Can VeraCrypt encrypted volume be tampered with?

Reading on the security of Borg backups and both encryption and authentication is used (Encrypt-then-MAC).

My understanding is authentication is used to prevent tampering which is especially important for backups vulnerable to unauthorized access (cloud storage or safety deposit boxes for example).

Reading on the security of VeraCrypt (which uses XTS), I can’t find anything about authentication.

XTS mode is susceptible to data manipulation and tampering, and applications must employ measures to detect modifications of data if manipulation and tampering is a concern: "…since there are no authentication tags then any ciphertext (original or modified by attacker) will be decrypted as some plaintext and there is no built-in mechanism to detect alterations. The best that can be done is to ensure that any alteration of the ciphertext will completely randomize the plaintext, and rely on the application that uses this transform to include sufficient redundancy in its plaintext to detect and discard such random plaintexts."

Can VeraCrypt encrypted volume be tampered with?

Which would be the best “keyfile” for KeepassXC and/or Veracrypt?

I am a Mac user. I opened a keyfile generated by Veracrypt and one generated by KeepassXC. The texts in both of them were quite short. Which keyfile is best (i.e., most random and harder to break through): one generated by Veracrypt or one by KeepassXC?
OR: Is it best to create my own keyfile?: I can open a photo with TextEdit, copy and paste the gibberish that shows up in an empty TextEdit file, save and use that as my keyfile. Is that be better?

I also wonder if it is best to use another type of file (a .jpeg photo, maybe) as a keyfile. My thinking is: files generated by Veracrypt and KeepassXC may stand out (assuming someone broke through my device and started looking).

Would anyone recommend embedding a file in a picture (steganography) and use it as a keyfile instead? How can I do the embedding in Mac? I am familiar with Terminal.

Thank you in advance.

moving files from veracrypt store logs on windows?

If i move a file from an non-hidden encrypted drive to my main C drive, then move the original file to a hidden container on the encrypted drive, then wipe the original file with ccenhancer/secure erase, is that doing enough to ensure the original location isnt Knowles? Or does windows log moved files by default and someone could tell if the copied file came from the encrypted drive? Additionally, do softwares like ccenhancer/secure erase remove "recently viewed" logs from applications in case they are opened from either hidden or non hidden volume?

Using DD to get the hash of a non-system partition encrypted by VeraCrypt

I am trying to use DD for Windows to obtain the hash of a non-system partition that was encrypted via Veracrypt, but have run into a bit of a problem.

The command I used to get the hash of the encrypted partition looks like this

dd if=\?\Device\HarddiskVolume11 of=hash_output.txt bs=512 count=1 

And this command (in theory) should create a file called hash_output.txt that contains the encrypted hash that should, for example, look something similar to this:

(Šö÷…o¢–n[¨hìùlŒ‡¬»J`<Q›þIšê1ªCúÍbÔcN„ÐŒ3+d.dWr€-¡tä66¶ˆÎ  

However, the output I am getting when issuing the DD command above looks more like this:

fb55 d397 2879 2f55 7653 24a3 c250 14d3 3711 7109 e563 617f ab73 f11a 3469 33bb 

Which is obviously not the hash I was expecting so I am hoping someone might be able to help me figure out what I am doing wrong.

Some things to note:

  • I am 100% positive that the drive I am selecting in the DD command is the right drive.
  • There is only 1 encrypted partition on the drive that spans the entire size of the drive.
  • There is no physical / functional damage to the drive which would cause this issue.
  • This on an external 1tb drive that is connected via usb 3.0 (I have tried other cables and ports).
  • The same DD command worked fine for a test drive that I encrypted using the same parameters that were set for this drive.

Veracrypt encrypted file – how to expand the Volume and what are Drive Letters?

can you help me understand some questions about Veracrypt:

  1. If you have created an encrypted file but the volume which you selected for it needs expansion, is it from security standpoint fine to just use the available option “expand volume” to adjust the file’s volume? Or is it for some reason better to create a totally new encrypted file with your desired larger volume?

  2. What is the meaning of all the different Drive Letters (A-Z)? Do you have to mount a file from a specific drive letter, or can you mount from any letter?

Thanks

Is it possible to forge key files and mount a veracrypt container?

If I have a Veracrypt container, and I use a key file with a password, if the key file is too simplistic, is it possible to recreate that key file and open the container?

Suppose if I use a .jpg of a simple image, can an attacker open up MS Paint (or a similar program), and recreate the image, and use it with the password to open the container, or would they need direct access to the original image?

Brute Forcing Veracrypt with python

I forgot first five letters of the 11 letters long password of my veracrypt encrpted file (hidden). I was searching for a way to brute force veracrypt file and came across this python project. Using this python script as a guide I wrote this code.

import subprocess  volume_path="/home/user/Folder/Encrypted_File" mount_path="/mnt/sdb1/"  known="passwd" guess="Test1"+known subprocess.check_call(["veracrypt", "--password={}".format(guess),                                    "--protect-hidden=no", "--keyfiles=",                                    # Prevents re-prompting for passphrase on failure.                                    "--non-interactive",                                    # 485 is the default for most devices.                                    # "--pim=485",                                    volume_path, mount_path],                                    # Timeout allows faster guesses but may risk false negatives.                                    # Added based on noticing that a failed password takes much longer than a successful one.                                    timeout=2                                    ) 

The problem is whenever I execute this script I am getting this pop up error.

–non-interactive is only supported in text mode

How can I use python to brute force veracrypt?