I analyzed if I can use VERACRYPT full system encryption. It turns out to be shit, DO NOT USE IT !!!
Here is list of issues:
1. It is unable to encrypt entire computer, because it doesn't support extended partitions. So there is no way to do full disk encryption.
2. Additionally, it can't encrypt non-system partitions in place (even non-extended, but primary ones).
3. They are shills (or dumb ignorants) that enabled AES hardware acceleration by default. What's the point of million iterations and 100 character passwords when your jewish backdoored INTEL cpu is storing your key in special cpu area, and then allows NSA to just read it from there? Maybe it's even possible to read it through internet, by using Intel Active Management Technology.
4. It's forum is hosted on Microsoft's site (codeplex).
5. Insanely slow boot time & password check. Truecrypt used only 1000 iterations yet was secure (that might be too low in future). Why increasing to fucking half millions iterations?
6. They are totalitarian, not allowing you to choose iterations count. Instead forcing you to stupid 5 minute boot time. And dumb idiots already trying to make fork of fork... sourceforge.net
7. They lie about OS they support. Some of OS they claim to support, they don't in fact.
8. They are against freedom of speech, as all open sourcers. They don't allow this post to be posted on their forums.
9. They are unstable open source idiots (like all open sourcers are). I'm scared of trusting them. They don't care about user needs since they are open source and you don't pay them. But because of that, it's also easy to bribe them to put backdoors.
10. No ability to encrypt files or folders (like EncFS). You either choose full partition encryption or stupid fixed-size containers (mounted as hard drive).
11. No option to auto-dismount devices or files (TrueCrypt has it). What's the point of encryption if they can just get your PC while it's running and have all your keys in RAM?
I analyzed if I can use VERACRYPT full system encryption. It turns out to be shit, DO NOT USE IT !!!
Other urls found in this thread:
veracrypt.codeplex.com
techw.in
en.wikipedia.org
merriam-webster.com
nakedsecurity.sophos.com
darkreading.com
securityaffairs.co
twitter.com
afaik it's possible to do a FDE if you boot using MBR and not UEFI+GPT. you still need some bootstrap partition, so it's never 100% encrypted
That's not true.
veracrypt.codeplex.com
It's not possible even on BIOS+MBR
The devs might be shitters but they're making an up-to-date TrueCrypt which is all I care about.
Also
lel
But their "updated TrueCrypt" doesn't work and is shit, doesn't allow full system encryption.
Wtf happened to ex4 folder crypt functionality? it was meant to be upcoming add on feature specifically designed for ex4 partition.
yes LUKS is better
Yes it does. Disk by disk. If you need something better use LUKS. If you're using Windows in the first place and using extended partitions you're doing it wrong.
It can encrypt the system partition while in use. For any other disk it cannot, but I don't know of any FDE software that does this without a whole lot of hoop jumping and for secondary partitions it's really better to just stop using them and encrypt like that. It can encrypt a drive with data on it without destroying the data as well.
not much anyone can help you with user.
keep digging that hole deeper user.
That is a mighty deep hole, user.
They might allow it in the future. This is supposed to be a program for normies after all. If you really want that much control over your software, consider contributing to the fork, or modifying and compiling the code yourself.
Like? If you're using anything but Windows, you should be using LUKS, but I've used veracrypt on linux with even better results than on Windows surprise, surprise
Man, user, you're going to reach the other side of the earth at this rate.
You create a container. Encrypt the container. Put contents in container. I'll admit something more robust would be nice, but you're just nit-picking at this point user.
Have you actually looked at it? It has several options for auto-dismount including an inactivity monitor.
Isn't, doesn't support decent OS.
False. It doesn't because can't extended partitions.
Doesn't work on decent OS. But wait. What if I run LUKS from livecd? Can it full disk like TrueCrypt and put its own bootloader? Or does LUKS require stupid linux to be installed?
Why? It's Windows who created them as extended. I only clicked create partition in partition manager.
You think I'm going to stop using PC for few days so it can fucking encrypt?
I am not using fucking intel, what made you think I do?
Microsoft knows their IP's and place of live, can blackmail to put backdoors. Or modify their posts and upload a backdoored version.
1000 too low, but 25000 would be plenty for years or decades.
I am not dumb linuxers and open sourcer to make 100 forks of one small fork and have one developer work on each work and each being shit instead if they all 100 worked on single one.
Windows
So what on Windows? And why LUKS wouldn't work on Windows? TrueCrypt/VeraCrypt is using bootloader and it doesn't matter what OS you use (at least to start OS...)
Better because VeraCrypt is opensource linux crap
What you said is not encrypting files and folders. It should be that you click on folder and select Encrypt, then it should also hide all files and filenames. When you mount (with mouse click) it should put those files there, show in that folder, not in stupid separate drive letter.
