VERACRYPT?


Aman Singer
 

Hi Joe,

TC is not so much bad as it is old. The only reason I can see not to use it is that it is no longer being developed and the development was stopped a bit oddly. On the other hand, it is said to have passed a source audit fairly well, and a great deal of what is in VC started out in TC. Keep in mind that the important thing about an encryption package is that it should stand up against the kind of attacker it might face. That is, the point isn't to somehow stop an attacker with infinite resources and infinite time, that's impossible anyway and in most cases not worth trying for, not to mention that no such attacker exists. The point of any encryption application is to make it very difficult for the kind of attacker who wants to get the information to decrypt the container without spending too much time/money. Obviously, the strength of the encryption application as against the value of the information is something only you can judge. However, thinking about banking information, for example, the most likely attackers to want that are people around you who get access to the machine, people who steal the machine, or people who hijack the machine. In all three cases, I would think that a strong pass phrase with TC would be quite satisfactory. That is, it would make the decryption so difficult as not to be worthwhile. More sophisticated attackers would either not be interested, be able to get the information from elsewhere, or attack the underlying operating system, in which case the encryption application probably wouldn’t matter. All that is the long way of saying that, if TC meets your needs, I don’t see why you shouldn’t continue to use it. Obviously, I would check the hash values if I needed to download another copy or keep my own copy, I’m sure someone has put up installers with embedded malware.
Aman

-----Original Message-----
From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of Joe Orozco
Sent: Tuesday, December 05, 2017 8:06 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] VERACRYPT?

Is TrueCript truly a bad option? I'm still using it. It fits my needs, but as I'm using it to encrypt banking information and other financials, I would be curious to know if my approach is a dumb one.
:)

Joe

On 12/5/17, Aman Singer <aman.singer@gmail.com> wrote:
Hi Jeremy,

If we chat about anything specific, and there are any particular
tools we discuss, I'll let the list know. Honestly, the tools are more
or less accessible, and if the GUI isn't, the command line usually is.
This applies to Windows at least, and more or less to Linux/Mac.
As for creating the container on the flash drive, I have never done
it except, of course, for when I'm encrypting the flash drive partition itself.
This isn't because I think it a bad idea, but because the only
significant benefit I can see is not having to move the container from
the machine to the flash drive. If, for whatever reason, I don't trust
the machine to hold the container, I shouldn't be trusting it to
create the container to begin with, since I enter the password into
the keyboard and since the machine must access my keyfile if I'm using
one. I never do this, but keep in mind that once you move the
container, nothing stops you from clearing free space with something like eraser.
Aman

-----
From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On
Behalf Of Jeremy
Sent: Monday, December 04, 2017 10:33 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] VERACRYPT?

A bit late to these responses, but would you mind also shooting me any
extra information privately you've got on other tools and such that
are accessible that you share with

Olusegun? I'm somewhat familiar with using Veracrypt, as I mentioned
before, but I've not really kept up on any other tools that might be
around and that are accessible, etc. Also, what are your thoughts on
creating the encrypted volume directly on the flash drive, compared to
creating it elsewhere and then moving the volume to the drive
afterwards. I don't know enough about how the creation process
actually works to be certain, but I do know that I had issues with one
flash drive I used for this, when I was creating the volume directly
onto the drive and always wondered if it might be doing to many writes
to the flash storage, maybe. Since then, I've always created the
volume, normally pretty small volume containers for storing my
important information, so text and such, outside the flash drive I want to store it on and then move it there after it's created.

Take care.

On 12/2/2017 9:21 AM, Aman Singer wrote:
Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to
defeat a government-level attacker. If you're trying to do that, that
is, if one of the more despotic or forceful governments of the world
is going to be interested in these USB drives or the machines they're
on, there are other solutions which, though they may not work, will
stand up to attack for a good deal longer than the below. If that is
the case, we should really take this off list, as it has nothing to
do with accessibility. The blind and sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from
the veracrypt documentation, below my name. This is an accessible
process with Jaws and NVDA except for the mouse movement for
randomness. You can either do this if you have a mouse or touch pad
or have a sighted person do it. You can also, depending on the
abilities of any potential attacker, leave it.
From here, you have two options. First, you can create a new file
container for each of the subfolders and put that encrypted file
container inside the original container. To open the subfolder, you
will have first to decrypt the main container and then to decrypt the
subfolder with a different password. The user without the second
password, that for the subfolder, will know that the subfolder exists
but will not know what is inside it. Note that it is possible for the
user of the main folder not to know even that the subfolder exists,
but this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take
into consideration (is the application trustworthy, is it open
source, is the encryption implementation unbroken, etc). This is easier.
Again, though, the user of the main folder will know that the
subfolder exists but will not be able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container This chapter contains
step-by-step instructions on how to create, mount, and use a
VeraCrypt volume. We strongly recommend that you also read the other
sections of this manual, as they contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking the file VeraCrypt.exe or by clicking the
VeraCrypt shortcut in your Windows Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked
with a red rectangle for clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume
to be created. A VeraCrypt volume can reside in a file, which is also
called container, in a partition or drive. In this tutorial, we will
choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the
right-hand part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or
hidden VeraCrypt volume. In this tutorial, we will choose the former
option and create a standard VeraCrypt volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume
(file
container) to be
created. Note that a VeraCrypt container is just like any normal file.
It can be, for example, moved or deleted as any normal file. It also
needs a filename, which you will choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of
the VeraCrypt Volume Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder
F:\Data\ and the filename of the volume (container) will be My Volume
(as can be seen in the screenshot above). You may, of course, choose
any other filename and location you like (for example, on a USB
memory stick).
Note that the file My Volume does not exist yet - VeraCrypt will
create it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files
(when creating a VeraCrypt file container). If you select an existing
file in this step, it will be overwritten and replaced by the newly
created volume (so the overwritten file will be lost, not encrypted).
You will be able to encrypt existing files (later on) by moving them
to the VeraCrypt volume that we are creating now. * Select the
desired path (where you wish the container to be created) in the file
selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume
Creation Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt
volume, you should securely erase (wipe) the original unencrypted
files. There are software tools that can be used for the purpose of
secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for
the volume. If you are not sure what to select here, you can use the
default settings and click Next (for more information, see chapters
Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to
be
250 megabyte. You may, of course, specify a different size. After you
type the desired size in the input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a
good volume password.
Read carefully the information displayed in the Wizard window about
what is considered a good password.
After you choose a good password, type it in the first input field.
Then re-type it in the input field below the first one and click Next.
Note: The button Next will be disabled until passwords in both input
fields are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation
Wizard window at least until the randomness indicator becomes green.
The longer you move the mouse, the better (moving the mouse for at
least 30 seconds is recommended). This significantly increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called
My Volume in the folder F:\Data\ (as we specified in Step 6). This
file will be a VeraCrypt container (it will contain the encrypted
VeraCrypt volume). Depending on the size of the volume, the volume
creation may take a long time. After it finishes, the following
dialog box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We
will return to the main VeraCrypt window (which should still be open,
but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle).
This will be the drive letter to which the VeraCrypt container will
be mounted.
Note: In this tutorial, we chose the drive letter M, but you may of
course choose any other available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created
in Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password prompt dialog
window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password
input field (marked with a red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the
volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used,
just leave it set to "autodetection" but the mounting process will
take more time. Click OK after entering the password.
VeraCrypt will now attempt to mount the volume. If the password is
incorrect (for example, if you typed it incorrectly), VeraCrypt will
notify you and you will need to repeat the previous step (type the
password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names,
allocation tables, free space, etc.) and behaves like a real disk.
You can save (or copy, move, etc.) files to this virtual disk and
they will be encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in
media player, the file will be automatically decrypted to RAM
(memory) on the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt
volume (or when you write/copy a file to/from the VeraCrypt volume)
you will not be asked to enter the password again. You need to enter
the correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the
list as shown in the screenshot above (blue selection) and then
double-clicking on the selected item.
You can also browse to the mounted volume the way you normally browse
to any other types of volumes. For example, by opening the 'Computer'
(or 'My Computer') list and double clicking the corresponding drive
letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just
as you would copy them to any normal disk (for example, by simple
drag-and-drop operations). Files that are being read or copied from
the encrypted VeraCrypt volume are automatically decrypted on the fly
in RAM (memory). Similarly, files that are being written or copied to
the VeraCrypt volume are automatically encrypted on the fly in RAM
(right before they are written to the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it
only stores them temporarily in RAM (memory). Even when the volume is
mounted, data stored in the volume is still encrypted.
When you restart Windows or turn off your computer, the volume will
be dismounted and all files stored on it will be inaccessible (and
encrypted). Even when power supply is suddenly interrupted (without
proper system shut down), all files stored on the volume will be
inaccessible (and encrypted). To make them accessible again, you have
to mount the volume. To do so, repeat Steps 13-18.
If you want to close the volume and make files stored on it
inaccessible, either restart your operating system or dismount the
volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main
VeraCrypt window (marked with a red rectangle in the screenshot
above) and then click Dismount (also marked with a red rectangle in
the screenshot above). To make files stored on the volume accessible
again, you will have to mount the volume. To do so, repeat Steps
13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On
Behalf Of Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash
drive.


