VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc/html/Plausible Deniability.html
blob: eee117f7d594bbf098b403b0905a94fec6966704 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>

<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>

<div id="menu">
	<ul>
	  <li><a href="Home.html">Home</a></li>
	  <li><a href="/code/">Source Code</a></li>
	  <li><a href="Downloads.html">Downloads</a></li>
	  <li><a class="active" href="Documentation.html">Documentation</a></li>
	  <li><a href="Donation.html">Donate</a></li>
	  <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
	</ul>
</div>

<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Plausible%20Deniability.html">Plausible Deniability</a>
</p></div>

<div class="wikidoc">
<h1>Plausible Deniability</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
In case an adversary forces you to reveal your password, VeraCrypt provides and supports two kinds of plausible deniability:</div>
<ol style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Hidden volumes (see the section <a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">
Hidden Volume</a>) and hidden operating systems (see the section <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
<strong style="text-align:left">Hidden Operating System</strong></a>). </li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
Until decrypted, a VeraCrypt partition/device appears to consist of nothing more than random data (it does not contain any kind of &quot;signature&quot;). Therefore, it should be impossible to prove that a partition or a device is a VeraCrypt volume or that it has been
 encrypted (provided that the security requirements and precautions listed in the chapter
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Security Requirements and Precautions</a> are followed). A possible plausible explanation for the existence of a partition/device containing solely random data is that you have wiped (securely erased) the content of the partition/device using one of the tools
 that erase data by overwriting it with random data (in fact, VeraCrypt can be used to securely erase a partition/device too, by creating an empty encrypted partition/device-hosted volume within it). However, you need to prevent data leaks (see the section
<a href="Data%20Leaks.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Data Leaks</a>) and also note that, for <a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
system encryption</a>, the first drive track contains the (unencrypted) VeraCrypt Boot Loader, which can be easily identified as such (for more information, see the chapter
<a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
System Encryption</a>). When using <a href="System%20Encryption.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
system encryption</a>, plausible deniability can be achieved by creating a hidden operating system (see the section
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Hidden Operating System</a>).<br style="text-align:left">
<br style="text-align:left">
Although file-hosted VeraCrypt volumes (containers) do not contain any kind of &quot;signature&quot; either (until decrypted, they appear to consist solely of random data), they cannot provide this kind of plausible deniability, because there is practically no plausible
 explanation for the existence of a file containing solely random data. However, plausible deniability can still be achieved with a file-hosted VeraCrypt volume (container) by creating a hidden volume within it (see above).
</li></ol>
<h4 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:12px; margin-bottom:1px">
<br style="text-align:left">
Notes</h4>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
When formatting a hard disk partition as a VeraCrypt volume (or encrypting a partition in place), the partition table (including the partition type) is
<em style="text-align:left">never</em> modified (no VeraCrypt &quot;signature&quot; or &quot;ID&quot; is written to the partition table).
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
There are methods to find files or devices containing random data (such as VeraCrypt volumes). Note, however, that this should
<em style="text-align:left">not </em>affect plausible deniability in any way. The adversary still should not be able to
<em style="text-align:left">prove</em> that the partition/device is a VeraCrypt volume or that the file, partition, or device, contains a hidden VeraCrypt volume (provided that you follow the security requirements and precautions listed in the chapter
<a href="Security%20Requirements%20and%20Precautions.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Security Requirements and Precautions</a> and in the subsection <a href="Security%20Requirements%20for%20Hidden%20Volumes.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
Security Requirements and Precautions Pertaining to Hidden Volumes</a>). </li></ul>
<p>&nbsp;</p>
<p><a href="Hidden%20Volume.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p>
</div><div class="ClearBoth"></div></body></html>