Is it safe to store my Veracrypt volume on Dropbox, and on several local disks?

[Bob BIlly]

I store my Veracrypt volume within my Dropbox folder, and I mount it from there. When I unmount my volume, dropbox scans the file and updates the differences to the cloud.

I also make a regular backup of the volume to a few local drives, to protect against bit corruption and the like.

Is this safe? I know that if someone had access to two different copies of the volume, they could see where differences are between the two volumes, which would let them see that I have made changes to the volume, which would affect plausible deniability. But is that the extent of the risk I am taking by using Dropbox and making regular back ups?

Does it weaken the security at all by doing this?

And in the event of my volume header becoming corrupt, would I be able to retrieve the volume header from an older copy of the volume, and apply it to the current copy?

[Enigma2Illusion]

You can read the answer I gave to a simular question at the link below.

https://sourceforge.net/p/veracrypt/discussion/general/thread/324af1b7/#1432

And in the event of my volume header becoming corrupt, would I be able to retrieve the volume header from an older copy of the volume, and apply it to the current copy?

Yes, however you need to remember the password, PIM and/or keyfiles that were used on the old copy to extract to external file and restore on the original assuming you have not expanded the file container.

Using the original undamaged file container, you can make an external file backup of the header and save into a file.

In the VeraCrypt GUI, select the unmounted VeraCrypt volume > Volume Tools > Backup Volume Header.

[Bob BIlly]

Thanks for the reply!

Just how much of a risk is it, exactly, for me to clone volumes? Is it theoretically less secure? Or it is definitely insecure? I've done some Googling, and all I've really read is "don't do it. it makes it less secure". Doesn't really tell me exactly how risky it is. I'm using AES-twofish-serpent with Whirlpool, and a 40+ character password. I've left the iterations at default, too.

I'd be willing to sacrifice a little bit of security for a whole lot of convenience (dropbox makes life so much easier. it's saved my ass so many times when my HDD has failed). But, obviously, if allowing someone to see the changes I've made to the volume makes it significantly easier to crack, then I'll have to stay away from it.

Yes, however you need to remember the password, PIM and/or keyfiles that were used on the old copy to extract to external file and restore on the original assuming you have not expanded the file container.

Great! So if one day I find that my volume header is corrupt, I can just find an old version of the volume, extract the header, and apply it to the corrupted header? Nice one.