Question: Is it possible to use VeraCrypt to encrypt each folder
such that each folder can only be opened with its own unique
password? Can subfolders also be encrypted such that both a parent
folder and a subfolder can have different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an
essential documentation requirement in my line of business. Looking
forward to reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado
















Jeremy <icu8it2@...>
 

I never did quite understand what happened between the time that work on TC had stopped and the source was went through and audited, or so I think I might recall and it was changed over to Veracrypt. I know though that for a while, people were still suggesting that TC was okay to use and that you could still find pages where you could grab a download of it, but I didn't ever pay close enough attention to everything to know if it was worthwhile. Before that, I'd used TC and noticed that the interface for Veracrypt was pretty much the same, but never really looked into how much more secure these new changes to it might make it. If it were me though, I'd probably say it'd be okay to use it for keeping important information such as banking and passwords and alike secure, that's also what I've done with it, but perhaps those more knowledgeable might know better. :)
Take care.

On 12/5/2017 7:05 PM, Joe Orozco wrote:
Is TrueCript truly a bad option? I'm still using it. It fits my needs,
but as I'm using it to encrypt banking information and other
financials, I would be curious to know if my approach is a dumb one.
:)

Joe

On 12/5/17, Aman Singer <aman.singer@gmail.com> wrote:
Hi Jeremy,

If we chat about anything specific, and there are any particular tools we
discuss, I'll let the list know. Honestly, the tools are more or less
accessible, and if the GUI isn't, the command line usually is. This applies
to Windows at least, and more or less to Linux/Mac.
As for creating the container on the flash drive, I have never done it
except, of course, for when I'm encrypting the flash drive partition itself.
This isn't because I think it a bad idea, but because the only significant
benefit I can see is not having to move the container from the machine to
the flash drive. If, for whatever reason, I don't trust the machine to hold
the container, I shouldn't be trusting it to create the container to begin
with, since I enter the password into the keyboard and since the machine
must access my keyfile if I'm using one. I never do this, but keep in mind
that once you move the container, nothing stops you from clearing free space
with something like eraser.
Aman

-----
From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of
Jeremy
Sent: Monday, December 04, 2017 10:33 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] VERACRYPT?

A bit late to these responses, but would you mind also shooting me any extra
information privately you've got on other tools and such that are accessible
that you share with

Olusegun? I'm somewhat familiar with using Veracrypt, as I mentioned before,
but I've not really kept up on any other tools that might be around and that
are accessible, etc. Also, what are your thoughts on creating the encrypted
volume directly on the flash drive, compared to creating it elsewhere and
then moving the volume to the drive afterwards. I don't know enough about
how the creation process actually works to be certain, but I do know that I
had issues with one flash drive I used for this, when I was creating the
volume directly onto the drive and always wondered if it might be doing to
many writes to the flash storage, maybe. Since then, I've always created the
volume, normally pretty small volume containers for storing my important
information, so text and such, outside the flash drive I want to store it on
and then move it there after it's created.

Take care.

