The one security/privacy weakness I see in VeraCrypt is in the use of Favorites.
Yes, Favorites is a convenience feature to make it easier to mount partitions when you want to have — for example — a specific mount point. However, creating a Favorite entry discloses the presence of a VeraCrypt file. In other words, a file that looks like random data, could be disclosed as a VeraCrypt file by someone examining VeraCrypt’s favorites.
The solution I would propose is to password protect VeraCrypt. Thus, you would need a password to start VeraCrypt and that password would encrypt Favorites and other configuration information that may reveal information about the usage of VeraCrypt. This should be an OPTION — not mandatory.
I would further recommend a “Plausible Deniability” password option as well, that, when used, would not decrypt or otherwise reveal information about Favorites or other VeraCrypt usage. How I would propose this would work is as follows:
1) Enter “real” password and VeraCrypt restores last known configuration, including user-configured preferences and favorites.
2) Enter “plausible deniability” password and VeraCrypt restore the “factory default” VeraCrypt configuration, and all user-configured configuration remains inaccessible — and, preferably, the existence of the “real” configuration cannot be discovered in “plausibility deniability” mode, or when the VeraCrypt is not running.
Thanks in advance for considering fixing this issue.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The one security/privacy weakness I see in VeraCrypt is in the use of Favorites.
Yes, Favorites is a convenience feature to make it easier to mount partitions when you want to have — for example — a specific mount point. However, creating a Favorite entry discloses the presence of a VeraCrypt file. In other words, a file that looks like random data, could be disclosed as a VeraCrypt file by someone examining VeraCrypt’s favorites.
The solution I would propose is to password protect VeraCrypt. Thus, you would need a password to start VeraCrypt and that password would encrypt Favorites and other configuration information that may reveal information about the usage of VeraCrypt. This should be an OPTION — not mandatory.
I would further recommend a “Plausible Deniability” password option as well, that, when used, would not decrypt or otherwise reveal information about Favorites or other VeraCrypt usage. How I would propose this would work is as follows:
1) Enter “real” password and VeraCrypt restores last known configuration, including user-configured preferences and favorites.
2) Enter “plausible deniability” password and VeraCrypt restore the “factory default” VeraCrypt configuration, and all user-configured configuration remains inaccessible — and, preferably, the existence of the “real” configuration cannot be discovered in “plausibility deniability” mode, or when the VeraCrypt is not running.
Thanks in advance for considering fixing this issue.