From dda7ea60004cfb701cff3fbac97798a672d77523 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 16 Dec 2019 12:10:40 +0100 Subject: Documentation: Adding information of availability of RAM encryption and that in EFI mode we can't encrypt whole disk --- doc/html/Unencrypted Data in RAM.html | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'doc/html/Unencrypted Data in RAM.html') diff --git a/doc/html/Unencrypted Data in RAM.html b/doc/html/Unencrypted Data in RAM.html index 8917867a..74651c0c 100644 --- a/doc/html/Unencrypted Data in RAM.html +++ b/doc/html/Unencrypted Data in RAM.html @@ -48,6 +48,10 @@ Inherently, unencrypted master keys have to be stored in RAM too. When a non-sys cleanly restarted), or when the system crashes, VeraCrypt naturally stops running and therefore cannot erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.** +
+Starting from version 1.24, VeraCrypt introduces a mechanism to encrypt master keys and cached passwords in RAM. This RAM encryption mechanism must be activated manually in "Performance/Driver Configuration" dialog. RAM encryption comes with a performance overhead (between 5% and 15% depending on the CPU speed) and it disables Windows hibernate.
+Moreover, VeraCrypt 1.24 and above provide an additional security mechanism when system encryption is used that makes VeraCrypt erase master keys from RAM when a new device is connected to the PC. This additional mechanism can be activated using an option in System Settings dialog.
+Even though both above mechanisms provides strong protection for masterskeys and cached password, users should still take usual precautions related for the safery of sensitive data in RAM.
-- cgit v1.2.3