Truecrypt doesn't allow you to encrypt web browser profile, unless you used portable version of browser.
Ok there is but so what, it's useless because when you use FDE you can never unmount disk unless you shutdown PC? Or can it unmount partitions separately?
But stupid veracrypt mounts partitions in 2 minutes so good luck having locked software for 2 minutes until fucking veracrypt mounts it. Because fuckers choosen fucking 5 millions iterations
Use Bitlocker.
...
...
Such as?
Nothing. Windows is like a baby, it can't do anything on its own. Use LUKS on a linux box plus iscsi or virtualization.
LUKS really just needs a plausible deniability option. Decoy OS / hidden OS would be great.
You already lost the game. Give up.
Do you mean it can't extend partitions? Because yes that's a problem. If you mean they don't support 'extended partitions that's a whole different story. And whether or not they do using extended partitions outside a RAID setup is bad form anyway.
I don't know what operating system you're using, but the default formatting for a disk on Windows is simple.
Then why complain about it? It doesn't even effect you. They probably felt the same way in that using Intel is already an invitation for backdoors so why bother with secure defaults for those people?
Not the point, you contradicted yourself and I was pointing it out. Whether or not their default number of iterations is appropriate, as you say "1000 too low" so anything more than that is already an improvement.
Well then you're part of the problem and I assure you that no one values your opinion.
I use it on Windows all the time. I think you're doing it wrong and that's no ones fault but your own.
I'll admit the bootloader thing is a problem, but you can use Grub to unlock partitions with veracrypt. It's a little convoluted and not for the faint of heart but it's doable.
It's literally the definition user. The files and their folders are represented as random bits until they are unlocked with Veracrypt.
As for the rest of that sentence, I already said something more robust would be nice.
Except for:
which is actually untrue. If you use a hard or symbolic link you can encrypt a web browser and it's appdata without affecting the performance of Windows. You will of course still need to unlock the encrypted volume before using the browser, which can be done at login with favorite volumes.
If you're not using the disk Veracrypt will close it. If you're using the disk why the fuck would you want to close the volume?
It will unmount any volume that exceeds the amount of inactivity time you set in the settings except for the system partition which is needed for the running of the operating system, of course. It's not per-volume or anything but it's good enough.
I've had volumes an excess of 4TB and unlocking a secondary partition usually takes about 5-30 seconds depending on the amount of CPU power I have available. Unlocking at startup does take a long time, but that's really all that takes a long time.
Luks can do that, headless mode
Windos
Yes. Windows is clean and minimal, whereas linux is bloated shit that sells with their crap open source apps bundled in. On Windows it's you who decide what you use. And it's the software what makes encryption, not OS.
Can you read? They don't support en.wikipedia.org
So basically they don't support windows
Again you can't read. When you create partitions on Windows, the first one is primary, others are extended (logical) partitions.
That's not a reason to make it simpler for Intel.
No I haven't contradicted. 1000 is too low for future, but their millions are dumb because I rather choose not encrypting at all than using their million shit and waiting 10 minutes to boot.
I don't have time to develop some crap open source. On windows I have proprietary software that works and I don't need to improve it. Only open source shit needs to be improved because it's mediocre
Liar. Or you use newest botnet windows because it only supports them.
I chosen windows to do things by clicking mouse on buttons, not to spend 10 hours in console trying to figure how to grub unlock partitions.
And what did you mean by bootloader a problem? I meant the crap LuksCrypt doesnt have bootloader but you need some crap linux to unlock it. TrueCrypt or VeraCrypt have bootloader so you can encrypt even Mac or any operating system, even commodore64 or atari. Because you can run them from LiveCD and encrypt your disks. Their bootloader will do mounting so you can have any OS. Or that's how I understand it.
Why can't I run LuksCrypt from livecd to encrypt windows and then just boot and start windows?
No it isn't. Encryption of files/folders means encryption of them in place. So they have same path and place. When you put them into stupid container your encrypting a copy of that files and folders, and you need to erase the originals.
That's a lie. Browser data is in C/Docs&Settin/user/browser. You can't encrypt that in place with True/VeraCrap. You need to move that in stupid container but then it will be mounted in stupid other drive, not in C/DocsSett/user/browser. So your browser won't run.
Exactly. And that's the reason FDE is fucking crap. You encrypt your disk but you keep it unencrypted for 90% of time. So what's the fucking point? They just need to wait for an occasion where you go to toilet or just open a door without shutdowning PC. Then they put you on ground and go to your PC, which is running and mounted all disks. They get all your data. FDE is just lying yourself that you are safe.
In comparison, when you use EncFS, when you just listen to music on PC only music is unencrypted but your CP vids and murder proofs are encrypted. So when they take you when you in toilet, they will only get the music (assuming different passwords).
So in reality every partition will be mounted 100% of time. If you just listen to music or have any running programs (autosave etc) they will keep it mounted.
