Veracrypt encrypted file – how to expand the Volume and what are Drive Letters?

can you help me understand some questions about Veracrypt:

  1. If you have created an encrypted file but the volume which you selected for it needs expansion, is it from security standpoint fine to just use the available option “expand volume” to adjust the file’s volume? Or is it for some reason better to create a totally new encrypted file with your desired larger volume?

  2. What is the meaning of all the different Drive Letters (A-Z)? Do you have to mount a file from a specific drive letter, or can you mount from any letter?


Is it possible to forge key files and mount a veracrypt container?

If I have a Veracrypt container, and I use a key file with a password, if the key file is too simplistic, is it possible to recreate that key file and open the container?

Suppose if I use a .jpg of a simple image, can an attacker open up MS Paint (or a similar program), and recreate the image, and use it with the password to open the container, or would they need direct access to the original image?

Brute Forcing Veracrypt with python

I forgot first five letters of the 11 letters long password of my veracrypt encrpted file (hidden). I was searching for a way to brute force veracrypt file and came across this python project. Using this python script as a guide I wrote this code.

import subprocess  volume_path="/home/user/Folder/Encrypted_File" mount_path="/mnt/sdb1/"  known="passwd" guess="Test1"+known subprocess.check_call(["veracrypt", "--password={}".format(guess),                                    "--protect-hidden=no", "--keyfiles=",                                    # Prevents re-prompting for passphrase on failure.                                    "--non-interactive",                                    # 485 is the default for most devices.                                    # "--pim=485",                                    volume_path, mount_path],                                    # Timeout allows faster guesses but may risk false negatives.                                    # Added based on noticing that a failed password takes much longer than a successful one.                                    timeout=2                                    ) 

The problem is whenever I execute this script I am getting this pop up error.

–non-interactive is only supported in text mode

How can I use python to brute force veracrypt?

Bitlocker/Filevault and VeraCrypt together?

I’m researching ways to make the best encryption setup? What are thoughts on using TPM/Bitlocker or T2/Bitlocker native encryptions to fully encrypt a secondary drive, and then utilize Veracrypt to encrypt the disk and mount it? The boot drive would be TPM/T2 system encrypted with a PIN & password, with the secondary drives “automatically unlocked”.

Or is this all pointless beyond a single pass? It just seems the secondary drives don’t benefit from TPM/T2, so that negates the PIN and leaves just the OS defined password. In this method, they would have to decrypt the drive, and then still be left with another encrypted drive. Or should it perhaps be a container within the encrypted drive?

Assumptions: The passwords are all lengthy and secure, and both different.

How does Veracrypt Works?

I’m a layman in security and was trying to understand roughly how does Hashes and Encryption Algorithms are used in Veracrypt/Truecrypt.

Reading the documentation, that’s what I understood (please, feel free to correct me if I’m wrong):

For simplification’s sake, let’s consider a non-system volume, no hidden volumes and no Cascade.

An encrypted HEADER is generated containing two Master Keys (Primary and Secondary). Those Master Keys were created using RNG based on the HASH.

To Decrypt the HEADER, the correct password must generate a HEADER KEY (two keys, actually) using a derivation function from the selected HASH Algorithm. This HEADER KEY decrypts the HEADER. In other words, the HEADER is not the HASH itself from which the key is compared with.

If this is correct, I have some questions:

1- Is the encryption method of the HEADER the same of the rest of the volume? And only the keys are different…

2- If I got it correctly, the two HEADER Keys are 256 bit longer. Does those two combined key have the same power as a single 512 bits longer hash?

3- If not for (2), what’s the point of selecting a 512 bits HASH Algorithm?

4- If yes for (2), does the subsequent two Master Keys also have 512 bit long equivalent power?

5- Does the subsequent two Master Keys also uses the same HASH algorithm that HEADER Keys uses? For instance, if I select Whirlpool algorithm in the wizard, does it only affects the HEADER KEY or both?

Thank you, very much for your time.

How to recover the unreadable files on the mounted standard VeraCrypt container? [migrated]

My hard disk had 3 partitions C, D and E, and I formatted everything on the E drive and extended the size of the D drive using Easeus Partition Master by adding E drive to D. So now the size of the partition D is 500.5 GB , then I created a new 500 GB standard encrypted VeraCrypt container on the D drive. Remaining (non-encrypted space) space on the D drive is 500 MB. Now there is only C and D drive as I extended the size of the D drive using Easeus partition master by combining E drive to D!

Before the formatting and extending the partition of E to D, I copied all data on the E drive to an external Western Digital 4TB drive but there was a 50 GB VeraCrypt file container on that drive ( E DRIVE ) which I marked as hidden from the windows explorer to prevent other users from deleting it. I forgot that there was that VeraCrypt file container on E drive and it didn’t copy to the External drive as it was hidden from the windows explorer.

Does making a 500 GB standard encrypted VeraCrypt drive on the D drive overwritten the D drive which has a size of 500 GB?

I also used Kerish Doctor to prevent that VeraCrypt file container from accidental deletion, today I found that 50 GB VeraCrypt file container on C:\ProgramData\Kerish Products\Kerish Doctor\Restore folder and I copied it to an external drive and successfully mounted the drive using VeraCrypt, but only 3 or 4 files out of 500 files are readable (They are mostly videos, photos)

The file extension that Kerish Doctor saved the file to prevent deletion is in .rst ON C:\ProgramData\Kerish Products\Kerish Doctor\Restore folder.

How do I recover all or most of the data on that drive? See the attached photo, it is how most of the files on that drive looks like and they are corrupted

enter image description here

and opening any of those files gave me below error on the attached photo!

enter image description here

Veracrypt mounted partition – asking for authentication for EVERY file operation

I have a mounted veracrypt container. As user, I have read/write permissions set up.

Every time I run a file operation in the container, it asks for authentication with my user password again (not the container password).

What have I done wrong with my setup?

I’ve got Kleopatra on the same machine for my GPG keys. Is there some interaction with that?