On 12/2/2017 9:21 AM, Aman Singer wrote:
Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat
a government-level attacker. If you're trying to do that, that is, if
one of the more despotic or forceful governments of the world is going
to be interested in these USB drives or the machines they're on, there
are other solutions which, though they may not work, will stand up to
attack for a good deal longer than the below. If that is the case, we
should really take this off list, as it has nothing to do with
accessibility. The blind and sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from
the veracrypt documentation, below my name. This is an accessible
process with Jaws and NVDA except for the mouse movement for
randomness. You can either do this if you have a mouse or touch pad or
have a sighted person do it. You can also, depending on the abilities of
any potential attacker, leave it.
From here, you have two options. First, you can create a new file
container for each of the subfolders and put that encrypted file
container inside the original container. To open the subfolder, you
will have first to decrypt the main container and then to decrypt the
subfolder with a different password. The user without the second
password, that for the subfolder, will know that the subfolder exists
but will not know what is inside it. Note that it is possible for the
user of the main folder not to know even that the subfolder exists, but
this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take
into consideration (is the application trustworthy, is it open source,
is the encryption implementation unbroken, etc). This is easier.
Again, though, the user of the main folder will know that the
subfolder exists but will not be able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container This chapter contains
step-by-step instructions on how to create, mount, and use a VeraCrypt
volume. We strongly recommend that you also read the other sections of
this manual, as they contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking the file VeraCrypt.exe or by clicking the
VeraCrypt shortcut in your Windows Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked
with a red rectangle for clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to
be created. A VeraCrypt volume can reside in a file, which is also
called container, in a partition or drive. In this tutorial, we will
choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the
right-hand part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this tutorial, we will choose the former option
and create a standard VeraCrypt volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume
(file
container) to be
created. Note that a VeraCrypt container is just like any normal file.
It can be, for example, moved or deleted as any normal file. It also
needs a filename, which you will choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of
the VeraCrypt Volume Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder
F:\Data\ and the filename of the volume (container) will be My Volume
(as can be seen in the screenshot above). You may, of course, choose
any other filename and location you like (for example, on a USB memory
stick).
Note that the file My Volume does not exist yet - VeraCrypt will create
it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files
(when creating a VeraCrypt file container). If you select an existing
file in this step, it will be overwritten and replaced by the newly
created volume (so the overwritten file will be lost, not encrypted).
You will be able to encrypt existing files (later on) by moving them
to the VeraCrypt volume that we are creating now. * Select the desired
path (where you wish the container to be created) in the file
selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume
Creation Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt
volume, you should securely erase (wipe) the original unencrypted
files. There are software tools that can be used for the purpose of
secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for
the volume. If you are not sure what to select here, you can use the
default settings and click Next (for more information, see chapters
Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be
250 megabyte. You may, of course, specify a different size. After you
type the desired size in the input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a
good volume password.
Read carefully the information displayed in the Wizard window about
what is considered a good password.
After you choose a good password, type it in the first input field.
Then re-type it in the input field below the first one and click Next.
Note: The button Next will be disabled until passwords in both input
fields are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation
Wizard window at least until the randomness indicator becomes green.
The longer you move the mouse, the better (moving the mouse for at
least 30 seconds is recommended). This significantly increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called
My Volume in the folder F:\Data\ (as we specified in Step 6). This
file will be a VeraCrypt container (it will contain the encrypted
VeraCrypt volume). Depending on the size of the volume, the volume
creation may take a long time. After it finishes, the following dialog
box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We
will return to the main VeraCrypt window (which should still be open,
but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle).
This will be the drive letter to which the VeraCrypt container will be
mounted.
Note: In this tutorial, we chose the drive letter M, but you may of
course choose any other available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created
in Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password prompt dialog
window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password
input field (marked with a red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the
volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just
leave it set to "autodetection" but the mounting process will take
more time. Click OK after entering the password.
VeraCrypt will now attempt to mount the volume. If the password is
incorrect (for example, if you typed it incorrectly), VeraCrypt will
notify you and you will need to repeat the previous step (type the
password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names,
allocation tables, free space, etc.) and behaves like a real disk. You
can save (or copy, move, etc.) files to this virtual disk and they
will be encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be automatically decrypted to RAM (memory) on
the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume
(or when you write/copy a file to/from the VeraCrypt volume) you will
not be asked to enter the password again. You need to enter the
correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the
list as shown in the screenshot above (blue selection) and then
double-clicking on the selected item.
You can also browse to the mounted volume the way you normally browse
to any other types of volumes. For example, by opening the 'Computer'
(or 'My Computer') list and double clicking the corresponding drive
letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just
as you would copy them to any normal disk (for example, by simple
drag-and-drop operations). Files that are being read or copied from
the encrypted VeraCrypt volume are automatically decrypted on the fly
in RAM (memory). Similarly, files that are being written or copied to
the VeraCrypt volume are automatically encrypted on the fly in RAM
(right before they are written to the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in RAM (memory). Even when the volume is
mounted, data stored in the volume is still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files stored on it will be inaccessible (and
encrypted). Even when power supply is suddenly interrupted (without
proper system shut down), all files stored on the volume will be
inaccessible (and encrypted). To make them accessible again, you have
to mount the volume. To do so, repeat Steps 13-18.
If you want to close the volume and make files stored on it
inaccessible, either restart your operating system or dismount the
volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main
VeraCrypt window (marked with a red rectangle in the screenshot above)
and then click Dismount (also marked with a red rectangle in the
screenshot above). To make files stored on the volume accessible
again, you will have to mount the volume. To do so, repeat Steps
13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On
Behalf Of Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash
drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such
that each folder can only be opened with its own unique password? Can
subfolders also be encrypted such that both a parent folder and a
subfolder can have different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado















Joe Orozco
 

Is TrueCript truly a bad option? I'm still using it. It fits my needs,
but as I'm using it to encrypt banking information and other
financials, I would be curious to know if my approach is a dumb one.
:)

Joe

On 12/5/17, Aman Singer <aman.singer@gmail.com> wrote:
Hi Jeremy,

If we chat about anything specific, and there are any particular tools we
discuss, I'll let the list know. Honestly, the tools are more or less
accessible, and if the GUI isn't, the command line usually is. This applies
to Windows at least, and more or less to Linux/Mac.
As for creating the container on the flash drive, I have never done it
except, of course, for when I'm encrypting the flash drive partition itself.
This isn't because I think it a bad idea, but because the only significant
benefit I can see is not having to move the container from the machine to
the flash drive. If, for whatever reason, I don't trust the machine to hold
the container, I shouldn't be trusting it to create the container to begin
with, since I enter the password into the keyboard and since the machine
must access my keyfile if I'm using one. I never do this, but keep in mind
that once you move the container, nothing stops you from clearing free space
with something like eraser.
Aman

-----
From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of
Jeremy
Sent: Monday, December 04, 2017 10:33 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] VERACRYPT?

