Re: VERACRYPT?


Aman Singer
 

Hi Jeremy,

If we chat about anything specific, and there are any particular tools we discuss, I'll let the list know. Honestly, the tools are more or less accessible, and if the GUI isn't, the command line usually is. This applies to Windows at least, and more or less to Linux/Mac.
As for creating the container on the flash drive, I have never done it except, of course, for when I'm encrypting the flash drive partition itself. This isn't because I think it a bad idea, but because the only significant benefit I can see is not having to move the container from the machine to the flash drive. If, for whatever reason, I don't trust the machine to hold the container, I shouldn't be trusting it to create the container to begin with, since I enter the password into the keyboard and since the machine must access my keyfile if I'm using one. I never do this, but keep in mind that once you move the container, nothing stops you from clearing free space with something like eraser.
Aman

-----
From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of Jeremy
Sent: Monday, December 04, 2017 10:33 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] VERACRYPT?

A bit late to these responses, but would you mind also shooting me any extra information privately you've got on other tools and such that are accessible that you share with

Olusegun? I'm somewhat familiar with using Veracrypt, as I mentioned before, but I've not really kept up on any other tools that might be around and that are accessible, etc. Also, what are your thoughts on creating the encrypted volume directly on the flash drive, compared to creating it elsewhere and then moving the volume to the drive afterwards. I don't know enough about how the creation process actually works to be certain, but I do know that I had issues with one flash drive I used for this, when I was creating the volume directly onto the drive and always wondered if it might be doing to many writes to the flash storage, maybe. Since then, I've always created the volume, normally pretty small volume containers for storing my important information, so text and such, outside the flash drive I want to store it on and then move it there after it's created.

Take care.

On 12/2/2017 9:21 AM, Aman Singer wrote:
Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat
a government-level attacker. If you're trying to do that, that is, if
one of the more despotic or forceful governments of the world is going
to be interested in these USB drives or the machines they're on, there
are other solutions which, though they may not work, will stand up to
attack for a good deal longer than the below. If that is the case, we
should really take this off list, as it has nothing to do with
accessibility. The blind and sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from
the veracrypt documentation, below my name. This is an accessible
process with Jaws and NVDA except for the mouse movement for
randomness. You can either do this if you have a mouse or touch pad or
have a sighted person do it. You can also, depending on the abilities of any potential attacker, leave it.
From here, you have two options. First, you can create a new file
container for each of the subfolders and put that encrypted file
container inside the original container. To open the subfolder, you
will have first to decrypt the main container and then to decrypt the
subfolder with a different password. The user without the second
password, that for the subfolder, will know that the subfolder exists
but will not know what is inside it. Note that it is possible for the
user of the main folder not to know even that the subfolder exists, but this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take
into consideration (is the application trustworthy, is it open source,
is the encryption implementation unbroken, etc). This is easier.
Again, though, the user of the main folder will know that the
subfolder exists but will not be able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container This chapter contains
step-by-step instructions on how to create, mount, and use a VeraCrypt
volume. We strongly recommend that you also read the other sections of
this manual, as they contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking the file VeraCrypt.exe or by clicking the
VeraCrypt shortcut in your Windows Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked
with a red rectangle for clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to
be created. A VeraCrypt volume can reside in a file, which is also
called container, in a partition or drive. In this tutorial, we will
choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the
right-hand part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this tutorial, we will choose the former option
and create a standard VeraCrypt volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume
(file
container) to be
created. Note that a VeraCrypt container is just like any normal file.
It can be, for example, moved or deleted as any normal file. It also
needs a filename, which you will choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of
the VeraCrypt Volume Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder
F:\Data\ and the filename of the volume (container) will be My Volume
(as can be seen in the screenshot above). You may, of course, choose
any other filename and location you like (for example, on a USB memory
stick).
Note that the file My Volume does not exist yet - VeraCrypt will create it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files
(when creating a VeraCrypt file container). If you select an existing
file in this step, it will be overwritten and replaced by the newly
created volume (so the overwritten file will be lost, not encrypted).
You will be able to encrypt existing files (later on) by moving them
to the VeraCrypt volume that we are creating now. * Select the desired
path (where you wish the container to be created) in the file
selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume
Creation Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt
volume, you should securely erase (wipe) the original unencrypted
files. There are software tools that can be used for the purpose of
secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for
the volume. If you are not sure what to select here, you can use the
default settings and click Next (for more information, see chapters
Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be
250 megabyte. You may, of course, specify a different size. After you
type the desired size in the input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a
good volume password.
Read carefully the information displayed in the Wizard window about
what is considered a good password.
After you choose a good password, type it in the first input field.
Then re-type it in the input field below the first one and click Next.
Note: The button Next will be disabled until passwords in both input
fields are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation
Wizard window at least until the randomness indicator becomes green.
The longer you move the mouse, the better (moving the mouse for at
least 30 seconds is recommended). This significantly increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called
My Volume in the folder F:\Data\ (as we specified in Step 6). This
file will be a VeraCrypt container (it will contain the encrypted
VeraCrypt volume). Depending on the size of the volume, the volume
creation may take a long time. After it finishes, the following dialog
box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We
will return to the main VeraCrypt window (which should still be open,
but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle).
This will be the drive letter to which the VeraCrypt container will be
mounted.
Note: In this tutorial, we chose the drive letter M, but you may of
course choose any other available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created
in Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password prompt dialog
window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password
input field (marked with a red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the
volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just
leave it set to "autodetection" but the mounting process will take
more time. Click OK after entering the password.
VeraCrypt will now attempt to mount the volume. If the password is
incorrect (for example, if you typed it incorrectly), VeraCrypt will
notify you and you will need to repeat the previous step (type the
password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names,
allocation tables, free space, etc.) and behaves like a real disk. You
can save (or copy, move, etc.) files to this virtual disk and they
will be encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be automatically decrypted to RAM (memory) on
the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume
(or when you write/copy a file to/from the VeraCrypt volume) you will
not be asked to enter the password again. You need to enter the
correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the
list as shown in the screenshot above (blue selection) and then
double-clicking on the selected item.
You can also browse to the mounted volume the way you normally browse
to any other types of volumes. For example, by opening the 'Computer'
(or 'My Computer') list and double clicking the corresponding drive
letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just
as you would copy them to any normal disk (for example, by simple
drag-and-drop operations). Files that are being read or copied from
the encrypted VeraCrypt volume are automatically decrypted on the fly
in RAM (memory). Similarly, files that are being written or copied to
the VeraCrypt volume are automatically encrypted on the fly in RAM
(right before they are written to the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in RAM (memory). Even when the volume is
mounted, data stored in the volume is still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files stored on it will be inaccessible (and
encrypted). Even when power supply is suddenly interrupted (without
proper system shut down), all files stored on the volume will be
inaccessible (and encrypted). To make them accessible again, you have
to mount the volume. To do so, repeat Steps 13-18.
If you want to close the volume and make files stored on it
inaccessible, either restart your operating system or dismount the
volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main
VeraCrypt window (marked with a red rectangle in the screenshot above)
and then click Dismount (also marked with a red rectangle in the
screenshot above). To make files stored on the volume accessible
again, you will have to mount the volume. To do so, repeat Steps
13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On
Behalf Of Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such
that each folder can only be opened with its own unique password? Can
subfolders also be encrypted such that both a parent folder and a
subfolder can have different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado








Join main@TechTalk.groups.io to automatically receive all group messages.