VeraCrypt is a free software program for encrypting the entire hard disk of your computer, providing plausible deniability features and various encryption algorithms.
Setup of this software is straightforward and uses either a password or keyfile to authenticate you as the rightful owner of a volume that has been marked “hidden.” In addition, an option exists to create additional volumes within that hidden volume.
Security Tokens
A security token or smart card that meets the PKCS #11 standard (2.0 or later) can be used to store keyfiles used for mounting Veracrypt volumes. Each keyfile combines volume password information with any necessary secret, and until the appropriate keyfile is provided to Veracrypt, mounting cannot take place; thus providing increased protection against brute force attacks against passwords.
To use a token or card as a keyfile, select Tools > Add Token Files in the keyfile dialog window, specifying a directory with files intended as keyfiles before clicking OK. Authentication via PIN pad or fingerprint reader will then allow access to its keyfiles on token or card.
Use Veracrypt’s main interface to easily create a container volume on a hard drive or partition, protecting a folder, file or entire hard drive using AES, Serpent Twofish and Camellia encryption algorithms.
Veracrypt allows you to import TrueCrypt keyfiles by selecting Tools > Import Keyfile from Token or Smart Card in the keyfile dialog window. Note that this feature only works with tokens or cards which support PKCS #11 C_Finalize()/C_Initialize() sequence, however if you try and delete token files before trying to import another one it may fail with “no space available” error message; to get around this restart VC after deleting token files causing OpenSC reinitialize before trying reimport again if this fails again with “no space available” error message instead of failing.
On-the-fly Encryption
VeraCrypt is an on-the-fly encryption tool, meaning files are encrypted as they’re written to disk and decrypted when read back out again – making it more difficult for malware to gain access and steal your files while your computer is running, but also slower than simply encrypting everything when saving.
VeraCrypt volumes, whether standard or hidden, offer you 15 unique combinations of ciphers and hash functions to choose from when creating an encrypted volume. Since there is no stored information about the algorithm used for encryption, hash function/cipher combination combinations must be randomly tried out using brute-force attacks; this could take quite some time when using default options like AES-256/SHA-512 combinations as these processes take time to execute successfully.
Veracrypt offers another feature to protect against RAM extraction attacks called “on-the-fly” disk or partition encryption, similar to BitLocker on Windows systems, to safeguard system drives against unauthorized access by anyone without their password. If a system goes offline while this encryption process takes place, it must be rebooted before users can regain access.
VeraCrypt allocates a non paged memory region at Windows startup, filling it with random bytes generated from a CSPRNG (based on mouse movements and other factors) generating pseudorandom keys used in encryption processes and later stored on USB keys automatically generated by VeraCrypt so they can be decrypted if needed in an emergency situation.
Setting up VeraCrypt is straightforward thanks to step-by-step wizards that guide you through the setup process. You can even set up a portable version that runs off a flash drive if data theft from your computer is an issue. VeraCrypt features excellent documentation which outlines all its features clearly, plus offers customizable tweaks.
Hidden Volumes
Hidden volumes allow you to store sensitive data securely inside an encrypted volume that’s indistinguishable from free space on an outer volume and protected with an extra password. In order to gain entry to this hidden volume, both passwords must be entered – providing another layer of protection from hackers and Mafia alike.
First, create an outer VeraCrypt volume. This can be accomplished by clicking “Select File” and selecting where you would like your folder to reside, along with giving it a name and clicking Next. VeraCrypt will ask you to set parameters of your container – though these settings can always be altered later if necessary – as well as giving it a password and formatting it either FAT/NTFS or otherwise.
It is of utmost importance that when creating a hidden volume on your computer, its password differs substantially from that used for its outer counterpart. Otherwise, mounting either could overwrite it and reveal to everyone who accesses your computer that there exists an additional storage option on it – including anyone trying to gain entry with their own computer!
Though unlikely, this situation could arise if held hostage by criminal organizations like Mafia. They might use your fan club ID cards from Bonnie Tyler in your hidden folder as leverage against you to force the password for your regular folder and gain access to potentially incriminating material stored therein.
Although this scenario may seem farfetched, it illustrates the value of plausible deniability. We recognize this and have created our Nitrokey Storage hardware to automatically detect and display hidden folders for maximum access while protecting you with Veracrypt at the same time. This makes protecting yourself while accessing files easier than ever!
Portable Mode
VeraCrypt is a free and open source program that enables you to encrypt files or an entire drive on your PC without needing to install anything; unlike many programs which must be installed first before running, VeraCrypt works in portable mode allowing it to run directly from a USB device or pendrive and takes up 8 MB on space on it.
Once you download a program, the next step should be deciding between using its installer or extracting files directly. We suggest choosing this latter option, as this enables portable access. Once done, create a container file password – be sure to choose something secure! Then start using your new program!
At first use, VeraCrypt will prompt you to select a drive letter and format your encrypted drive in NTFS format – this is generally compatible across most PCs and once complete you can mount it by entering its password into the VeraCrypt main window.
If you need access to the contents of a hidden volume, simply click on its mounted icon in the main window. Windows Explorer will then display its contents. Furthermore, tools like ChkDsk may help identify any problems and repair them as necessary.
VeraCrypt will slow down the performance of your PC slightly when used to encrypt files; however, if used professionally or fearing coercion it could prove invaluable as an extra layer of protection in case any unencrypted information on your primary system becomes compromised.
