R
R
r3b3l2017-07-31 07:54:51
Encryption
r3b3l, 2017-07-31 07:54:51

How does VeraCrypt work?

Interested in how VeraCrypt works.
I read in the VeraCrypt documentation that it never saves the decrypted data to the hard disk (everything is only temporarily in RAM - it reads the encrypted file from the disk, decrypts it in RAM on the fly, unloads it), i.e. encryption/decryption happens on the fly. Even if the encrypted volume is mounted, the data is still encrypted.
The encryption key is stored in the clear, again in RAM (I did not learn this from the documentation).
A question that remained unanswered.
Let's say the OS boots up, the user mounts the volume, and enters the key. Will a third-party program (say, some kind of malware that works in parallel with the user) be able to read meaningful data from such a volume?This point is not fully understood. If I understand correctly, then all calls to encrypted data go through Vera, she knows where the key is stored in RAM. If the last assumption is correct, then no third-party software (except for specially tailored for this, which can detect a key in RAM) will not be able to read anything worthwhile from the disk. Tell me, who is familiar with Vera, am I right or not?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
athacker, 2017-07-31
@r3b3l

The question is not very clear. Vera installs the disk driver. When the disk is mounted, for any application that normally works with the disk, data encryption / decryption occurs transparently, since Vera does all this at a lower level. The data, of course, is written immediately already encrypted to disk.
Attempts to read from the disk directly will not give anything - the encrypted information will be read. Encryption generally protects against tampering if a potential attacker has physical access to an UNMOUNTED media. That is, from situations such as loss or theft of the carrier or the entire computer. When working, of course, the data is decrypted when accessed, otherwise how to work with them at all? But in general, if the attack is targeted (i.e., not the method of wide nonsense, namely your specific disk), then nothing prevents the enemies from installing the Trojan on the computer and reading the media after you have mounted it. Or dump the encryption key from RAM, and then, after gaining access to the physical disk in some way, decrypt it using this key.

A
Adamos, 2017-07-31
@Adamos

The principle of operation of VeraCrypt is to take the TrueCrypt left by the developer, cram your crookedly implemented rubbish into it and present this goodness as innovation.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question