{"id":347,"date":"2016-01-20T23:30:17","date_gmt":"2016-01-20T23:30:17","guid":{"rendered":"http:\/\/blog.paranoidprofessor.com\/?p=347"},"modified":"2017-07-27T16:16:31","modified_gmt":"2017-07-27T16:16:31","slug":"securing-your-computer-veracrypt-part-i","status":"publish","type":"post","link":"https:\/\/blog.paranoidprofessor.com\/index.php\/2016\/01\/20\/securing-your-computer-veracrypt-part-i\/","title":{"rendered":"securing your computer \u2013 veraCrypt"},"content":{"rendered":"

In a previous article<\/a> I described how you can use ecryptfs to secure your partition on your computer. \u00a0It was a cool solution that but it was only available on Linux and all of the setup was done from the command line.<\/p>\n

VeraCrypt is a encryption program which can be used to encrypt a partition or to create a file container which becomes a encrypted file system. \u00a0The file container unlike a partition can then be copied like any other file to other disks, to another\u00a0USB\u00a0stick or even to another computer. \u00a0In addition to supporting both partitions and file containers it also provides a small GUI to assist in setting up partitions and for mounting them.<\/p>\n

You can probably download a copy of VeraCrypt from a number of sources but the best would be from their webpage\u00a0codeplex.com<\/a>.<\/p>\n

Verify downloaded file<\/h2>\n

Like any other open source software it is a good idea to verify no problems during the download and that the file has not been tampered with. \u00a0Linux provides the sha256sum program to generate the hash that can be matched against provides list of hashes provided by VeraCrypt.<\/p>\n

In addition to the file, you will need to either download the checksums or look them up from the site.<\/p>\n

