Encryption with VeraCrypt

Conclusions

VeraCrypt impresses in three scenarios: (1) Access to VeraCrypt-encrypted objects is possible across platforms with Linux, Mac OS X, and Windows; (2) the GUI is ideal for volumes unlocked only when needed, whereas the Linux on-board tools play to their strengths with system-integrated, permanently mounted filesystems; (3) hidden VeraCrypt containers cannot be demonstrated to exist "by design," which adds security that you might need depending on the political situation in your country.

VeraCrypt comes with a bootloader that starts Windows systems in hidden containers. However, with an up-to-date Cryptsetup binary and some modifications to the initial ramdisk, this function can be emulated under Linux, too. Incidentally, VeraCrypt on Linux uses the kernel's dm-crypt mechanism for encryption on the fly, as do the Linux on-board methods, thus removing the need for a separate kernel module that could compromise system stability.

Infos

  1. TrueCrypt: http://truecrypt.sourceforge.net
  2. VeraCrypt: https://veracrypt.codeplex.com
  3. TrueCrypt audit: http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html
  4. Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=538
  5. Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=537
  6. Key disclosure laws: https://en.wikipedia.org/wiki/Key_disclosure_law
  7. dm-crypt/LUKS: https://wiki.archlinux.org/index.php/Dm-crypt
  8. eCryptfs: http://ecryptfs.org
  9. E4M: https://en.wikipedia.org/wiki/E4M
  10. Security fixes: https://veracrypt.codeplex.com/discussions/569777
  11. Installation: http://sourceforge.net/projects/veracrypt/files/
  12. Documentation: https://veracrypt.codeplex.com/documentation/
  13. Windows bootloader: http://sourceforge.net/p/veracrypt/discussion/technical/thread/a010f9bc/
  14. Ubuntu initramfs: https://wiki.ubuntu.com/Initramfs
  15. openSUSE dracut: https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
  16. Code for this article: ftp://ftp.linux-magazine.com/pub/listings/magazine/188
  17. Full-system backup with Rsync: https://wiki.archlinux.org/index.php/Full_system_backup_with_rsync
  18. Initcpio hooks: https://wiki.archlinux.org/index.php/mkinitcpio#HOOKS
  19. Chroot helper script: https://projects.archlinux.org/arch-install-scripts.git/tree/arch-chroot.in
  20. Fixing GRUB in Ubuntu via chroot: https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot
  21. EFI in Arch wiki: https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Critical Flaws Found in VeraCrypt

    Popular open source encryption tool is vulnerable to attack

  • TruPax 9

    The TruPax tool specializes in encrypting small datasets to safeguard your data from prying eyes.

  • Discreete Linux

    Internet users can fly under the radar of hackers and data collectors with Discreete Linux.

  • Mofo Linux

    Mofo Linux enables secure digital communications, even in places where it is politically or ideologically unwelcome.

  • Disk Encryption

    Encrypted volumes have long since ceased to be an exception or luxury. Corporate policies and compliance rules often demand encryption for critical data. This article looks at tools for disk encryption on Linux.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News