drive letters were setup when i originally configure the encryption on these drives. if i swap them in and out and just manually launch veracrypt the drives come up in their right order.
↧
New Post: batch file hangs when running veracrypt
↧
Commented Unassigned: Container decrypted automatical by veracrypt after systemstart [541]
Hi, I have a veracrypt container, mounted by systemstart. I have to enter my password - all things done well.
But if I'm logoff with don't dismount my container manually, on the next Systemstart veracrypt automatically mount the container without any password dialog!
I think, this is a highly risk, so if my laptop is lost, anyone who can login to windows, has also full acces to my veracrypt container data!
Is this by design or do I slipped a setting option?
Best regards
Comments: Unless you disable Fast Startup, you will risk your VeraCrypt volumes being able to mount without password.
↧
↧
New Post: Can I use VeraCrypt on my home network
At my home I have a large hard drive plugged into the router (creating a network drive) and anyone can use it. I partitioned it so it has two drives. I want to use one of the drives just for myself to keep backups for business. Nothing big here, I just want to backup spreadsheets and documents for home use. Anyway, I don't want everyone getting into it. So I want to password protect that drive, just the partition I'm using (leaving the other one so anyone can use it). I was thinking a good way to do that would be to encrypt the drive. But it is unclear to me if VeraCrypt is supposed to be able to that. The VeraCrypt Document has a brief session on Network that indicates I should be able to do so. But I can't.
I have VeraCrypt on my computer but it does not seem to be able to see my network drives. Am I doing something wrong? Is it that Veracrypt does not work over a network? If it does not does anyone know a go alternative.
thanks.
I have VeraCrypt on my computer but it does not seem to be able to see my network drives. Am I doing something wrong? Is it that Veracrypt does not work over a network? If it does not does anyone know a go alternative.
thanks.
↧
New Post: Manually decrypt corrupted partition that cant mount
You've said that VeraCrypt freezes only when the external drive is running. Therefore it seems a good idea to clone the entire partition to another device (using something like dd_rescue) to determine whether VeraCrypt can mount the partition from another physical device.
↧
New Post: Dual Boot encryption
Sounds like you're encrypting sda5. Do you boot Windows from GRUB? Where is the Windows BCD stored?
↧
↧
New Post: Dual Boot encryption
I don't think I'm encrypting sda5, but could be wrong. Yes, I boot Windows from Grub.
My drive is partitioned like this:
/dev/sda1 NTFS SYSTEM_DRV 1.46GB boot flag (this is what boots when I escape past Veracrypt loader. It's the system recovery partition
/dev/sda2 NTFS Windows7_OS 357.81GB
/dev/sda3 extended
My drive is partitioned like this:
/dev/sda1 NTFS SYSTEM_DRV 1.46GB boot flag (this is what boots when I escape past Veracrypt loader. It's the system recovery partition
/dev/sda2 NTFS Windows7_OS 357.81GB
/dev/sda3 extended
/dev/sda5 ext2 /boot 400MB
/dev/sda6 luks
/dev/sda7 luks
/dev/sda8 ↧
New Post: Encrypt a new hard drive before windows install
Hello,
You cannot install or upgrade Windows OS with VeraCrypt system encryption.
If you encrypt the system drive before installing Windows OS, the Windows installer will quick format the drive to make it usable for Windows.
From the VeraCrypt FAQ:
https://veracrypt.codeplex.com/wikipage?title=FAQ
You cannot install or upgrade Windows OS with VeraCrypt system encryption.
If you encrypt the system drive before installing Windows OS, the Windows installer will quick format the drive to make it usable for Windows.
From the VeraCrypt FAQ:
https://veracrypt.codeplex.com/wikipage?title=FAQ
Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive). However, a running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.
↧
New Post: If you remove encryption, is it dangerous during? power failure etc.
When VeraCrypt performs in-place encryption or decryption, the state of encryption/decryption is updated regularly on disk in order to allow pausing and resuming the operation.