A bit late to these responses, but would you mind also shooting me any extra
information privately you've got on other tools and such that are accessible
that you share with

Olusegun? I'm somewhat familiar with using Veracrypt, as I mentioned before,
but I've not really kept up on any other tools that might be around and that
are accessible, etc. Also, what are your thoughts on creating the encrypted
volume directly on the flash drive, compared to creating it elsewhere and
then moving the volume to the drive afterwards. I don't know enough about
how the creation process actually works to be certain, but I do know that I
had issues with one flash drive I used for this, when I was creating the
volume directly onto the drive and always wondered if it might be doing to
many writes to the flash storage, maybe. Since then, I've always created the
volume, normally pretty small volume containers for storing my important
information, so text and such, outside the flash drive I want to store it on
and then move it there after it's created.

Take care.

On 12/2/2017 9:21 AM, Aman Singer wrote:
Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat
a government-level attacker. If you're trying to do that, that is, if
one of the more despotic or forceful governments of the world is going
to be interested in these USB drives or the machines they're on, there
are other solutions which, though they may not work, will stand up to
attack for a good deal longer than the below. If that is the case, we
should really take this off list, as it has nothing to do with
accessibility. The blind and sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from
the veracrypt documentation, below my name. This is an accessible
process with Jaws and NVDA except for the mouse movement for
randomness. You can either do this if you have a mouse or touch pad or
have a sighted person do it. You can also, depending on the abilities of
any potential attacker, leave it.
From here, you have two options. First, you can create a new file
container for each of the subfolders and put that encrypted file
container inside the original container. To open the subfolder, you
will have first to decrypt the main container and then to decrypt the
subfolder with a different password. The user without the second
password, that for the subfolder, will know that the subfolder exists
but will not know what is inside it. Note that it is possible for the
user of the main folder not to know even that the subfolder exists, but
this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take
into consideration (is the application trustworthy, is it open source,
is the encryption implementation unbroken, etc). This is easier.
Again, though, the user of the main folder will know that the
subfolder exists but will not be able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container This chapter contains
step-by-step instructions on how to create, mount, and use a VeraCrypt
volume. We strongly recommend that you also read the other sections of
this manual, as they contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking the file VeraCrypt.exe or by clicking the
VeraCrypt shortcut in your Windows Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked
with a red rectangle for clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to
be created. A VeraCrypt volume can reside in a file, which is also
called container, in a partition or drive. In this tutorial, we will
choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the
right-hand part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this tutorial, we will choose the former option
and create a standard VeraCrypt volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume
(file
container) to be
created. Note that a VeraCrypt container is just like any normal file.
It can be, for example, moved or deleted as any normal file. It also
needs a filename, which you will choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of
the VeraCrypt Volume Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder
F:\Data\ and the filename of the volume (container) will be My Volume
(as can be seen in the screenshot above). You may, of course, choose
any other filename and location you like (for example, on a USB memory
stick).
Note that the file My Volume does not exist yet - VeraCrypt will create
it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files
(when creating a VeraCrypt file container). If you select an existing
file in this step, it will be overwritten and replaced by the newly
created volume (so the overwritten file will be lost, not encrypted).
You will be able to encrypt existing files (later on) by moving them
to the VeraCrypt volume that we are creating now. * Select the desired
path (where you wish the container to be created) in the file
selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume
Creation Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt
volume, you should securely erase (wipe) the original unencrypted
files. There are software tools that can be used for the purpose of
secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for
the volume. If you are not sure what to select here, you can use the
default settings and click Next (for more information, see chapters
Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be
250 megabyte. You may, of course, specify a different size. After you
type the desired size in the input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a
good volume password.
Read carefully the information displayed in the Wizard window about
what is considered a good password.
After you choose a good password, type it in the first input field.
Then re-type it in the input field below the first one and click Next.
Note: The button Next will be disabled until passwords in both input
fields are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation
Wizard window at least until the randomness indicator becomes green.
The longer you move the mouse, the better (moving the mouse for at
least 30 seconds is recommended). This significantly increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called
My Volume in the folder F:\Data\ (as we specified in Step 6). This
file will be a VeraCrypt container (it will contain the encrypted
VeraCrypt volume). Depending on the size of the volume, the volume
creation may take a long time. After it finishes, the following dialog
box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We
will return to the main VeraCrypt window (which should still be open,
but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle).
This will be the drive letter to which the VeraCrypt container will be
mounted.
Note: In this tutorial, we chose the drive letter M, but you may of
course choose any other available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created
in Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password prompt dialog
window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password
input field (marked with a red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the
volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just
leave it set to "autodetection" but the mounting process will take
more time. Click OK after entering the password.
VeraCrypt will now attempt to mount the volume. If the password is
incorrect (for example, if you typed it incorrectly), VeraCrypt will
notify you and you will need to repeat the previous step (type the
password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names,
allocation tables, free space, etc.) and behaves like a real disk. You
can save (or copy, move, etc.) files to this virtual disk and they
will be encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be automatically decrypted to RAM (memory) on
the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume
(or when you write/copy a file to/from the VeraCrypt volume) you will
not be asked to enter the password again. You need to enter the
correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the
list as shown in the screenshot above (blue selection) and then
double-clicking on the selected item.
You can also browse to the mounted volume the way you normally browse
to any other types of volumes. For example, by opening the 'Computer'
(or 'My Computer') list and double clicking the corresponding drive
letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just
as you would copy them to any normal disk (for example, by simple
drag-and-drop operations). Files that are being read or copied from
the encrypted VeraCrypt volume are automatically decrypted on the fly
in RAM (memory). Similarly, files that are being written or copied to
the VeraCrypt volume are automatically encrypted on the fly in RAM
(right before they are written to the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in RAM (memory). Even when the volume is
mounted, data stored in the volume is still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files stored on it will be inaccessible (and
encrypted). Even when power supply is suddenly interrupted (without
proper system shut down), all files stored on the volume will be
inaccessible (and encrypted). To make them accessible again, you have
to mount the volume. To do so, repeat Steps 13-18.
If you want to close the volume and make files stored on it
inaccessible, either restart your operating system or dismount the
volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main
VeraCrypt window (marked with a red rectangle in the screenshot above)
and then click Dismount (also marked with a red rectangle in the
screenshot above). To make files stored on the volume accessible
again, you will have to mount the volume. To do so, repeat Steps
13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On
Behalf Of Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash
drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such
that each folder can only be opened with its own unique password? Can
subfolders also be encrypted such that both a parent folder and a
subfolder can have different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado
















Aman Singer
 

Hi Jeremy,

If we chat about anything specific, and there are any particular tools we discuss, I'll let the list know. Honestly, the tools are more or less accessible, and if the GUI isn't, the command line usually is. This applies to Windows at least, and more or less to Linux/Mac.
As for creating the container on the flash drive, I have never done it except, of course, for when I'm encrypting the flash drive partition itself. This isn't because I think it a bad idea, but because the only significant benefit I can see is not having to move the container from the machine to the flash drive. If, for whatever reason, I don't trust the machine to hold the container, I shouldn't be trusting it to create the container to begin with, since I enter the password into the keyboard and since the machine must access my keyfile if I'm using one. I never do this, but keep in mind that once you move the container, nothing stops you from clearing free space with something like eraser.
Aman

-----
From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of Jeremy
Sent: Monday, December 04, 2017 10:33 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] VERACRYPT?

