Suggest to encrypt RAM on VeraCrypt

This is not enabled by default.

This can be found on Settings > Preferences… > More Settings… > Performance/Driver Configuration > Security Options > :white_check_mark: Activate encryption of keys and passwords stored in RAM

1 Like

As the blogpost points out, all this does is it obscures the key in memory. The only difference this makes is that you can’t just stupidly try out any X byte slice of the entire memory dump, you have to actually bother parsing it, finding pagetables, and decrypting the key. It makes no difference to an attacker dedicated enough to obtain a RAM dump in the first place.

For actual protrction you’d want something like AMD Memory Guard, available on Ryzen Pro. That actually encrypts memory, so the whole thing fails at the dumping part.

2 Likes

Or Intel TME in vPro models.

Veracrypt Veracrypt Veracrypt