Encryption with VeraCrypt

Conclusions

VeraCrypt impresses in three scenarios: (1) Access to VeraCrypt-encrypted objects is possible across platforms with Linux, Mac OS X, and Windows; (2) the GUI is ideal for volumes unlocked only when needed, whereas the Linux on-board tools play to their strengths with system-integrated, permanently mounted filesystems; (3) hidden VeraCrypt containers cannot be demonstrated to exist "by design," which adds security that you might need depending on the political situation in your country.

VeraCrypt comes with a bootloader that starts Windows systems in hidden containers. However, with an up-to-date Cryptsetup binary and some modifications to the initial ramdisk, this function can be emulated under Linux, too. Incidentally, VeraCrypt on Linux uses the kernel's dm-crypt mechanism for encryption on the fly, as do the Linux on-board methods, thus removing the need for a separate kernel module that could compromise system stability.

Infos

  1. TrueCrypt: http://truecrypt.sourceforge.net
  2. VeraCrypt: https://veracrypt.codeplex.com
  3. TrueCrypt audit: http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html
  4. Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=538
  5. Rights escalation: https://code.google.com/p/google-security-research/issues/detail?id=537
  6. Key disclosure laws: https://en.wikipedia.org/wiki/Key_disclosure_law
  7. dm-crypt/LUKS: https://wiki.archlinux.org/index.php/Dm-crypt
  8. eCryptfs: http://ecryptfs.org
  9. E4M: https://en.wikipedia.org/wiki/E4M
  10. Security fixes: https://veracrypt.codeplex.com/discussions/569777
  11. Installation: http://sourceforge.net/projects/veracrypt/files/
  12. Documentation: https://veracrypt.codeplex.com/documentation/
  13. Windows bootloader: http://sourceforge.net/p/veracrypt/discussion/technical/thread/a010f9bc/
  14. Ubuntu initramfs: https://wiki.ubuntu.com/Initramfs
  15. openSUSE dracut: https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html
  16. Code for this article: ftp://ftp.linux-magazine.com/pub/listings/magazine/188
  17. Full-system backup with Rsync: https://wiki.archlinux.org/index.php/Full_system_backup_with_rsync
  18. Initcpio hooks: https://wiki.archlinux.org/index.php/mkinitcpio#HOOKS
  19. Chroot helper script: https://projects.archlinux.org/arch-install-scripts.git/tree/arch-chroot.in
  20. Fixing GRUB in Ubuntu via chroot: https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot
  21. EFI in Arch wiki: https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • VeraCrypt

    Protect your data and operating system from prying eyes with VeraCrypt.

  • Critical Flaws Found in VeraCrypt

    Popular open source encryption tool is vulnerable to attack

  • TruPax 9

    The TruPax tool specializes in encrypting small datasets to safeguard your data from prying eyes.

  • Discreete Linux

    Internet users can fly under the radar of hackers and data collectors with Discreete Linux.

  • Mofo Linux

    Mofo Linux enables secure digital communications, even in places where it is politically or ideologically unwelcome.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News