October 22, 2014, 7:25 am
Your a star idrassi!
Ty for replying.
When i'm finished, donation coming your way
If for some reason i need to reverse the process, is this easily doable ? Im running some VM's atm, where outside Ips are connecting as wasn't sure if encrypting the drive would effect this functionality ?
↧
October 22, 2014, 12:04 pm
Thanks!
You can decrypt your system when you wish. You can also pause the encryption process and defer the operation. Just remember to backup the rescue disk that is created during the encryption process as it will be your only solution to decrypt your drive if something wrong happens to the boot loader.
The encryption process doesn't affect any functionality of the PC. Once the system is encrypted, every time you boot, you have to enter a password to decrypt the drive and start Windows: thus, you have to take this into account if you have external connections that expect Windows to automatically start after reboot.
Since you are using VMs, I advise you to do some tests on a VM in order to check all the steps of the encryption process.
↧
↧
October 22, 2014, 8:10 pm
I don't recall which version I had installed (it was a while ago) but I just installed 2.7.2. I did choose the compatibility layer, yes.
↧
October 23, 2014, 4:03 am
I'm currently using TrueCrypt, but am orientating to see whether to switch to VeraCrypt.
Just to understand how this works:
1.
If I choose RIPEMD160 it will be the fastest to mount because that's what VC tries first? But after the next version(?) SHA2 will be tried first?
So, if I create a new container, for now I should choose RIPEMD160, but later on I should switch to SHA2?
2.
Can I convert a container from RIPEMD160 to SHA2 when this new version comes?
3.
Unrelated, are my current TrueCrypt containers compatible with VeraCrypt? If not, is there a conversion tool?
Thanks in advance for informing.
↧
October 23, 2014, 8:50 am
Hi idrassi :)
Thank you, thank you, thank you for making VeraCrypt and especially for being so kind as to release it to the public for free.
You look to have made significant improvements already and I look forward to watching your progress.
Awesome work from an awesome guy :) LOL
↧
↧
October 23, 2014, 12:25 pm
Project Description
VeraCrypt is a free disk encryption software brought to you by IDRIX
(http://www.idrix.fr) and that is based on TrueCrypt.
![Donate to VeraCrypt]()
Donate to VeraCrypt
![VeraCrypt on Facebook]()
![VeraCrypt on Twitter]()
What does VeraCrypt bring to you?
VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
It also solves many vulnerabilities and security issues found in TrueCrypt. The following post describes parts of the major enhancements and corrections done so far:https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325
As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses655331 for RIPEMD160 and
500000 iterations for SHA-2 and Whirlpool.
This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much more harder for an attacker to gain access to the
encrypted data.
VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.
UPDATE September 15th 2014 : VeraCrypt 1.0e is out with many security fixes and performance enhancements. Download for Windows
is here. As usual, a MacOSX version is available in the Downloads section or by clicking on
the following link. It supports MacOSX 10.6 and above and it requires OSXFUSE 2.3 and later(https://osxfuse.github.io/).MacFUSE compatibility layer must checked during OSXFUSE installation.
Also a Linux version is available in the Downloads section or by clicking on
the following link. The package contains the installation scripts for 32-bit and 64-bit versions, and for GUI and console-only version (choose which script is adapted the best to your machine).
Linux and MacOSX releases are signed with a PGP key available on the following link :http://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc . It's also available on major key servers with ID=0x54DDD393.
Please check that its fingerprint is 993B7D7E8E413809828F0F29EB559C7C54DDD393.
SHA256 and SHA512 sums for all released files are available in the Downloads section.
VeraCrypt on the fly encrypting the system partition :
![VeraCrypt Partition Encryption]()
VeraCrypt creating an encrypted volume :
![VeraCrypt encrypted volume creation]()
Changing the GUI language of VeraCrypt
![VeraCrypt Language Selection Dialog]()
↧
October 23, 2014, 12:59 pm
So after installing Truecrypt (which I love because I am super paranoid) I chose the AES/Serpent/Twofish cascade encryption and after waiting 11 HOURS the drive was encrypted. Upon the reboot of my laptop I correctly entered my password and after 8 minutes of processing it booted. Is it slow because of the cascade encryption, or because of some problem. Any and all suggestions would be appreciated.
↧
October 23, 2014, 1:33 pm
This is a good idea, but there is a better and more effective way to approach it.
Allow the user to set a password when creating a volume or WDE as normal.
Password = Normal password to open WDE or container.
Passworddelete = Overwrite headers, including backup headers with CSPRNG.
If a user has some time (seconds) to defend their data from being stolen they can simply start their computer and enter their normal password but this time suffix "delete". A confirmation box should pop up with a simple warning and a Yes / No answer.
If the user clicks YES, VeraCrypt should immediately overwrite the headers, including backup headers and also WDE boot.
This would make all connected hard drives useless to an attacker. It would also allow the user to claim plausible deniability by claiming all connected drives are wiped clean.
This feature would be very useful if the user could access this function while their computer was running and WDE or volumes were mounted. Also via a user custom batch file perhaps.
Any accidental deletion can be rectified by the user using the recovery ISO. These recovery ISO's could be stored online, or at another physical location.