A bit late to these responses, but would you mind also shooting me any extra information privately you've got on other tools and such that are accessible that you share with

Olusegun? I'm somewhat familiar with using Veracrypt, as I mentioned before, but I've not really kept up on any other tools that might be around and that are accessible, etc. Also, what are your thoughts on creating the encrypted volume directly on the flash drive, compared to creating it elsewhere and then moving the volume to the drive afterwards. I don't know enough about how the creation process actually works to be certain, but I do know that I had issues with one flash drive I used for this, when I was creating the volume directly onto the drive and always wondered if it might be doing to many writes to the flash storage, maybe. Since then, I've always created the volume, normally pretty small volume containers for storing my important information, so text and such, outside the flash drive I want to store it on and then move it there after it's created.

Take care.

On 12/2/2017 9:21 AM, Aman Singer wrote:
Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat
a government-level attacker. If you're trying to do that, that is, if
one of the more despotic or forceful governments of the world is going
to be interested in these USB drives or the machines they're on, there
are other solutions which, though they may not work, will stand up to
attack for a good deal longer than the below. If that is the case, we
should really take this off list, as it has nothing to do with
accessibility. The blind and sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from
the veracrypt documentation, below my name. This is an accessible
process with Jaws and NVDA except for the mouse movement for
randomness. You can either do this if you have a mouse or touch pad or
have a sighted person do it. You can also, depending on the abilities of any potential attacker, leave it.
From here, you have two options. First, you can create a new file
container for each of the subfolders and put that encrypted file
container inside the original container. To open the subfolder, you
will have first to decrypt the main container and then to decrypt the
subfolder with a different password. The user without the second
password, that for the subfolder, will know that the subfolder exists
but will not know what is inside it. Note that it is possible for the
user of the main folder not to know even that the subfolder exists, but this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take
into consideration (is the application trustworthy, is it open source,
is the encryption implementation unbroken, etc). This is easier.
Again, though, the user of the main folder will know that the
subfolder exists but will not be able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container This chapter contains
step-by-step instructions on how to create, mount, and use a VeraCrypt
volume. We strongly recommend that you also read the other sections of
this manual, as they contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking the file VeraCrypt.exe or by clicking the
VeraCrypt shortcut in your Windows Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked
with a red rectangle for clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to
be created. A VeraCrypt volume can reside in a file, which is also
called container, in a partition or drive. In this tutorial, we will
choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the
right-hand part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this tutorial, we will choose the former option
and create a standard VeraCrypt volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume
(file
container) to be
created. Note that a VeraCrypt container is just like any normal file.
It can be, for example, moved or deleted as any normal file. It also
needs a filename, which you will choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of
the VeraCrypt Volume Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder
F:\Data\ and the filename of the volume (container) will be My Volume
(as can be seen in the screenshot above). You may, of course, choose
any other filename and location you like (for example, on a USB memory
stick).
Note that the file My Volume does not exist yet - VeraCrypt will create it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files
(when creating a VeraCrypt file container). If you select an existing
file in this step, it will be overwritten and replaced by the newly
created volume (so the overwritten file will be lost, not encrypted).
You will be able to encrypt existing files (later on) by moving them
to the VeraCrypt volume that we are creating now. * Select the desired
path (where you wish the container to be created) in the file
selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume
Creation Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt
volume, you should securely erase (wipe) the original unencrypted
files. There are software tools that can be used for the purpose of
secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for
the volume. If you are not sure what to select here, you can use the
default settings and click Next (for more information, see chapters
Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be
250 megabyte. You may, of course, specify a different size. After you
type the desired size in the input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a
good volume password.
Read carefully the information displayed in the Wizard window about
what is considered a good password.
After you choose a good password, type it in the first input field.
Then re-type it in the input field below the first one and click Next.
Note: The button Next will be disabled until passwords in both input
fields are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation
Wizard window at least until the randomness indicator becomes green.
The longer you move the mouse, the better (moving the mouse for at
least 30 seconds is recommended). This significantly increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called
My Volume in the folder F:\Data\ (as we specified in Step 6). This
file will be a VeraCrypt container (it will contain the encrypted
VeraCrypt volume). Depending on the size of the volume, the volume
creation may take a long time. After it finishes, the following dialog
box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We
will return to the main VeraCrypt window (which should still be open,
but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle).
This will be the drive letter to which the VeraCrypt container will be
mounted.
Note: In this tutorial, we chose the drive letter M, but you may of
course choose any other available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created
in Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password prompt dialog
window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password
input field (marked with a red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the
volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just
leave it set to "autodetection" but the mounting process will take
more time. Click OK after entering the password.
VeraCrypt will now attempt to mount the volume. If the password is
incorrect (for example, if you typed it incorrectly), VeraCrypt will
notify you and you will need to repeat the previous step (type the
password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names,
allocation tables, free space, etc.) and behaves like a real disk. You
can save (or copy, move, etc.) files to this virtual disk and they
will be encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be automatically decrypted to RAM (memory) on
the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume
(or when you write/copy a file to/from the VeraCrypt volume) you will
not be asked to enter the password again. You need to enter the
correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the
list as shown in the screenshot above (blue selection) and then
double-clicking on the selected item.
You can also browse to the mounted volume the way you normally browse
to any other types of volumes. For example, by opening the 'Computer'
(or 'My Computer') list and double clicking the corresponding drive
letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just
as you would copy them to any normal disk (for example, by simple
drag-and-drop operations). Files that are being read or copied from
the encrypted VeraCrypt volume are automatically decrypted on the fly
in RAM (memory). Similarly, files that are being written or copied to
the VeraCrypt volume are automatically encrypted on the fly in RAM
(right before they are written to the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in RAM (memory). Even when the volume is
mounted, data stored in the volume is still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files stored on it will be inaccessible (and
encrypted). Even when power supply is suddenly interrupted (without
proper system shut down), all files stored on the volume will be
inaccessible (and encrypted). To make them accessible again, you have
to mount the volume. To do so, repeat Steps 13-18.
If you want to close the volume and make files stored on it
inaccessible, either restart your operating system or dismount the
volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main
VeraCrypt window (marked with a red rectangle in the screenshot above)
and then click Dismount (also marked with a red rectangle in the
screenshot above). To make files stored on the volume accessible
again, you will have to mount the volume. To do so, repeat Steps
13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On
Behalf Of Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such
that each folder can only be opened with its own unique password? Can
subfolders also be encrypted such that both a parent folder and a
subfolder can have different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado









