The title (breaking veracrypt) is misleading (and probably a click bait).<p>Any mounted encrypted data has keys in RAM or an HSM. If you have access to inside of those, you have access to keys. This is not breaking anything.<p>You can encrypt or obfuscate data in RAM, but then the keys should be stored in disk, ram or HSM, which is subject to the same problem. Actually, TPM/secure enclave merely binds the key to the device, and doesn’t help with key extraction, since it trusts the root, unless you set a PIN, which makes automated access impractical, or a max number of trials.<p>I liked some posts in this blog, particularly the one on synology which turned out to be consequential, but I think the authors should title their posts more modestly.<p>—————————————————-<p>VeraCrypt FAQ answers a question on root privilege, reading RAM and support for TPM:<p>“No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).<p>If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).”