The benefits of my method compared to above are as follows...
User only has to remember 1 password, simply suffix's "delete" to genuine password to activate.
Wiping headers and backup headers is very fast. Terra-bytes of data could be 100% protected in seconds.
There is a possibility for the user to recover their drives if they accidentally use this feature by employing the recovery ISO.
This feature would be very useful to people working in hostile environments, oppressive countries and those under threat of physical / criminal attack etc.
Thanks.
↧
October 23, 2014, 1:49 pm
-
As explained previously, current version of VeraCrypt (1.0e) mount RIPEMD160 volumes faster that the other algorithms because it's tried first. In the next version, SHA-512 will be tried first and thus it will be faster to mount volume encrypted using SHA-512. You can always switch between RIPEMD160, SHA-512 and Whirlpool at any moment using the menu "Set Header Key Derivation Algorithm": a dialog will show up and you can choose the PRF algorithm you want. So, if mount speed is important for you, you can choose RIPEMD160 for now and in the next version, you can update your container to use SHA-512 instead.
![Image]()
-
Yes, you can do the conversion as explained above.
-
VeraCrypt is not compatible with TrueCrypt containers. There have been many posts asking for compatibility and we understand the need for those who have huge amount of encrypted data. We are planning to implement a conversion tool and hopefully it will make it to the next version if everything goes as planned. The only point is that we can support only containers created with versions 7.x (version 7.0 was released on July 19th 2010).
↧
↧
October 23, 2014, 1:49 pm
VeraWipe
At the moment no one can actually claim plausible deniability with Truecrypt or even VeraCrypt. The reason is that there is no plausible excuse to having so much cryptographically random data on a hard drive.
Users could claim to have used DBAN, but not only does DBAN sometimes fail to write to the entire disk, I am not 100% convinced the random data outputted by DBAN is statistically similar to the data written by VeraCrypt.
This is why I am suggesting a new product called "VeraWipe" This should be a stand alone product separate from VeraCrypt. VeraWipe would allow users to securely wipe (data destruct) their hard drives like DBAN offers now.
The main reason for VeraWipe is that it produces the exact same random output as VeraCrypt would. Having this separate tool available gives all users the excuse they have simply wiped their hard drives with VeraWipe and they are not encrypted at all.
Without VeraWipe no user can be confident to make a claim of a wiped disk as I am sure (guessing) there will be some difference in the output from DBAN ( or any wipe program) and VeraCrypt.
I hope this would be an easy tool to make as VeraCrypt has all the functionality needed to do this now. Just create a random 63 character password and encrypt the entire hard drive, then dispose of the password. This would obviously be packaged and distributed as a hard drive wiper / overwriting software to enhance the plausible deniability.
Thanks :)
↧
October 23, 2014, 2:00 pm
This feature is a personal favourite of mine for many years.
DiskCryptor has made a huge leap forward with it's boot loader. The ability to save the bootloader on a flash drive means the WDE drive can be totally random allowing plausible deniability.
WDE is a great feature but not being able to have a drive which appears to be full of random data has always been a weakness.
Also the password on a flash drive is useful for longer passwords especially when combined with a typed one.
With the bootloader separate from the drive it protects against "EvilMaid" attack.
There are many reasons a separate bootloader is a good idea, I would like to suggest that it might be worth the effort pursuing this.
↧
October 23, 2014, 11:58 pm
Implement support for creating and booting encrypted partition using SHA-256. Support SHA-256 for normal volumes as well.
↧
October 23, 2014, 11:58 pm
Display only allowed hashes when encrypting the system partition (now, SHA-256 and RIPEMD-160).
↧
↧
October 23, 2014, 11:58 pm
Use HashForSystemEncryption to check if the algorithm is supported for system partition encryption because we have now two supported algorithms.
↧
October 23, 2014, 11:58 pm
Small code size optimization for RIPEMD-160 when compiled for boot encryption.
↧
October 23, 2014, 11:58 pm
Integrate SHA-256 support into Linux/MacOSX code. Set PRF priority to SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD-160 .
↧
October 23, 2014, 11:58 pm
MacOSX : Support hard drives with a large sector size ( > 512).
↧
↧
October 23, 2014, 11:58 pm
Linux/MacOSX : fix encryption/decryption issues with hard drives that have a sector size bigger than 512. Now, we use the sector size as the minimum unit for data fragment encryption/decryption.
↧
October 24, 2014, 12:31 am
Linux: Support NTFS formatting of volume. We use mkfs.ntfs so it needs to be installed on the system.
↧
October 24, 2014, 1:16 am
I agree that this is a good idea for plausible deniability. It can also be used as a regular wipe program even if it will always be slower than the others because of the various cryptographic operations involved.
DBAN uses dwipe which in turn uses Mersenne Twister as its default random generator. This makes DBAN random data statically different from those generated by VeraCrypt which uses more cryptographically secure PRNG. That's why it is possible to distinguish between DBAN erased disks and VeraCrypt volumes.
Technically speaking, it is not something difficult to implement as you pointed out. Once we finalize all the current modifications, we'll evaluate all the new features and definitely VeraWipe will have its place.
By the way, excellent name!
↧
