Backing Up Volumes and Volume Headers

Due to hardware or software errors/malfunctions, files stored on a TrueCrypt volume may become corrupted. Therefore, we strongly recommend that you backup all your important files regularly (this, of course, applies to any important data, not just to encrypted data stored on TrueCrypt volumes).

In addition, we highly recommend that you also backup volume headers, which contain master keys (size of a volume header backup is 1024 bytes). If a volume header is damaged, the volume is, in most cases, impossible to mount.

To backup a TrueCrypt volume and TrueCrypt volume headers securely, it is recommended to follow these steps:

1. Create a new TrueCrypt volume using the TrueCrypt Volume Creation Wizard (do not enable the Quick Format option or the Dynamic option). It will be your backup volume so its size should match (or be greater than) the size of your main volume.

2. Mount the newly created backup volume.

3. Create (and store) a backup of the header of the main volume directly on the mounted backup volume. Then dismount the backup volume.

4. Likewise, mount the main volume and create (and store) a backup of the header of the backup volume on the mounted main volume.

5. Mount the backup volume and copy all files from the mounted main volume directly to the mounted backup volume.

IMPORTANT: If you store the backup volume in any location that an adversary can repeatedly access (for example, on a device kept in a bank's safe deposit box), you should repeat all of the above steps (including the step 1) each time you want to backup the volume (see below).

If you follow the above steps, you will help prevent adversaries from finding out:

* Which sectors of the volumes are changing (because you always follow step 1). This is particularly important, for example, if you store the backup volume on a device kept in a bank's safe deposit box (or in any other location that an adversary can repeatedly access) and the volume contains a hidden volume (for more information, see the subsection Security Precautions Pertaining to Hidden Volumes in the chapter Plausible Deniability).*

* That one of the volumes is a backup of the other.

* That you made volume header backups and where they are stored.

If the header of the main volume is damaged, just mount the backup volume and use the header backup stored on it to restore the volume header of the main volume (and vice versa).

Note: If you store the backup volume in any location where an adversary can make a copy of the volume, consider encrypting the volume with a cascade of ciphers. Otherwise, if the volume is encrypted only with a single encryption algorithm and the algorithm is later broken (for example, due to advances in cryptanalysis), the attacker might be able to decrypt his copies of the volume. The probability that three distinct encryption algorithms will be broken is significantly lower than the probability that only one of them will be broken.
* In such case, especially if the backup volume is file-hosted, the hidden volume should occupy only a very small portion of the host volume and the outer volume should be almost completely filled with files (otherwise, the plausible deniability of the hidden volume might be adversely affected).