when the backup is created, the same keyfile(s) will be necessary to mount the volume
again after the volume header is restored. For more information, see the section Encryption
Scheme in the chapter
Technical Details.
After you create a volume header backup, you might need to create a new one only when
you
change the volume password and/or keyfiles. Otherwise, the volume header remains
unmodified so the volume header backup remains up-to-date.
Note: Apart from salt (which is a sequence of random numbers), external header backup files do not
contain any unencrypted information and they cannot be decrypted without knowing the correct
password and/or supplying the correct keyfile(s). For more information, see the chapter Technical
Details.
When you create an external header backup, both the standard volume header and the area
where
a hidden volume header can be stored is backed up, even if there is no hidden
volume within the
volume (to preserve plausible deniability of hidden volumes). If there is no
hidden volume within the volume, the area reserved for the hidden volume header in the
backup file will be filled with random data (to preserve plausible deniability).
When restoring a volume header, you need to choose the type of volume whose header
you wish
to restore (a standard or hidden volume). Only one volume header can be
restored at a time. To
restore both headers, you need to use the function twice (Tools ->
Restore Volume Header). You
will need to enter the correct password (and/or to supply the
correct keyfiles) that was/were valid
when the volume header backup was created. The
password (and/or keyfiles) will also
automatically determine the type of the volume header
to restore, i.e. standard or hidden (note that
VeraCrypt determines the type through the
process of trial and error).
Note: If the user fails to supply the correct password (and/or keyfiles) twice in a row when
trying to
mount a volume, VeraCrypt will automatically try to mount the volume using the
embedded backup
header (in addition to trying to mount it using the primary header) each
subsequent time that the
user attempts to mount the volume (until he or she clicks Cancel).
If VeraCrypt fails to decrypt the
primary header but it successfully decrypts the embedded
backup header at the same time, the
volume is mounted and the user is warned that the
volume header is damaged (and informed as to
how to repair it).
Settings -> Performance and Driver Options
Invokes the Performance dialog window, where you can change enable or disable AES
Hardware acceleration and thread based parallelization. You can also change the following
driver option:
Enable extended disk control codes support
If enabled, VeraCrypt driver will support returning extended technical information about
mounted volumes through IOCTL_STORAGE_QUERY_PROPERTY control code. This
control code is always supported by physical drives and it can be required by some
applications to get technical information about a drive (e.g. the Windows fsutil program
uses this control code to get the physical sector size of a drive.).
Enabling this option brings VeraCrypt volumes behavior much closer to that of physical
disks and if it is disabled, applications can easily distinguish between physical disks and
VeraCrypt volumes since sending this control code to a VeraCrypt volume will result in an
error.
Disable this option if you experience stability issues (like volume access issues or system
BSOD) which can be caused by poorly written software and drivers.