30 seconds is fucking insane slow. And you have goyim newest CPU.
And boot time is infinite slow.
I use Veracrypt on secondary partitions all. the. time. Again you're doing it wrong.
It's reason enough to not give two shits.
Whatever you say.
Well fine, then don't. No one cares.
Proprietary stuff needs to be fixed all the time. Usually bug and UI fixes but it happens all the time. If you don't want open source for the sake of not having open source you are literally cancer.
Nope.
I bet you're using 2000 or XP or something. That's pretty comical considering all your open source bashing.
Well considering your broken engrish you'll have to excuse me if I don't understand you right away.
I don't know and I don't care. Both are used at the start of their respective operating systems and I don't even see what your issue is in this regard.
>merriam-webster.com
Yes, it is. Just because you don't realize this doesn't change anything.
You know, I'm starting to understand why people don't like XP and below fags. You people wouldn't know how to operate a computer if it killed you.
Why would you need encrypt in place when you can encrypt and then create a symbolic link. This is actually the better option because now you can move the data anywhere you want as opposed to having it on your computer at all times. But clearly you don't understand or care about the fundamentals of good computer security so whatever.
What encryption are you using which doesn't do this?
If you don't want to use encryption then whatever but you can't blame encryption for not being this sci-fi magic thing that works on fairy dust and dreams.
>which is running and mounted active disks.
Fixed that for you.
If you're using it correctly it isn't a problem. If you're that paranoid consider a dead-man's switch.
Am I in a commercial or something?
You can achieve the same thing using separate encrypted containers. If you love encFS so much then use it what the fuck is stopping you?
No, your lack of knowledge is not reality.
Not really. It takes longer to cook ramen noodles.
No I don't.
I think a simple "your retarded" would have been simpler. Because clearly you don't understand dick about computers.
STOP ignoring BadTunnel. This flaw affects Linux since 2012, but BadTunnel affects EVERY SINGLE WINDOWS VERSION SINCE WINDOWS 95.
Think about it. Which one is worse; an 11-year old flaw, or a 4-year old flaw?
I do not believe you. Then why they make articles about linux but not windows, if windows has same bug?
Please stop replying to the retard, you are only encouraging him
I didn't say secondary, I said extended. And I'm not wrong you fucker because VeraCrypt even admits it on their own website, that it doesn't work on extended.
veracrypt.codeplex.com
No I didn't. I said 1000 is not good, but 500000 is shit. I rather choose 1000 than 500000. But if was custom I'd choose maybe 20000-50000.
You haven't answered.
No one cares about bug in veracrypt?
Bullshit. Many of proprietary software that was last updated years ago is still 100% useful.
How it's comical? Explain.
Now starting ad personam
>merriam-webster.com
No. I haven't said "encryption". I said "encryption of files and folders".
Again ad personam
Really? A shortcut? What happens then if a web browser wants to save a new file to C/Docs/user/browser/newfolder/newfle.file?
EncFS or BestCrypt can encrypt files/folders in place, you can only decrypt them while using them. So you can store some project inside it, and only have decrypted when you are working on it, which can be 5% of time you spend at PC. This is possible with trucrypt/veracrypt but much less user friendly as you need mount as separate disk, and you need a fixed size container that doesn't grow. So enjoy 100MB file when using 1MB.
If encryption doesn't encrypt when PC is running, what's the point of?
What you mean by correctly? They only need to wait until you boot your PC and knock to door pretending to be a postman or someone. Will you shutdown PC every time anybody is knocking door?
Another discussion error from you
Truecrypt containers are fixed size and have to be mounted as drive. encFS - there isn't good mature port on windows.
That's a fact. You have few partitions. You play music from one partition = it has to be mounted. And all files on it are accessible. And if you use same password/hash for each partition they have all of them.
It's very slow if you wanted to be secure and hibernate/shutdown on every door knock.
So what CPU do you have? What architecture?
It's opposite, you don't understand but repeat everything you read on mainstream shit.
Your post got me thinking.
If we get the OP to dig an autism-fuelled tunnel directly through the earth, would it be feasible to build a gravity/planetary-spin assisted space launch program using it?
>nakedsecurity.sophos.com
>darkreading.com
>securityaffairs.co
You dumb idiot. That windows flaw is 10 times less severe than linux one.
Windows BadTunnel needed:
1. click on a link, open a Microsoft Office document or plug in a USB drive.
2. RUNNING "NetBIOS over TCP/IP" service
3. Enabled NetBIOS in internet connections
4. Lack of Firewall (otherwise it would block)
So you needed all those 4 things. Because of that my Windows is not vulnerable and wasn't even years ago.
You talking as if an exploit that requires IP spoofing to do actual damage is severe.
His autism might fuel the planet's energy needs for years to come.