Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Lower number of times we overwrite volume header during the encryption of a partition if the user choose to wipe the driver. Latest studies show that even one pass is enough to make data irretrievable. A value of 3 is a conservative approach that enhance performance without scarifying security. http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html http://digital-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/

Browse Source
This commit is contained in:
Mounir IDRASSI
2014-07-26 17:46:17 +02:00
parent 1ddae20932
commit 97154aaf51
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Common/Crypto.h
View File

@@ -159,6 +159,9 @@ typedef struct
# define PRAND_DISK_WIPE_PASSES 256 # define PRAND_DISK_WIPE_PASSES 256
#endif #endif
/* specific value for volume header wipe used only when drive is fully wiped. */
#define PRAND_HEADER_WIPE_PASSES 3
#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES) #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
# include "Aes.h" # include "Aes.h"
#else #else

8
src/Format/InPlace.c
View File

@@ -501,7 +501,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
area is occuppied by data until the very end of the process). */ area is occuppied by data until the very end of the process). */
// Prepare the backup header // Prepare the backup header
for (int wipePass = 0; wipePass < (wipeAlgorithm == TC_WIPE_NONE ? 1 : PRAND_DISK_WIPE_PASSES); wipePass++) for (int wipePass = 0; wipePass < (wipeAlgorithm == TC_WIPE_NONE ? 1 : PRAND_HEADER_WIPE_PASSES); wipePass++)
{ {
nStatus = CreateVolumeHeaderInMemory (FALSE, nStatus = CreateVolumeHeaderInMemory (FALSE,
header, header,
@@ -518,7 +518,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
0, 0,
volParams->headerFlags | TC_HEADER_FLAG_NONSYS_INPLACE_ENC, volParams->headerFlags | TC_HEADER_FLAG_NONSYS_INPLACE_ENC,
volParams->sectorSize, volParams->sectorSize,
wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_DISK_WIPE_PASSES - 1)); wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1));
if (nStatus != 0) if (nStatus != 0)
goto closing_seq; goto closing_seq;
@@ -969,7 +969,7 @@ inplace_enc_read:
SetNonSysInplaceEncUIStatus (NONSYS_INPLACE_ENC_STATUS_FINALIZING); SetNonSysInplaceEncUIStatus (NONSYS_INPLACE_ENC_STATUS_FINALIZING);
for (int wipePass = 0; wipePass < (wipeAlgorithm == TC_WIPE_NONE ? 1 : PRAND_DISK_WIPE_PASSES); wipePass++) for (int wipePass = 0; wipePass < (wipeAlgorithm == TC_WIPE_NONE ? 1 : PRAND_HEADER_WIPE_PASSES); wipePass++)
{ {
nStatus = CreateVolumeHeaderInMemory (FALSE, nStatus = CreateVolumeHeaderInMemory (FALSE,
header, header,
@@ -986,7 +986,7 @@ inplace_enc_read:
masterCryptoInfo->RequiredProgramVersion, masterCryptoInfo->RequiredProgramVersion,
masterCryptoInfo->HeaderFlags | TC_HEADER_FLAG_NONSYS_INPLACE_ENC, masterCryptoInfo->HeaderFlags | TC_HEADER_FLAG_NONSYS_INPLACE_ENC,
masterCryptoInfo->SectorSize, masterCryptoInfo->SectorSize,
wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_DISK_WIPE_PASSES - 1)); wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1));
if (nStatus != ERR_SUCCESS) if (nStatus != ERR_SUCCESS)
goto closing_seq; goto closing_seq;