veracrypt-1.16-sha256sum.txt\r\naafacca9a600af5b8d66387718c984b8655905f72370bbd772baf90e57e85b7e VeraCrypt Setup 1.16.exe\r\nf5c70ad7ea8dd660f62b9162f745728ccfad1d00e74b3a4eedccf6c3d92eb43f VeraCrypt User Guide.pdf\r\nbfe147cb4c0a0e8ab47fa71ae0d3eec825f49548246da6e4a75a7b9b6250d78c VeraCrypt_1.16.dmg\r\n6861e79eb7e662330fa2a304061ebfb6a56929a78d8f4841ed0449a553257e7a veracrypt_1.16_Source.tar.bz2\r\n0a1c6b8165d78be62623194178a109bdd8f8b4dbcb6c24d8b15eba629f99ddaf veracrypt_1.16_Source.zip\r\n81afbde794ea8ff426f4b5ecfe72269fbdc9b99bb759f42eaf54936d1a7dd1ba veracrypt-1.16-setup.tar.bz2\r\n<\/code><\/pre>\n
Simply run the sha256sum with the downloaded file as the first parameter.<\/p>\n
>\u00a0sha256sum veracrypt-1.16-setup.tar.bz2\r\n81afbde794ea8ff426f4b5ecfe72269fbdc9b99bb759f42eaf54936d1a7dd1ba veracrypt-1.16-setup.tar.bz2\r\n<\/code><\/pre>\n
It just isn’t quite that simple in the windows world as no program for calculating these hashes are shipped with the operating system. \u00a0Yet, it is easy enough to find one, install it and then use that.<\/p>\n
For windows I downloaded the project quickhash<\/a>. \u00a0This is a really easy program that can calculate the hash for text, files, disks and a whole lot more. \u00a0They even ship documentation. \u00a0If you are a windows user, this just might be the package for you.<\/p>\n
However, from the user manual provided there may be some confusion over the name. \u00a0It is possible that other developers have also developed their own program with the same name.<\/p>\n
Install Windows<\/h2>\n
VeraCrypt has a standard windows installer, which walks you through the entire process.<\/p>\n
\"winVeraCrypt1\"<\/a>
The VeraCrypt license that needs to be accepted<\/p><\/div>\n
 <\/p>\n
\"winVeraCrypt2\"
Install dialog<\/p><\/div>\n
 <\/p>\n
\"winVeraCrypt3\"<\/a>
Another Install dialog<\/p><\/div>\n
 <\/p>\n
\"winVeraCrypt4\"
Dialog showing the current status of the install<\/p><\/div>\n
\"winVeraCrypt5\"<\/h2>\n
Install Linux<\/h2>\n
The tar file containing VeraCrypt has been bzipped, and so you need to unzip it first. \u00a0The bzip2 program is not as common of a choice for compressing data.<\/p>\n
There have been a number of different analysis’s between gzip and bzip<\/a>. \u00a0The analysis can be summarized as gzip compresses faster\u00a0but bzip has superior compression. \u00a0The bzip speed\/compression issue may be less and less important as\u00a0the Linux kernel discontinued<\/a> using it march 2013, it is possible that this will be the beginning of a trend.<\/p>\n\n<\/colgroup>\n<\/colgroup>\n\n\n\n\n
Command<\/td>\nDescription<\/td>\n<\/tr>\n
bzip2 -d file.bz2<\/td>\nunpack the contents of the archive and delete the archive once that has been done.<\/td>\n<\/tr>\n
bzip2 -dk file.bz2<\/td>\nunpack the contents of the archive and keep archive.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
The installation is just running a shell script. \u00a0Simply run the script that is appropriate for the version of your operating system. \u00a0They also provide two command line choices as well.<\/p>\n
> bzip2 -d veracrypt-1.16-setup.tar.bz2 \r\n> ls -ltr\r\n-rw-r--r-- 1 dock\u00a0\u00a0 dock\u00a0\u00a0\u00a0 16865280 Jan 13 23:28 veracrypt-1.16-setup.tar\r\n> \r\n> tar xvf veracrypt-1.16-setup.tar\r\n> veracrypt-1.16-setup-console-x64\r\n> veracrypt-1.16-setup-console-x86\r\n> veracrypt-1.16-setup-gui-x64\r\n> veracrypt-1.16-setup-gui-x86\r\n>\r\n> sh veracrypt-1.16-setup-gui-x64\r\n>\r\n<\/code><\/pre>\n
Once you run this script, a few dialog’s will appear, simply click through the dialogs and enter the root password when prompted.<\/p>\n
\"verycrypt-setup\"
Install dialog<\/p><\/div>\n
 <\/p>\n
\"verycrypt-eula\"<\/a>
The VeraCrypt license that needs to be accepted<\/p><\/div>\n
 <\/p>\n
\"verycrypt-uninstall\"<\/a>
A reminder on how to uninstall VeraCrypt<\/p><\/div>\n
 <\/p>\n
\"verycrypt-install\"<\/a>
Installation log output<\/p><\/div>\n
It takes only a few seconds to install the software, and then you are ready to run the software.<\/p>\n
Setup<\/h2>\n
The documentation for veraCrypt is quite complete.\u00a0 It would be difficult to explain in few pages what they cover in quite a lot of detail in over 150 pages.<\/p>\n
It is probably enough, to briefly describe the two different types of encrypted disks that would be created.\u00a0 The first is actually not really a disk but really a very small file system saved as a single file on your normal file system.<\/p>\n
When this file is mounted with veraCrypt it becomes just like any other disk drive that can be written to.\u00a0 Because it is a single file, it could easily be copied to a USB stick, to another computer or to some sort of Internet storage device (cloud).<\/p>\n
This is actually the best choice if you are not very comfortable with the lower levels of the disk drive such as partitions.<\/p>\n
The second type of disk would be an actual disk partition.\u00a0 Instead of creating a file on an existing hard disk, a partition is selected and encrypted.\u00a0 This disk, when mounted, also behaves like any “normal” linux or windows file system.<\/p>\n
When setting up your encrypted disk, you will be prompted for which encryption protocol amongst others things, but there is a rather harmless looking question that shouldn’t be overlooked.<\/p>\n
\"verycrypt-setup7\"<\/a><\/h2>\n
Do you want to store files larger than 4gb.\u00a0 It really depends on the type of data that you will be storing in this encrypted drive how you answer.\u00a0 Most data does not get anywhere near this size.\u00a0 A couple of exceptions might be some sort of raw video footage, or if you have ISO images from double layer DVD’s.<\/p>\n
Another harmless looking question is if you plan on only accessing this encrypted disk from more than one operating system.<\/p>\n
\"verycrypt-setup9\"<\/a><\/h2>\n
I suspect that quite a few Linux users still have a partition with a copy of windows that is used for some minor tasks. \u00a0Setting this option will let you use veraCrypt on other platforms. This makes your encrypted partition accessible from both operating system. \u00a0It can even be used as a method for\u00a0transferring data between the two systems.<\/p>\n
There is one small difference between veraCrypt and its predecessor truecrypt. \u00a0When formatting the encrypted disk you simply select the file system, however, it is now possible to select NTFS even from Linux. \u00a0Previously, the file systems available were only those supported by the running\u00a0operating system.\u00a0\"verycrypt-setup8\"<\/a><\/p>\n
Limitations<\/h2>\n
The good news is that veraCrypt<\/a> seems to be picking up where truecrypt<\/a> left off.\u00a0 The solution provides a nice GUI\u00a0which makes it really easy to mount encrypted files or partitions for even the most casual user.<\/p>\n
The only real limitation that I encountered was that veraCrypt said it was compatible with truecrypt volumes. \u00a0This might be the case, I did not have this experience.<\/p>\n","protected":false},"excerpt":{"rendered":"
In a previous article I described how you can use ecryptfs to secure your partition on your computer. \u00a0It was a cool solution that but it was only available on Linux and all of the setup was done from the … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[89,3],"tags":[57],"_links":{"self":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/347"}],"collection":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/comments?post=347"}],"version-history":[{"count":29,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/347\/revisions"}],"predecessor-version":[{"id":670,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/347\/revisions\/670"}],"wp:attachment":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/media?parent=347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/categories?post=347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/tags?post=347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}