From 7b8ba151b2b6a99521cc6cf6f8c5215b4d36ba62 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 27 Dec 2021 20:13:46 +0100 Subject: [PATCH] Documentation: clarify that non-cascaded encryption algorithm for system encryption can be inferred from VeraCrypt bootloader only in the case of MBR boot mode. --- doc/html/Encryption Scheme.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/html/Encryption Scheme.html b/doc/html/Encryption Scheme.html index 67d669a2..e159c7e8 100644 --- a/doc/html/Encryption Scheme.html +++ b/doc/html/Encryption Scheme.html @@ -81,7 +81,7 @@

Encryption Scheme

* If the size of the active partition is less than 256 MB, then the data is read from the second partition behind the active one (Windows 7 and later, by default, do not boot from the partition on which they are installed).

† These parameters are kept secret not in order to increase the complexity of an attack, but primarily to make VeraCrypt volumes unidentifiable (indistinguishable from random data), which would be difficult to achieve if these parameters - were stored unencrypted within the volume header. Also note that if a non-cascaded encryption algorithm is used for system encryption, the algorithm + were stored unencrypted within the volume header. Also note that in the case of legacy MBR boot mode, if a non-cascaded encryption algorithm is used for system encryption, the algorithm is known (it can be determined by analyzing the contents of the unencrypted VeraCrypt Boot Loader stored in the first logical drive track or on the VeraCrypt Rescue Disk).

** The master keys were generated during the volume creation and cannot be changed later. Volume password change is accomplished by re-encrypting the volume header using a new header key (derived from a new password).