If there is a sudden power failure in the middle of an encryption/decryption operation, the state of encryption/decryption that is saved on the disk will be the state written before the power failure and there a big chance that it will not contain the latest few sectors encrypted/decrypted.
No software in the world can be protected against sudden power failures, simply because in such case, the execution of the program and the whole operating system stops without any notice. VeraCrypt tries to mitigate part of the problem by regularly saving the state of the operation but it is not 100% solution.
My advice: for critical systems and operations, always use a UPS and configure it correctly in Windows.
If there is a sudden power failure in the middle of an encryption/decryption operation, the state of encryption/decryption that is saved on the disk will be the state written before the power failure and there a big chance that it will not contain the latest few sectors encrypted/decrypted.
No software in the world can be protected against sudden power failures, simply because in such case, the execution of the program and the whole operating system stops without any notice. VeraCrypt tries to mitigate part of the problem by regularly saving the state of the operation but it is not 100% solution.
My advice: for critical systems and operations, always use a UPS and configure it correctly in Windows.
↧
New Post: UEFI system encryption with SSD
Hey guys, I try encrypt my Windows 10 partition with the new system encryption for UEFI. But when I try it on a SSD drive the pre-test fails with the error 'unable to open start partition'. I tested it on 2 SSDs which both failed and on 1 normal HDD, where it works without problems. I think it's not my boot setup etc. all 3 drives had the same gpt layout and data when i started testing, and i only connected one drive at same time.
So, can someone please tell me if he was able to do it on an UEFI SSD? Then i know if I have to wait for a fix for SSDs or it's something with my system. Unfortunaly i can't use legacy because I want to triple boot with hackintosh later... Thank you guys!
So, can someone please tell me if he was able to do it on an UEFI SSD? Then i know if I have to wait for a fix for SSDs or it's something with my system. Unfortunaly i can't use legacy because I want to triple boot with hackintosh later... Thank you guys!
↧
↧
New Post: Need help recovering veracrypt container
I accidently corrupted my veracrypt container and need help recovering it
Operating System: Arch linux x86_64
Veracrypt version: 1.18
Container type: hidden veracrypt volume
here is what i did to cause this:
i have a script that removes everything from /tmp folder
![Image]()
in windows it gets mounted but asking to format it and if i press cancel it gives an error saying the "the volume does not contain a recognized file system"
![Image]()
![Image]()
is there anyone to recover it? i have my bitcoin private keys inside it :(
p.s: sorry for my english
Operating System: Arch linux x86_64
Veracrypt version: 1.18
Container type: hidden veracrypt volume
here is what i did to cause this:
i have a script that removes everything from /tmp folder
find /tmp/ -type f -exec shred -fvzu -n 3 {} \;
in windows it gets mounted but asking to format it and if i press cancel it gives an error saying the "the volume does not contain a recognized file system"
is there anyone to recover it? i have my bitcoin private keys inside it :(
p.s: sorry for my english
↧
New Post: batch file hangs when running veracrypt
I am totally baffled as to what your setup is, and how your batch file is supposed to do what you want it to do. However, I'll persist trying to help if you wish me to; if you don't, just say, and I'll leave the field clear for others who may be better placed. (I'll not be offended.)
There's two ways this can be progressed:
Will you please answer the question I've already asked: what happens if you add /q to your veracrypt /a command?
And to clarify another question I asked: how do you assign the drive letter(s) to the mounted veracrypt volume(s) when you mount them using your batch file? And what drive letters get assigned to the mounted volumes when you run the batch file?
There's two ways this can be progressed:
- I can keep asking questions so I can understand better what's going on
-
you can give a more detailed explanation of how your external drives were set up and configured in veracrypt (so how the batch file might leverage that setup becomes clearer)
Will you please answer the question I've already asked: what happens if you add /q to your veracrypt /a command?
