6

I know VeraCrypt hidden volumes can be used for plausible deniability, but what about standard volumes?

Indeed, properly encrypted data should be indistinguishable from random data. This way, if a whole disk is encrypted with a VeraCrypt standard volume, what proofs/clues are there that the disk is encrypted and not just contains random data?

For example, does VeraCrypt store unencrypted information in the disk that could be used as evidence, such as the hash/cipher algorithms used?

GuiTeK
  • 163
  • 1
  • 4

1 Answers1

4

It's complicated. VeraCrypt volumes themselves appear to be random data - they're the output from an encryption routine which should be indistinguishable from random data, barring some flaw in the algorithm or implementation of the algorithm - and that applies for both volumes within files and for system encryption.

VeraCrypt accepts a password, then tries all supported key derivation functions, all supported encryption algorithms and all supported key lengths against the first 512 bytes of the volume. If one of these results in the first 4 bytes of decrypted data being the string "VERA", it is assumed that the methods used are correct, and the rest of the header is used to decrypt the rest of the volume. This means that it doesn't need to store information about the cipher used, or the size of key expected (See https://www.veracrypt.fr/en/Encryption%20Scheme.html for the full details).

However, if you have set up system encryption, the routine to perform this decryption is stored on the first track of the boot drive - this is unencrypted, else it couldn't be run prior to decryption. You don't actually need to have this installed - you could use a rescue disk to boot the system far enough to decrypt the volume, for instance - in which case only encrypted data is left on the drive.

In this case, the only evidence of VeraCrypt (or similar software) being used is the large blob of random data. The lack of a decryption method could be considered suspicious, especially in cases such as border checks, where it would be unusual to carry a laptop with a drive which had been overwritten with random data. On the other hand, having an encrypted drive, with the appropriate methods to decrypt for use is standard procedure for many business users (although this may normally be BitLocker rather than VeraCrypt).

For file based volumes, the presence of a file apparently containing only random data could be considered suspicious - most legitimate files have some sort of detectable header - even if VeraCrypt itself is not installed on the device. However, they don't have anything to indicate that they're VeraCrypt volumes - for example, I have a bunch of files which are simply dumps of random values from /dev/random on my work system, which I use for testing upload systems which claim to allow specific file types (by renaming them to the expected type, it tests whether the system is checking headers, or relying on file extensions, without risking accidentally using an accepted header type). There is nothing which could distinguish these from VeraCrypt volumes, other than that there is no (known) password which decrypts them to produce "VERA" at the start.

So:

  • For system encryption, there is a pre-boot decryption routine to allow booting without a rescue disk
  • For other types of volume, there isn't anything directly added by VeraCrypt, but the presence of VeraCrypt itself and a lack of obvious volumes could suggest something is hidden
  • For plausible deniability, the presence of VeraCrypt itself is not intended to be secret, but rather whether a specific bunch of random data within a VeraCrypt volume is another VeraCrypt volume or not
  • While direct evidence is hard to find, it may be possible to look at a lack of data and draw conclusions that something is hidden - see https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html
Matthew
  • 27,233
  • 7
  • 87
  • 101
  • 2
    One telling fact is that VeraCrypt volume files have sizes that are always divisible by 512, so even if a huge blob of random data isn't suspicious enough, the fact that it perfectly aligns to 512 byte sectors is a dead giveaway. So saying that there is "nothing which could distinguish" the files is incorrect. Of course, encrypted partitions on e.g. external hard drives are a lot less suspicious, since that's genuinely how they would appear after being wiped. – forest Jun 13 '18 at 00:28
  • 1
    @forest There isn't anything that prevents other files from being those sizes though - the random data ones I mention will meet that requirement, but that's just because I wanted convenient sizes of file, not because they are VeraCrypt volumes. It's indicative, but not sufficient to prove VeraCrypt usage on it's own. – Matthew Jun 13 '18 at 05:39
  • @forest Sorry to be a grave digger, but what if someone hex edited a single bit from the end of the encrypted blob before and after usage? Then it no longer divides exactly by 512... – user5623335 Oct 20 '20 at 21:41
  • @user5623335 I guess that would work, but I was talking about the typical scenario where someone uses vanilla VeraCrypt software. – forest Jan 01 '21 at 03:38