyfiles(s) changed. For example, you must not use any password

generators (whether website applications or locally run programs) where you are not sure that they

are high-quality and uncontrolled by an attacker, and keyfiles must not be files that you download

from the internet or that are accessible to other users of the computer (whether they are

administrators or not).

Changing Passwords and Keyfiles

Note that the volume header (which is encrypted with a header key derived from a

password/keyfile) contains the master key (not to be confused with the password) with which the

volume is encrypted. If an adversary is allowed to make a copy of your volume before you change

the volume password and/or keyfile(s), he may be able to use his copy or fragment (the old

header) of the VeraCrypt volume to mount your volume using a compromised password and/or

compromised keyfiles that were necessary to mount the volume before you changed the volume

password and/or keyfile(s).

If you are not sure whether an adversary knows your password (or has your keyfiles) and whether

he has a copy of your volume when you need to change its password and/or keyfiles, it is strongly

recommended that you create a new VeraCrypt volume and move files from the old volume to the

new volume (the new volume will have a different master key).

Also note that if an adversary knows your password (or has your keyfiles) and has access to your

volume, he may be able to retrieve and keep its master key. If he does, he may be able to decrypt

your volume even after you change its password and/or keyfile(s) (because the master key does

not change when you change the volume password and/or keyfiles). In such a case, create a new

VeraCrypt volume and move all files from the old volume to this new one.

The following sections of this chapter contain additional information pertaining to possible security

issues connected with changing passwords and/or keyfiles:

 Security Requirements and Precautions

 Journaling File Systems

 Defragmenting

 Reallocated Sectors

Trim Operation

Some storage devices (e.g., some solid-state drives, including USB flash drives) use so-called

‘trim’ operation to mark drive sectors as free e.g. when a file is deleted. Consequently, such sectors

may contain unencrypted zeroes or other undefined data (unencrypted) even if they are located

within a part of the drive that is encrypted by VeraCrypt. VeraCrypt does not block the trim

operation on partitions that are within the key scope of system encryption (see chapter System

Encryption) (unless a hidden operating system is running – see section Hidden Operating System)

and under Linux on all volumes that use the Linux native kernel cryptographic services. In those

cases, the adversary will be able to tell which sectors contain free space (and may be able to use

this information for further analysis and attacks) and plausible deniability (see chapter Plausible

Deniability) may be negatively affected. If you want to avoid those issues, do not use system

encryption on drives that use the trim operation and, under Linux, either configure VeraCrypt not to