And to clarify another question I asked: how do you assign the drive letter(s) to the mounted veracrypt volume(s) when you mount them using your batch file? And what drive letters get assigned to the mounted volumes when you run the batch file?
↧
New Post: veracrypt compile errors in window7 visual studio 2010
I tried to compile veracrypt in windows 7 with visual studio 2010
The "Boot"and "Crypto" projects were built completely.
But, in "Driver" project, i met following error messages...
What's wrong with my task??
plz, help me!!
------ Build started: Project: Boot, Configuration: Release Loader Win32 ------
------ Build started: Project: Driver, Configuration: Debug Win32 ------
------ Building veracrypt.sys: Debug x86 ------
path contains nonexistant c:\program files (x86)\microsoft visual studio 10.0\common7\tools\bin, removing
BUILD: Compile and Link for x86
BUILD: Loading c:\winddk\7600.16385.1\build.dat...
BUILD: Computing Include file dependencies:
BUILD: Start time: Mon Sep 19 22:10:01 2016
BUILD: Examining c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver directory for files to compile.
BUILD: Compiling and Linking c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver directory
_NT_TARGET_VERSION SET TO WINXP
1>errors in directory c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver
1>c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver\crypto.lib(sha2.obj) : error LNK2019: unresolved external symbol __chkstk referenced in function __sha512_compile@4 1>c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver\obj_driver_debug\i386\veracrypt.sys : error LNK1120: 1 unresolved externals
BUILD: Finish time: Mon Sep 19 22:10:04 2016
BUILD: Done
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: The command "echo ------ Building veracrypt.sys: Debug x86 ------
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: cmd.exe /c BuildDriver.cmd -build -debug -x86 "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Common" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Crypto" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Driver\"
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: if errorlevel 1 exit %errorlevel%
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: echo.
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: echo ------ Building veracrypt.sys: Debug x64 ------
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: BuildDriver.cmd -build -debug -x64 "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Common" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Crypto" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Driver\"" exited with code -1.
========== Build: 1 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
The "Boot"and "Crypto" projects were built completely.
But, in "Driver" project, i met following error messages...
What's wrong with my task??
plz, help me!!
------ Build started: Project: Boot, Configuration: Release Loader Win32 ------
------ Build started: Project: Driver, Configuration: Debug Win32 ------
------ Building veracrypt.sys: Debug x86 ------
path contains nonexistant c:\program files (x86)\microsoft visual studio 10.0\common7\tools\bin, removing
BUILD: Compile and Link for x86
BUILD: Loading c:\winddk\7600.16385.1\build.dat...
BUILD: Computing Include file dependencies:
BUILD: Start time: Mon Sep 19 22:10:01 2016
BUILD: Examining c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver directory for files to compile.
c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver
BUILD: Compiling and Linking c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver directory
_NT_TARGET_VERSION SET TO WINXP
1>errors in directory c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver
1>c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver\crypto.lib(sha2.obj) : error LNK2019: unresolved external symbol __chkstk referenced in function __sha512_compile@4 1>c:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\driver\obj_driver_debug\i386\veracrypt.sys : error LNK1120: 1 unresolved externals
BUILD: Finish time: Mon Sep 19 22:10:04 2016
BUILD: Done
0 files compiled - 1 Warning - 2 Errors
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: The command "echo ------ Building veracrypt.sys: Debug x86 ------
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: cmd.exe /c BuildDriver.cmd -build -debug -x86 "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Common" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Crypto" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Driver\"
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: if errorlevel 1 exit %errorlevel%
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: echo.
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: echo ------ Building veracrypt.sys: Debug x64 ------
C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error MSB3073: BuildDriver.cmd -build -debug -x64 "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Common" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Crypto" "C:\veracrypt-4b6a4bc6e795f4c9c649e4453307c16ceca35e2d\src\Driver\"" exited with code -1.
