Encryption with VeraCrypt

Conclusions

VeraCrypt impresses in three scenarios: (1) Access to VeraCrypt-encrypted objects is possible across platforms with Linux, Mac OS X, and Windows; (2) the GUI is ideal for volumes unlocked only when needed, whereas the Linux on-board tools play to their strengths with system-integrated, permanently mounted filesystems; (3) hidden VeraCrypt containers cannot be demonstrated to exist "by design," which adds security that you might need depending on the political situation in your country.

VeraCrypt comes with a bootloader that starts Windows systems in hidden containers. However, with an up-to-date Cryptsetup binary and some modifications to the initial ramdisk, this function can be emulated under Linux, too. Incidentally, VeraCrypt on Linux uses the kernel's dm-crypt mechanism for encryption on the fly, as do the Linux on-board methods, thus removing the need for a separate kernel module that could compromise system stability.

Infos

  1. TrueCrypt: http://truecrypt.sourceforge.net
  2. VeraCrypt: https://veracrypt.codeplex.com
  3. TrueCrypt audit: http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html
  4. Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=538
  5. Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=537
  6. Key disclosure laws: https://en.wikipedia.org/wiki/Key_disclosure_law
  7. dm-crypt/LUKS: https://wiki.archlinux.org/index.php/Dm-crypt
  8. eCryptfs: http://ecryptfs.org
  9. E4M: https://en.wikipedia.org/wiki/E4M
  10. Security fixes: https://veracrypt.codeplex.com/discussions/569777
  11. Installation: http://sourceforge.net/projects/veracrypt/files/
  12. Documentation: https://veracrypt.codeplex.com/documentation/
  13. Windows bootloader: http://sourceforge.net/p/veracrypt/discussion/technical/thread/a010f9bc/
  14. Ubuntu initramfs: https://wiki.ubuntu.com/Initramfs
  15. openSUSE dracut: https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
  16. Code for this article: ftp://ftp.linux-magazine.com/pub/listings/magazine/188
  17. Full-system backup with Rsync: https://wiki.archlinux.org/index.php/Full_system_backup_with_rsync
  18. Initcpio hooks: https://wiki.archlinux.org/index.php/mkinitcpio#HOOKS
  19. Chroot helper script: https://projects.archlinux.org/arch-install-scripts.git/tree/arch-chroot.in
  20. Fixing GRUB in Ubuntu via chroot: https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot
  21. EFI in Arch wiki: https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • VeraCrypt

    Protect your data and operating system from prying eyes with VeraCrypt.

    more »
  • Critical Flaws Found in VeraCrypt

    Popular open source encryption tool is vulnerable to attack

    more »
  • TruPax 9

    The TruPax tool specializes in encrypting small datasets to safeguard your data from prying eyes.

    more »
  • Discreete Linux

    Internet users can fly under the radar of hackers and data collectors with Discreete Linux.

    more »
  • Mofo Linux

    Mofo Linux enables secure digital communications, even in places where it is politically or ideologically unwelcome.

    more »
comments powered by Disqus