Encryption with VeraCrypt
Conclusions
VeraCrypt impresses in three scenarios: (1) Access to VeraCrypt-encrypted objects is possible across platforms with Linux, Mac OS X, and Windows; (2) the GUI is ideal for volumes unlocked only when needed, whereas the Linux on-board tools play to their strengths with system-integrated, permanently mounted filesystems; (3) hidden VeraCrypt containers cannot be demonstrated to exist "by design," which adds security that you might need depending on the political situation in your country.
VeraCrypt comes with a bootloader that starts Windows systems in hidden containers. However, with an up-to-date Cryptsetup binary and some modifications to the initial ramdisk, this function can be emulated under Linux, too. Incidentally, VeraCrypt on Linux uses the kernel's dm-crypt mechanism for encryption on the fly, as do the Linux on-board methods, thus removing the need for a separate kernel module that could compromise system stability.
Infos
- TrueCrypt: http://truecrypt.sourceforge.net
- VeraCrypt: https://veracrypt.codeplex.com
- TrueCrypt audit: http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html
- Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=538
- Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=537
- Key disclosure laws: https://en.wikipedia.org/wiki/Key_disclosure_law
- dm-crypt/LUKS: https://wiki.archlinux.org/index.php/Dm-crypt
- eCryptfs: http://ecryptfs.org
- E4M: https://en.wikipedia.org/wiki/E4M
- Security fixes: https://veracrypt.codeplex.com/discussions/569777
- Installation: http://sourceforge.net/projects/veracrypt/files/
- Documentation: https://veracrypt.codeplex.com/documentation/
- Windows bootloader: http://sourceforge.net/p/veracrypt/discussion/technical/thread/a010f9bc/
- Ubuntu initramfs: https://wiki.ubuntu.com/Initramfs
- openSUSE dracut: https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
- Code for this article: ftp://ftp.linux-magazine.com/pub/listings/magazine/188
- Full-system backup with Rsync: https://wiki.archlinux.org/index.php/Full_system_backup_with_rsync
- Initcpio hooks: https://wiki.archlinux.org/index.php/mkinitcpio#HOOKS
- Chroot helper script: https://projects.archlinux.org/arch-install-scripts.git/tree/arch-chroot.in
- Fixing GRUB in Ubuntu via chroot: https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot
- EFI in Arch wiki: https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)