========== Build: 1 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
↧
New Post: veracrypt compile errors in window7 visual studio 2010
Hi,
Please perform a search on the site before posting to check that it was not answered before.
For your issue, this has been already answered here: https://veracrypt.codeplex.com/discussions/657480#post1482254
Please perform a search on the site before posting to check that it was not answered before.
For your issue, this has been already answered here: https://veracrypt.codeplex.com/discussions/657480#post1482254
↧
↧
New Post: Free PIM setting, regardless of password length, pleaaaase?
The creators of VC do not understand cryptography which has lead them to implement some strange pseudo-cryptographic properties. The high "PIM" value being one of them, and a bunch of unnecessary hashing algorithms the other.
The point of key-whitening was taking a low-entropic source (such as a human-language password) and turning it into a fixed-length high-entropic source. Only ONE ROUND of a cryptographic hash is needed to achieve this goal. Any time spent 'hashing' the key is provably a waste of time. If more than 1 second is used to whiten the password, it would have taken less time & been more beneficial to simply add an additional character to the password. IE: A password of length 12 and a whitening round-count of just 1 is mathematically more secure than a password of length 8 with 200,000 rounds. Not only is it more secure, it will take less time to type in 4 more characters (2 seconds) than it will take a CPU to do 200,000 iterations (30 seconds).
On top of that, the encryption algorithms themselves can be used to whiten any key, making the inclusion of any generic hash unnecessary as well as increasing the sizes and complexities of the bootloaders (a bad thing). Rather than using say RIPM-160 or SHA-256 to whiten a password, the plaintext password itself can be set as an AES key (with a padding scheme) and used to encrypt a fixed plain-text string. This process is repeated several times to generate enough bits for the key from every byte of the password. Basically.. for those who do not know, any symmetrical block cipher like AES, Two-Fish, Serpent (etc) are all 1-way hashes that can be used just like MD5 or SHA or Whirlpool. It's just slightly more computationally slow to use a block-algorithm (designed for encryption and decryption) as a 1-way hash than an algorithm specifically designed for just 1-way hashing. In laymen terms, all symmetrical block ciphers can "self whiten" their own keys so reliance on other cryptographic algorithms is 100% unnecessary.
AES Example: Lets say I have a password that is 40 bytes long, and I need a whitened key with a length of 256-bits:
The point of key-whitening was taking a low-entropic source (such as a human-language password) and turning it into a fixed-length high-entropic source. Only ONE ROUND of a cryptographic hash is needed to achieve this goal. Any time spent 'hashing' the key is provably a waste of time. If more than 1 second is used to whiten the password, it would have taken less time & been more beneficial to simply add an additional character to the password. IE: A password of length 12 and a whitening round-count of just 1 is mathematically more secure than a password of length 8 with 200,000 rounds. Not only is it more secure, it will take less time to type in 4 more characters (2 seconds) than it will take a CPU to do 200,000 iterations (30 seconds).
On top of that, the encryption algorithms themselves can be used to whiten any key, making the inclusion of any generic hash unnecessary as well as increasing the sizes and complexities of the bootloaders (a bad thing). Rather than using say RIPM-160 or SHA-256 to whiten a password, the plaintext password itself can be set as an AES key (with a padding scheme) and used to encrypt a fixed plain-text string. This process is repeated several times to generate enough bits for the key from every byte of the password. Basically.. for those who do not know, any symmetrical block cipher like AES, Two-Fish, Serpent (etc) are all 1-way hashes that can be used just like MD5 or SHA or Whirlpool. It's just slightly more computationally slow to use a block-algorithm (designed for encryption and decryption) as a 1-way hash than an algorithm specifically designed for just 1-way hashing. In laymen terms, all symmetrical block ciphers can "self whiten" their own keys so reliance on other cryptographic algorithms is 100% unnecessary.
