Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 02:58:02 -06:00
Code Activity

Documentation: Remove XHTML spec and fix errors (#1547)

Browse Source 
* Documentation: Remove XHTML spec and fix errors
None of the docs follow the XHTML specification, which means
that programs that expect this (such as Gnome Web) as it is advertised
as such, will completely fail to parse it as it is incorrect syntax. So
it is removed.

* Remove .chm files
This commit is contained in:
Jertzukka
2025-06-02 03:19:00 +03:00
committed by GitHub
parent d9c41e0dba
commit 4e112df0d2
335 changed files with 1607 additions and 1932 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/html/en/Security Requirements for Hidden Volumes.html
View File

@@ -1,6 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
@@ -39,13 +38,13 @@
<div class="wikidoc">
<h1>Security Requirements and Precautions Pertaining to Hidden Volumes</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
If you use a <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
If you use a <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none">
hidden VeraCrypt volume</a>, you must follow the security requirements and precautions listed below in this section. Disclaimer: This section is not guaranteed to contain a list of
<em style="text-align:left">all</em> security issues and attacks that might adversely affect or limit the ability of VeraCrypt to secure data stored in a hidden VeraCrypt volume and the ability to provide plausible deniability.</div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If an adversary has access to a (unmounted) VeraCrypt volume at several points over time, he may be able to determine which sectors of the volume are changing. If you change the contents of a
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none">
hidden volume</a> (e.g., create/copy new files to the hidden volume or modify/delete/rename/move files stored on the hidden volume, etc.), the contents of sectors (ciphertext) in the hidden volume area will change. After being given the password to the outer
volume, the adversary might demand an explanation why these sectors changed. Your failure to provide a plausible explanation might indicate the existence of a hidden volume within the outer volume.<br style="text-align:left">
<br style="text-align:left">
@@ -69,8 +68,8 @@ Use a partition/device-hosted VeraCrypt volume instead of file-hosted. </li><li
Store the container in a non-journaling file system (for example, FAT32). </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A VeraCrypt volume resides on a device/filesystem that utilizes a wear-leveling mechanism (e.g. a flash-memory SSD or USB flash drive). A copy of (a fragment of) the VeraCrypt volume may remain on the device. Therefore, do not store hidden volumes on such devices/filesystems.
For more information on wear-leveling, see the section <a href="Wear-Leveling.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Wear-Leveling</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
For more information on wear-leveling, see the section <a href="Wear-Leveling.html" style="text-align:left; color:#0080c0; text-decoration:none">
Wear-Leveling</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none">
Security Requirements and Precautions</a>. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
A VeraCrypt volume resides on a device/filesystem that saves data (or on a device/filesystem that is controlled or monitored by a system/device that saves data) (e.g. the value of a timer or counter) that can be used to determine that a block had been written
earlier than another block and/or to determine how many times a block has been written/read. Therefore, do not store hidden volumes on such devices/filesystems. To find out whether a device/system saves such data, please refer to documentation supplied with
@@ -79,8 +78,8 @@ A VeraCrypt volume resides on a device that is prone to wear (it is possible to
prone to such wear, please refer to documentation supplied with the device or contact the vendor/manufacturer.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
You back up content of a hidden volume by cloning its host volume or create a new hidden volume by cloning its host volume. Therefore, you must not do so. Follow the instructions in the chapter
<a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
How to Back Up Securely</a> and in the section <a href="Volume%20Clones.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none">
How to Back Up Securely</a> and in the section <a href="Volume%20Clones.html" style="text-align:left; color:#0080c0; text-decoration:none">
Volume Clones</a>. </li></ul>
</li></ul>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
@@ -98,11 +97,11 @@ When a hidden volume is mounted, the operating system and third-party applicatio
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<em style="text-align:left">Windows</em>: Create a hidden operating system (for information on how to do so, see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none">
Hidden Operating System</a>) and mount hidden volumes only when the hidden operating system is running.
<span style="text-align:left; font-size:10px; line-height:12px">Note: When a hidden operating system is running, VeraCrypt ensures that all local unencrypted filesystems and non-hidden VeraCrypt volumes are read-only (i.e. no files can be written to such filesystems
or VeraCrypt volumes).<a href="#hidden_os_exception">*</a> Data is allowed to be written to filesystems within
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none">
hidden VeraCrypt volumes</a>.</span> Alternatively, if a hidden operating system cannot be used, use a &quot;live-CD&quot; Windows PE system (entirely stored on and booted from a CD/DVD) that ensures that any data written to the system volume is written to a RAM disk.
Mount hidden volumes only when such a &quot;live-CD&quot; system is running (if a hidden operating system cannot be used). In addition, during such a &quot;live-CD&quot; session, only filesystems that reside in hidden VeraCrypt volumes may be mounted in read-write mode (outer
or unencrypted volumes/filesystems must be mounted as read-only or must not be mounted/accessible at all); otherwise, you must ensure that applications and the operating system do not write any sensitive data (see above) to non-hidden volumes/filesystems during
