Table of Contents

Security requirements and precautions

IMPORTANT: Please take into account that you can use VeraCrypt yourself up to what we call Lvl 3 Protection without the risk of losing important data or access to your system. As long as you follow the encryption guide provided here and are careful about the things we warn you about, you should not need assistance in setting this up.

From Lvl 4 Protection onwards, we suggest that you talk to someone at the DCC for assistance. These higher levels of protection ensure that your data is harder to find and leaves less traces, but they also carry the risk of losing data by overwriting it or losing access to your operating system, IF THEY ARE SET UP INCORRECTLY. You will also have to be told about clear practices that you need to follow in order to ensure plausible deniability and the best level of protection.

In our consultation with you we have advised you on a level of protection that is ultimately just a suggestion. You can decide to get higher protection for your data, of course. Be aware, once again, that in getting a higher protection level the risk you face shifts from data leakage to actual data loss. We would ask that you follow our guidelines unless you really need a higher level of protection for your data, in which case you should request a follow up consultation with us.

In order for VeraCrypt to provide effective security, the user needs to be aware and follow a number of guidelines that are listed here in short form and in their entirety in the VeraCrypt manual. Please refer to the VeraCrypt manual (pp.90-99 in the pdf or the Security requirements and precautions section of the online documentation) for a more detailed explanation.

Before we go into detail, there are four golden rules you want to follow:

Hereafter are some practical steps you should take to ensure that information on your data or the VeraCrypt volume does not accidentally get left unencrypted.

Disabling paging files

Windows can store parts of the files in use outside of the RAM memory when the memory does not have enough space. This can lead to unencrypted parts of your data being stored on disk, instead of RAM. To avoid this, please consider disabling paging files for your VeraCrypt volume. This can only be done if you have already created a volume, and will have to be repeated for each new volume created. To learn how to create a volume using VeraCrypt, please refer to this page.

Click to display step-by-step guide

Disabling memory dump file generation

Memory dump files are files Windows creates to recover information after an error occurs. Since these files are unencrypted, VeraCrypt information (such as the master key or part of the file stored in the volume) might be recorded in them and stored. To avoid this happening, disable memory dump file generation at least for the session when you use VeraCrypt volumes (even if you just mount them).

Click to display step-by-step guide

Disabling hibernation files

Hibernation files are files that Windows creates when entering power saving mode. These files contain information that Windows uses to restore all processes once it exits power saving mode. This means that information stored on a VeraCrypt volume you were working with, the master key of the mounted volume and/or other information contained in your VeraCrypt volume might be written on disk unencrypted by Windows. To avoid this occurrence, follow these steps. Warning: Keep in mind that the best way to avoid this, is to manually dismount all VeraCrypt volumes when done and shut down the computer for a few minutes (the longer, the better) before turning it on again.

Click to display step-by-step guide

Ensuring proper synchronization

In order to give as little as possible information away to an unauthorized user, VeraCrypt preserves the date of creation of the files contained in a volume. This means that if you modify a file after it was created, VeraCrypt will not update the date of the last change done to the file. This is not a problem, unless you want to synchronize your VeraCrypt folder (once encrypted and dismounted) with a cloud service. The cloud service performs its synchronization by checking the modification date of the data contained in the volume and the volume itself. As VeraCrypt does not update the date of last modification, the cloud service will assume that no work has been done on the file and will skip the synchronization. 

To prevent this from happening, there are two easy steps you can follow:

Click to display step-by-step guide

Further precautions and best practices to follow

Click to display step-by-step guide

Should you have any other questions regarding possible risks of data loss or weaknesses in VeraCrypt security, please contact the DCC (dcc@rug.nl). We will be glad to address your concerns.

→ Move to the next step