AES Example: Lets say I have a password that is 40 bytes long, and I need a whitened key with a length of 256-bits:
-
We nee 4 rounds to build a secure key that is based upon all 40 bytes of input:
1) AES's key length is 32 bytes, so I'll need to call this twice, once with the first 32-bytes of my password, and once with the remaining 8 bytes that are padded.
2) AES's block length is 128-bits, so I need to do step 1 twice to get 256-bits. -
Round 1: Encrypt the 128-bit integer value of 0 with the first 32-bytes of the password
- Round 2: Encrypt the 128-bit integer value of 0 with the 2nd 32-bytes of the password
- Round 3: Encrypt the 128-bit integer value of 1 with the first 32-bytes of the password
-
Round 2: Encrypt the 128-bit integer value of 1 with the 2nd 32-bytes of the password
↧
Created Unassigned: Simple Bootloader Bug [542]
The new PIM embedding feature does not work if the wrong password is entered in. Easy to reproduce:
1) Use the PIM feature
2) Settings -> CHECK "Do not request PIM (store unencrypted on disk)
3) Reboot computer
4) Enter in correct password, PIM is skipped, OS loads
5) Reboot computer again
6) Enter in wrong password
7) Enter in correct password
8) BUG: Bootloader now asks for PIM value
1) Use the PIM feature
2) Settings -> CHECK "Do not request PIM (store unencrypted on disk)
3) Reboot computer
4) Enter in correct password, PIM is skipped, OS loads
5) Reboot computer again
6) Enter in wrong password
7) Enter in correct password
8) BUG: Bootloader now asks for PIM value
↧
New Post: Free PIM setting, regardless of password length, pleaaaase?
Encryption key and authorization key are different.
see: https://veracrypt.codeplex.com/wikipage?title=Header%20Key%20Derivation
PIM reasons:
see: https://veracrypt.codeplex.com/wikipage?title=Header%20Key%20Derivation
PIM reasons:
- Slow down bruteforce
-
More easy to mount volume with password cached. (No need enter password. PIM only)
↧
New Post: UEFI system encryption with SSD
I'm using UEFI and SSD.
It looks like there is problem with GPT table. VeraCrypt saves header in 62 sector.
It looks like there is problem with GPT table. VeraCrypt saves header in 62 sector.
↧
↧
New Post: Encryption pre-test failed
I am using Windows 10, am attempting to encrypt the entire hard drive which includes Windows, I set up a 22 character password, chose 0 for the PIM and checked the PIM box, have gotten the boot sequence to where VeraCrypt is asking for the password which I carefully put in, then I either leave the PIM blank or put 0 and hit enter (have tried it both ways multiple times), and I get the Decrypt error (3) telling me either my password, PIM or hash is incorrect. I cannot understand what I am doing wrong - it is probably something simple. Any ideas?
↧
New Post: veracrypt compile errors in window7 visual studio 2010
It is solved.
Thanks for your help!
Thanks for your help!
↧
Commented Unassigned: VeraCrypt Boot Loader is blocked by security policy [539]
Hello,
I was getting this message: ___VeraCrypt Boot Loader is blocked by security policy___ during initiall test when I was trying to encrypt Windows drive.
I disabled security boot in BIOS but the error persists.
I am running Windows 10 (ex Window 8.1) on Lenovo Ultrabook.
Any advise would be appreciated.
Thank you
Comments: My problem solved now. The issue was in BIOS settings. Althought Security Mode was disabled the security status was still enabled. Swithiching Set up mode helped to change the Security status. All worked fine afterwards.
I was getting this message: ___VeraCrypt Boot Loader is blocked by security policy___ during initiall test when I was trying to encrypt Windows drive.
I disabled security boot in BIOS but the error persists.
I am running Windows 10 (ex Window 8.1) on Lenovo Ultrabook.
Any advise would be appreciated.
Thank you
Comments: My problem solved now. The issue was in BIOS settings. Althought Security Mode was disabled the security status was still enabled. Swithiching Set up mode helped to change the Security status. All worked fine afterwards.
↧