Jeremy <icu8it2@...>
 

A bit late to these responses, but would you mind also shooting me any extra information privately you've got on other tools and such that are accessible that you share with

Olusegun? I'm somewhat familiar with using Veracrypt, as I mentioned before, but I've not really kept up on any other tools that might be around and that are accessible, etc. Also, what are your thoughts on creating the encrypted volume directly on the flash drive, compared to creating it elsewhere and then moving the volume to the drive afterwards. I don't know enough about how the creation process actually works to be certain, but I do know that I had issues with one flash drive I used for this, when I was creating the volume directly onto the drive and always wondered if it might be doing to many writes to the flash storage, maybe. Since then, I've always created the volume, normally pretty small volume containers for storing my important information, so text and such, outside the flash drive I want to store it on and then move it there after it's created.

Take care.

On 12/2/2017 9:21 AM, Aman Singer wrote:
Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat a
government-level attacker. If you're trying to do that, that is, if one of
the more despotic or forceful governments of the world is going to be
interested in these USB drives or the machines they're on, there are other
solutions which, though they may not work, will stand up to attack for a
good deal longer than the below. If that is the case, we should really take
this off list, as it has nothing to do with accessibility. The blind and
sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from the
veracrypt documentation, below my name. This is an accessible process with
Jaws and NVDA except for the mouse movement for randomness. You can either
do this if you have a mouse or touch pad or have a sighted person do it. You
can also, depending on the abilities of any potential attacker, leave it.
From here, you have two options. First, you can create a new file container
for each of the subfolders and put that encrypted file container inside the
original container. To open the subfolder, you will have first to decrypt
the main container and then to decrypt the subfolder with a different
password. The user without the second password, that for the subfolder, will
know that the subfolder exists but will not know what is inside it. Note
that it is possible for the user of the main folder not to know even that
the subfolder exists, but this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take into
consideration (is the application trustworthy, is it open source, is the
encryption implementation unbroken, etc). This is easier. Again, though, the
user of the main folder will know that the subfolder exists but will not be
able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container
This chapter contains step-by-step instructions on how to create, mount, and
use a VeraCrypt
volume. We strongly recommend that you also read the other sections of this
manual, as they
contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking
the file VeraCrypt.exe or by clicking the VeraCrypt shortcut in your Windows
Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked with a
red rectangle for
clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to be
created. A VeraCrypt
volume can reside in a file, which is also called container, in a partition
or drive. In this tutorial, we
will choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the right-hand
part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this
tutorial, we will choose the former option and create a standard VeraCrypt
volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume (file
container) to be
created. Note that a VeraCrypt container is just like any normal file. It
can be, for example, moved
or deleted as any normal file. It also needs a filename, which you will
choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of the
VeraCrypt Volume
Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder F:\Data\
and the filename of the
volume (container) will be My Volume (as can be seen in the screenshot
above). You may, of
course, choose any other filename and location you like (for example, on a
USB memory stick).
Note that the file My Volume does not exist yet - VeraCrypt will create it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files (when
creating a
VeraCrypt file container). If you select an existing file in this step, it
will be overwritten and
replaced by the newly created volume (so the overwritten file will be lost,
not encrypted).
You will be able to encrypt existing files (later on) by moving them to the
VeraCrypt volume
that we are creating now. *
Select the desired path (where you wish the container to be created) in the
file selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume Creation
Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt volume,
you should securely erase (wipe) the original
unencrypted files. There are software tools that can be used for the purpose
of secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for the
volume. If you are not
sure what to select here, you can use the default settings and click Next
(for more information,
see chapters Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be 250
megabyte. You may, of
course, specify a different size. After you type the desired size in the
input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a good
volume password.
Read carefully the information displayed in the Wizard window about what is
considered a good
password.
After you choose a good password, type it in the first input field. Then
re-type it in the input field
below the first one and click Next.
Note: The button Next will be disabled until passwords in both input fields
are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation Wizard
window at least
until the randomness indicator becomes green. The longer you move the mouse,
the better (moving
the mouse for at least 30 seconds is recommended). This significantly
increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called My
Volume in the folder
F:\Data\ (as we specified in Step 6). This file will be a VeraCrypt
container (it will contain the
encrypted VeraCrypt volume). Depending on the size of the volume, the volume
creation may
take a long time. After it finishes, the following dialog box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We will
return to the main
VeraCrypt window (which should still be open, but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle). This will
be the drive letter to which
the VeraCrypt container will be mounted.
Note: In this tutorial, we chose the drive letter M, but you may of course
choose any other
available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created in
Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password
prompt dialog window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password input
field (marked with a
red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just leave
it set to
"autodetection" but the mounting process will take more time. Click OK after
entering the
password.
VeraCrypt will now attempt to mount the volume. If the password is incorrect
(for example, if you
typed it incorrectly), VeraCrypt will notify you and you will need to repeat
the previous step (type
the password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names, allocation
tables, free space, etc.) and
behaves like a real disk. You can save (or copy, move, etc.) files to this
virtual disk and they will be
encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be
automatically decrypted to RAM (memory) on the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume (or
when you write/copy
a file to/from the VeraCrypt volume) you will not be asked to enter the
password again. You need
to enter the correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the list as
shown in the
screenshot above (blue selection) and then double-clicking on the selected
item.
You can also browse to the mounted volume the way you normally browse to any
other types of
volumes. For example, by opening the 'Computer' (or 'My Computer') list and
double clicking the
corresponding drive letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just as you
would copy them to
any normal disk (for example, by simple drag-and-drop operations). Files
that are being read or
copied from the encrypted VeraCrypt volume are automatically decrypted on
the fly in RAM
(memory). Similarly, files that are being written or copied to the VeraCrypt
volume are
automatically encrypted on the fly in RAM (right before they are written to
the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in
RAM (memory). Even when the volume is mounted, data stored in the volume is
still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files
stored on it will be inaccessible (and encrypted). Even when power supply is
suddenly interrupted
(without proper system shut down), all files stored on the volume will be
inaccessible (and
encrypted). To make them accessible again, you have to mount the volume. To
do so, repeat
Steps 13-18.
If you want to close the volume and make files stored on it inaccessible,
either restart your
operating system or dismount the volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main VeraCrypt
window (marked with a
red rectangle in the screenshot above) and then click Dismount (also marked
with a red rectangle
in the screenshot above). To make files stored on the volume accessible
again, you will have to
mount the volume. To do so, repeat Steps 13-18.