@@ -114,12 +113,12 @@ hidden VeraCrypt volumes</a>.</span> Alternatively, if a hidden operating system
<em style="text-align:left">Mac OS X</em>: If you are not able to ensure that applications and the operating system do not write any sensitive data (see above) to non-hidden volumes/filesystems, you must not mount or create hidden VeraCrypt volumes under Mac
OS X. </li></ul>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When an outer volume is mounted with <a href="Protection%20of%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
When an outer volume is mounted with <a href="Protection%20of%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none">
hidden volume protection</a> enabled (see section <a href="Protection%20of%20Hidden%20Volumes.html">
Protection of Hidden Volumes Against Damage</a>), you must follow the same security requirements and precautions that you are required to follow when a hidden volume is mounted (see above). The reason is that the operating system might leak the password/key
for the hidden volume to a non-hidden or unencrypted volume. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If you use an <strong style="text-align:left">operating system residing within a hidden volume</strong> (see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none">
Hidden Operating System</a>), then, in addition to the above, you must follow these security requirements and precautions:
<br style="text-align:left">
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
@@ -129,10 +128,10 @@ You should use the decoy operating system as frequently as you use your computer
system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is
<em style="text-align:left">not</em> installed in the outer volume). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the operating system requires activation, it must be activated before it is cloned (cloning is part of the process of creation of a hidden operating system &mdash; see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none">
Hidden Operating System</a>) and the hidden operating system (i.e. the clone) must never be reactivated. The reason is that the hidden operating system is created by copying the content of the system partition to a hidden volume (so if the operating system
is not activated, the hidden operating system will not be activated either). If you activated or reactivated a hidden operating system, the date and time of the activation (and other data) might be logged on a Microsoft server (and on the hidden operating
system) but not on the <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
system) but not on the <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none">
decoy operating system</a>. Therefore, if an adversary had access to the data stored on the server or intercepted your request to the server (and if you revealed the password for the decoy operating system to him), he might find out that the decoy operating
system was activated (or reactivated) at a different time, which might indicate the existence of a hidden operating system on your computer.<br style="text-align:left">
<br style="text-align:left">
@@ -140,8 +139,8 @@ For similar reasons, any software that requires activation must be installed and
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When you need to shut down the hidden system and start the decoy system, do <em style="text-align:left">
not</em> restart the computer. Instead, shut it down or hibernate it and then leave it powered off for at least several minutes (the longer, the better) before turning the computer on and booting the decoy system. This is required to clear the memory, which
may contain sensitive data. For more information, see the section <a href="Unencrypted%20Data%20in%20RAM.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Unencrypted Data in RAM</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
may contain sensitive data. For more information, see the section <a href="Unencrypted%20Data%20in%20RAM.html" style="text-align:left; color:#0080c0; text-decoration:none">
Unencrypted Data in RAM</a> in the chapter <a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none">
Security Requirements and Precautions</a>. </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
The computer may be connected to a network (including the internet) only when the decoy operating system is running. When the hidden operating system is running, the computer should not be connected to any network, including the internet (one of the most reliable
ways to ensure it is to unplug the network cable, if there is one). Note that if data is downloaded from or uploaded to a remote server, the date and time of the connection, and other data, are typically logged on the server. Various kinds of data are also
@@ -163,11 +162,11 @@ If the BIOS, EFI, or any other component logs power-down events or any other eve
In addition to the above, you must follow the security requirements and precautions listed in the following chapters:</div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Security Requirements and Precautions</a>
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Security Requirements and Precautions</a>
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
<strong style="text-align:left"><a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none.html">How to Back Up Securely</a></strong>
<strong style="text-align:left"><a href="How%20to%20Back%20Up%20Securely.html" style="text-align:left; color:#0080c0; text-decoration:none">How to Back Up Securely</a></strong>
</li></ul>
<p><a href="VeraCrypt%20Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p>
<p><a href="VeraCrypt%20Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section &gt;&gt;</a></p>
<hr align="left" size="1" width="189" style="text-align:left; height:0px; border-width:0px 1px 1px; border-style:solid; border-color:#000000">
<p id="hidden_os_exception"><span style="text-align:left; font-size:10px; line-height:12px">* This does not apply to filesystems on CD/DVD-like media and on custom, untypical, or non-standard devices/media.</span></p>
</div><div class="ClearBoth"></div></body></html>