658731

VeraCrypt 1.16 Manual

45
Zoom out
Zoom in
Previous page
1/162
Next page
46
Hidden Operating System
If your system partition or system drive is encrypted using VeraCrypt, you need to enter your pre-
boot authentication password in the VeraCrypt Boot Loader screen after you turn on or restart your
computer. It may happen that you are forced by somebody to decrypt the operating system or to
reveal the pre-boot authentication password. There are many situations where you cannot refuse to
do so (for example, due to extortion). VeraCrypt allows you to create a hidden operating system
whose existence should be impossible to prove (provided that certain guidelines are followed
see below). Thus, you will not have to decrypt or reveal the password for the hidden operating
system.
Before you continue reading this section, make sure you have read the section Hidden Volume
and that you understand what a hidden VeraCrypt volume is.
A hidden operating system is a system (for example, Windows 7 or Windows XP) that is installed
in a hidden VeraCrypt volume. It should be impossible to prove that a hidden VeraCrypt volume
exists (provided that certain guidelines are followed; for more information, see the section Hidden
Volume) and, therefore, it should be impossible to prove that a hidden operating system exists.
However, in order to boot a system encrypted by VeraCrypt, an unencrypted copy of the VeraCrypt
Boot Loader has to be stored on the system drive or on a VeraCrypt Rescue Disk. Hence, the mere
presence of the VeraCrypt Boot Loader can indicate that there is a system encrypted by VeraCrypt
on the computer. Therefore, to provide a plausible explanation for the presence of the VeraCrypt
Boot Loader, the VeraCrypt wizard helps you create a second encrypted operating system, so-
called decoy operating system, during the process of creation of a hidden operating system. A
decoy operating system must not contain any sensitive files. Its existence is not secret (it is not
installed in a hidden volume). The password for the decoy operating system can be safely revealed
to anyone forcing you to disclose your pre-boot authentication password.
*
You should use the decoy operating system as frequently as you use your computer. Ideally, you
should use it for all activities that do not involve sensitive data. Otherwise, plausible deniability of
the hidden operating system might be adversely affected (if you revealed the password for the
decoy operating system to an adversary, he could find out that the system is not used very often,
which might indicate the existence of a hidden operating system on your computer). Note that you
can save data to the decoy system partition anytime without any risk that the hidden volume will
get damaged (because the decoy system is not installed in the outer volume see below).
There will be two pre-boot authentication passwords one for the hidden system and the other for
the decoy system. If you want to start the hidden system, you simply enter the password for the
hidden system in the VeraCrypt Boot Loader screen (which appears after you turn on or restart
your computer). Likewise, if you want to start the decoy system (for example, when asked to do so
by an adversary), you just enter the password for the decoy system in the VeraCrypt Boot Loader
screen.
Note: When you enter a pre-boot authentication password, the VeraCrypt Boot Loader first
attempts to decrypt (using the entered password) the last 512 bytes of the first logical track of the
system drive (where encrypted master key data for non-hidden encrypted system partitions/drives
*
It is not practical (and therefore is not supported) to install operating systems in two VeraCrypt volumes that are
embedded within a single partition, because using the outer operating system would often require data to be written to
the area of the hidden operating system (and if such write operations were prevented using the hidden volume protection
feature, it would inherently cause system crashes, i.e. 'Blue Screen' errors).
45


Need help? Post your question in this forum.

Forumrules


Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

For example, Anti-Semitic content, racist content, or material that could result in a violent physical act.

For example, a credit card number, a personal identification number, or an unlisted home address. Note that email addresses and full names are not considered private information.

Forumrules

To achieve meaningful questions, we apply the following rules:

Register

Register getting emails for VeraCrypt 1.16 at:


You will receive an email to register for one or both of the options.


Get your user manual by e-mail

Enter your email address to receive the manual of VeraCrypt 1.16 in the language / languages: English as an attachment in your email.

The manual is 2,98 mb in size.

 

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.



Info