From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of
Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such that
each folder can only be opened with its own unique password? Can subfolders
also be encrypted such that both a parent folder and a subfolder can have
different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado








Olusegun -- Victory Associates LTD, Inc.
 

Chief Aman, I've been slower than a snail lately, <smile!> But I'll be in
touch privately, just need to wake up real quick from a non dreamy sleep!

That aside, thanks a ton for help with my VeraCrypt project and we'll talk
about it all some more privately.

Sincerely,
Olusegun
Denver, Colorado


Aman Singer
 

Hi Olusegun,

The answer to both your questions is yes. Before I go into how, I
should say that the following doesn't apply if you're trying to defeat a
government-level attacker. If you're trying to do that, that is, if one of
the more despotic or forceful governments of the world is going to be
interested in these USB drives or the machines they're on, there are other
solutions which, though they may not work, will stand up to attack for a
good deal longer than the below. If that is the case, we should really take
this off list, as it has nothing to do with accessibility. The blind and
sighted are in the same boat.
Having said that, you can create an encrypted file container with
veracrypt for each main folder. I have pasted the instructions, from the
veracrypt documentation, below my name. This is an accessible process with
Jaws and NVDA except for the mouse movement for randomness. You can either
do this if you have a mouse or touch pad or have a sighted person do it. You
can also, depending on the abilities of any potential attacker, leave it.
From here, you have two options. First, you can create a new file container
for each of the subfolders and put that encrypted file container inside the
original container. To open the subfolder, you will have first to decrypt
the main container and then to decrypt the subfolder with a different
password. The user without the second password, that for the subfolder, will
know that the subfolder exists but will not know what is inside it. Note
that it is possible for the user of the main folder not to know even that
the subfolder exists, but this takes more work.
Alternatively, you can put, inside the main container, a subfolder
encrypted by another encryption application You can use any application
you like with the obvious caveats any user of encryption has to take into
consideration (is the application trustworthy, is it open source, is the
encryption implementation unbroken, etc). This is easier. Again, though, the
user of the main folder will know that the subfolder exists but will not be
able to access the contents.
I hope that's of use.
Aman

How to Create and Use a VeraCrypt Container
This chapter contains step-by-step instructions on how to create, mount, and
use a VeraCrypt
volume. We strongly recommend that you also read the other sections of this
manual, as they
contain important information.
STEP 1:
If you have not done so, download and install VeraCrypt. Then launch
VeraCrypt by doubleclicking
the file VeraCrypt.exe or by clicking the VeraCrypt shortcut in your Windows
Start menu.
STEP 2:
The main VeraCrypt window should appear. Click Create Volume (marked with a
red rectangle for
clarity).
STEP 3:
The VeraCrypt Volume Creation Wizard window should appear.
In this step you need to choose where you wish the VeraCrypt volume to be
created. A VeraCrypt
volume can reside in a file, which is also called container, in a partition
or drive. In this tutorial, we
will choose the first option and create a VeraCrypt volume within a file.
As the option is selected by default, you can just click Next.
Note: In the following steps, the screenshots will show only the right-hand
part of the Wizard window.
STEP 4:
In this step you need to choose whether to create a standard or hidden
VeraCrypt volume. In this
tutorial, we will choose the former option and create a standard VeraCrypt
volume.
As the option is selected by default, you can just click Next.
STEP 5:
In this step you have to specify where you wish the VeraCrypt volume (file
container) to be
created. Note that a VeraCrypt container is just like any normal file. It
can be, for example, moved
or deleted as any normal file. It also needs a filename, which you will
choose in the next step.
Click Select File.
The standard Windows file selector should appear (while the window of the
VeraCrypt Volume
Creation Wizard remains open in the background).
STEP 6:
In this tutorial, we will create our VeraCrypt volume in the folder F:\Data\
and the filename of the
volume (container) will be My Volume (as can be seen in the screenshot
above). You may, of
course, choose any other filename and location you like (for example, on a
USB memory stick).
Note that the file My Volume does not exist yet - VeraCrypt will create it.
IMPORTANT: Note that VeraCrypt will not encrypt any existing files (when
creating a
VeraCrypt file container). If you select an existing file in this step, it
will be overwritten and
replaced by the newly created volume (so the overwritten file will be lost,
not encrypted).
You will be able to encrypt existing files (later on) by moving them to the
VeraCrypt volume
that we are creating now. *
Select the desired path (where you wish the container to be created) in the
file selector.
Type the desired container filename in the File name box.
Click Save.
The file selector window should disappear.
In the following steps, we will return to the VeraCrypt Volume Creation
Wizard.
* Note that after you copy existing unencrypted files to a VeraCrypt volume,
you should securely erase (wipe) the original
unencrypted files. There are software tools that can be used for the purpose
of secure erasure (many of them are free).
STEP 7:
In the Volume Creation Wizard window, click Next.
STEP 8:
Here you can choose an encryption algorithm and a hash algorithm for the
volume. If you are not
sure what to select here, you can use the default settings and click Next
(for more information,
see chapters Encryption Algorithms and Hash Algorithms).
STEP 9:
Here we specify that we wish the size of our VeraCrypt container to be 250
megabyte. You may, of
course, specify a different size. After you type the desired size in the
input field (marked with a red
rectangle), click Next.
STEP 10:
This is one of the most important steps. Here you have to choose a good
volume password.
Read carefully the information displayed in the Wizard window about what is
considered a good
password.
After you choose a good password, type it in the first input field. Then
re-type it in the input field
below the first one and click Next.
Note: The button Next will be disabled until passwords in both input fields
are the same.
STEP 11:
Move your mouse as randomly as possible within the Volume Creation Wizard
window at least
until the randomness indicator becomes green. The longer you move the mouse,
the better (moving
the mouse for at least 30 seconds is recommended). This significantly
increases the
cryptographic strength of the encryption keys (which increases security).
Click Format.
Volume creation should begin. VeraCrypt will now create a file called My
Volume in the folder
F:\Data\ (as we specified in Step 6). This file will be a VeraCrypt
container (it will contain the
encrypted VeraCrypt volume). Depending on the size of the volume, the volume
creation may
take a long time. After it finishes, the following dialog box will appear:
Click OK to close the dialog box.
STEP 12:
We have just successfully created a VeraCrypt volume (file container).
In the VeraCrypt Volume Creation Wizard window, click Exit.
The Wizard window should disappear.
In the remaining steps, we will mount the volume we just created. We will
return to the main
VeraCrypt window (which should still be open, but if it is not, repeat Step
1 to launch VeraCrypt
and then continue from Step 13.)
STEP 13:
Select a drive letter from the list (marked with a red rectangle). This will
be the drive letter to which
the VeraCrypt container will be mounted.
Note: In this tutorial, we chose the drive letter M, but you may of course
choose any other
available drive letter.
STEP 14:
Click Select File.
The standard file selector window should appear.
STEP 15:
In the file selector, browse to the container file (which we created in
Steps 6-11) and select it.
Click Open (in the file selector window).
The file selector window should disappear.
In the following steps, we will return to the main VeraCrypt window.
STEP 16:
In the main VeraCrypt window, click Mount. Password
prompt dialog window should appear.
STEP 17:
Type the password (which you specified in Step 10) in the password input
field (marked with a
red rectangle).
STEP 18:
Select the PRF algorithm that was used during the creation of the volume
(SHA-512 is the default
PRF used by VeraCrypt). If you don't remember which PRF was used, just leave
it set to
"autodetection" but the mounting process will take more time. Click OK after
entering the
password.
VeraCrypt will now attempt to mount the volume. If the password is incorrect
(for example, if you
typed it incorrectly), VeraCrypt will notify you and you will need to repeat
the previous step (type
the password again and click OK). If the password is correct, the volume
will be mounted.
FINAL STEP:
We have just successfully mounted the container as a virtual disk M:
The virtual disk is entirely encrypted (including file names, allocation
tables, free space, etc.) and
behaves like a real disk. You can save (or copy, move, etc.) files to this
virtual disk and they will be
encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media
player, the file will be
automatically decrypted to RAM (memory) on the fly while it is being read.
Important: Note that when you open a file stored on a VeraCrypt volume (or
when you write/copy
a file to/from the VeraCrypt volume) you will not be asked to enter the
password again. You need
to enter the correct password only when mounting the volume.
You can open the mounted volume, for example, by selecting it on the list as
shown in the
screenshot above (blue selection) and then double-clicking on the selected
item.
You can also browse to the mounted volume the way you normally browse to any
other types of
volumes. For example, by opening the 'Computer' (or 'My Computer') list and
double clicking the
corresponding drive letter (in this case, it is the letter M).
You can copy files (or folders) to and from the VeraCrypt volume just as you
would copy them to
any normal disk (for example, by simple drag-and-drop operations). Files
that are being read or
copied from the encrypted VeraCrypt volume are automatically decrypted on
the fly in RAM
(memory). Similarly, files that are being written or copied to the VeraCrypt
volume are
automatically encrypted on the fly in RAM (right before they are written to
the disk).
Note that VeraCrypt never saves any decrypted data to a disk - it only
stores them temporarily in
RAM (memory). Even when the volume is mounted, data stored in the volume is
still encrypted.
When you restart Windows or turn off your computer, the volume will be
dismounted and all files
stored on it will be inaccessible (and encrypted). Even when power supply is
suddenly interrupted
(without proper system shut down), all files stored on the volume will be
inaccessible (and
encrypted). To make them accessible again, you have to mount the volume. To
do so, repeat
Steps 13-18.
If you want to close the volume and make files stored on it inaccessible,
either restart your
operating system or dismount the volume. To do so, follow these steps:
Select the volume from the list of mounted volumes in the main VeraCrypt
window (marked with a
red rectangle in the screenshot above) and then click Dismount (also marked
with a red rectangle
in the screenshot above). To make files stored on the volume accessible
again, you will have to
mount the volume. To do so, repeat Steps 13-18.



From: main@TechTalk.groups.io [mailto:main@TechTalk.groups.io] On Behalf Of
Olusegun -- Victory Associates LTD, Inc.
Sent: Thursday, November 30, 2017 5:12 PM
To: main@TechTalk.groups.io
Subject: [TechTalk] VERACRYPT?

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such that
each folder can only be opened with its own unique password? Can subfolders
also be encrypted such that both a parent folder and a subfolder can have
different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado


Jeremy <icu8it2@...>
 

I'm certainly no expert in using Veracrypt to its full potential, but I think there's a way to have what's considered to be a encrypted volume with a sorta hidden extra volume inside the first one, which has its own separate password for unlocking it. I might also be misunderstanding how exactly it works though, as I've never actually messed with it. I do know though that you can create separate files, each being what ever size you want and use each file as its own encrypted container, which sounds like it might work for what you're wanting. You could then store these separate containers in a folder.
Take care.

On 11/30/2017 4:11 PM, Olusegun -- Victory Associates LTD, Inc. wrote:
Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such that
each folder can only be opened with its own unique password? Can subfolders
also be encrypted such that both a parent folder and a subfolder can have
different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado




Olusegun -- Victory Associates LTD, Inc.
 

Hello All:

I need some helpful advice! I have a batch of folders on a USB flash drive.


Question: Is it possible to use VeraCrypt to encrypt each folder such that
each folder can only be opened with its own unique password? Can subfolders
also be encrypted such that both a parent folder and a subfolder can have
different passwords?

If not, I'd appreciate suggestions on how to accomplish this task.

The need to encrypt each folder on the USB flash drive is an essential
documentation requirement in my line of business. Looking forward to
reading your thoughts!!

Sincerely,
Olusegun
Denver, Colorado