VeraCrypt

From Hidden Wiki
Jump to navigation Jump to search
Unix Assembly language Mathematics Web development I2P
GhostBSD Assembly Programming Tutorial Statistics Django for Beginners MuWire
GUI Artificial intelligence Artificial neural network Machine learning Messenger
Tkinter Artificial intelligence Artificial neural network Machine Learning Mastery with Python Session

VeraCrypt is an open-source utility used for on-the-fly encryption (OTFE).[1] It can create a virtual encrypted disk within a file or encrypt a partition[2] or (in Windows) the entire storage device with pre-boot authentication.[3]

VeraCrypt is a fork of the discontinued TrueCrypt project.[4] It was initially released on 22 June 2013 and has produced its latest release (version 1.22) on 30 March 2018.[5] Many security improvements have been implemented and issues raised by TrueCrypt code audits have been fixed (see below). VeraCrypt features optimized implementations of cryptographic hash functions and ciphers which boost performance on modern CPUs (see Performance).


Installation and use

Linux

Download veracrypt-1.22-setup.tar.bz2 from https://www.veracrypt.fr/en/Downloads.html and extract the file.


In terminal, type 

cd veracrypt-1.22-setup/
./veracrypt-1.22-setup-gui-x64

then the installaion is finished.


If you want to start it, type 

veracrypt

in terminal.


Trouble shooting on Ubuntu 19.04

You can see an error message if you use Ubuntu Linux 19.04. It's easy to solve the problem. Just type the beneath command in your terminal.


  • veracrypt: error while loading shared libraries: libgtk-x11-2.0.so.0

2018-10-28

veracrypt: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory 

sudo apt install libgtk2.0-0

https://askubuntu.com/questions/1087912/veracrypt-error-while-loading-shared-libraries-libgtk-x11-2-0-so-0

External HDD

2.5 inch external HDD can work with only USB power. But 3.5 inch external H.D.D. needs to connect to a power outlet. So you'd better use 2.5″ external HDD.


  • Portable Hard Disk Drive SATA 7+15 Pin 22 to USB 2.0 Adapter Cable for 2.5inch HDD External Convert

https://www.amazon.com/Portable-Adapter-2-5inch-External-Convert/dp/B07B476KNC/

  • BENFEI USB 3.0 to SATA, USB 3.0 to 2.5” SATA III Hard Drive Adapter Cable w/UASP Compatible for 2.5 inch HDD and SSD

https://www.amazon.com/BENFEI-Drive-Adapter-Cable-Compatible/dp/B07F7WDZGT/

  • StarTech.com USB 3.0 to 2.5” SATA III Hard Drive Adapter Cable w/ UASP – SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable

https://www.amazon.com/StarTech-com-SATA-Drive-Adapter-Cable/dp/B00HJZJI84/


How to mount an external H.D.D. on Linux?

For more detail, see Ubuntu.


Plausible deniability

https://www.veracrypt.fr/en/Plausible%20Deniability.html


As with its predecessor TrueCrypt, VeraCrypt supports plausible deniability[6] by allowing a single "hidden volume" to be created within another volume.[7] In addition, the Windows versions of VeraCrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied.[8]


The VeraCrypt documentation lists many ways in which VeraCrypt's hidden volume deniability features may be compromised (e.g. by third-party software which may leak information through temporary files, thumbnails, etc., to unencrypted disks) and possible ways to avoid this.[9]


Hidden Volume

https://www.veracrypt.fr/en/Hidden%20Volume.html

Protection of Hidden Volumes

Mount -> Options -> Hidden Volume Protection -> Protect hidden volume when mounting outer volume


https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html

Hidden Operating System

https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html

Security Requirements and Precautions

Unencrypted Data in RAM

Settings -> Preferences -> Security -> Password Cache -> Wipe after VeraCrypt window has been closed


Unencrypted Data in RAM


It is important to note that VeraCrypt is disk encryption software, which encrypts only disks, not RAM (memory).


Keep in mind that most programs do not clear the memory area (buffers) in which they store unencrypted (portions of) files they load from a VeraCrypt volume. This means that after you exit such a program, unencrypted data it worked with may remain in memory (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off[10]). Also note that if you open a file stored on a VeraCrypt volume, for example, in a text editor and then force dismount on the VeraCrypt volume, then the file will remain unencrypted in the area of memory (RAM) used by (allocated to) the text editor. This also applies to forced auto-dismount.


Inherently, unencrypted master keys have to be stored in RAM too. When a non-system VeraCrypt volume is dismounted, VeraCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted (or cleanly shut down), all non-system VeraCrypt volumes are automatically dismounted and, thus, all master keys stored in RAM are erased by the VeraCrypt driver (except master keys for system partitions/drives — see below). However, when power supply is abruptly interrupted, when the computer is reset (not cleanly restarted), or when the system crashes, VeraCrypt naturally stops running and therefore cannot erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.[11]


Starting from version 1.24, VeraCrypt introduces a mechanism to encrypt master keys and cached passwords in RAM. This RAM encryption mechanism must be activated manually in "Performance/Driver Configuration" dialog. RAM encryption comes with a performance overhead (between 5% and 15% depending on the CPU speed) and it disables Windows hibernate. Moreover, VeraCrypt 1.24 and above provide an additional security mechanism when system encryption is used that makes VeraCrypt erase master keys from RAM when a new device is connected to the PC. This additional mechanism can be activated using an option in System Settings dialog. Even though both above mechanisms provides strong protection for masterskeys and cached password, users should still take usual precautions related for the safery of sensitive data in RAM.


To summarize, VeraCrypt cannot and does not ensure that RAM contains no sensitive data (e.g. passwords, master keys, or decrypted data). Therefore, after each session in which you work with a VeraCrypt volume or in which an encrypted operating system is running, you must shut down (or, if the hibernation file is encrypted, hibernate) the computer and then leave it powered off for at least several minutes (the longer, the better) before turning it on again. This is required to clear the RAM (also see the section Hibernation File).


https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html

Trim Operation

Trim Operation


Some storage devices (e.g., some solid-state drives, including USB flash drives) use so-called 'trim' operation to mark drive sectors as free e.g. when a file is deleted. Consequently, such sectors may contain unencrypted zeroes or other undefined data (unencrypted) even if they are located within a part of the drive that is encrypted by VeraCrypt. VeraCrypt does not block the trim operation on partitions that are within the key scope of system encryption (unless a hidden operating system is running) and under Linux on all volumes that use the Linux native kernel cryptographic services. In those cases, the adversary will be able to tell which sectors contain free space (and may be able to use this information for further analysis and attacks) and plausible deniability may be negatively affected. If you want to avoid those issues, do not use system encryption on drives that use the trim operation and, under Linux, either configure VeraCrypt not to use the Linux native kernel cryptographic services or make sure VeraCrypt volumes are not located on drives that use the trim operation.


To find out whether a device uses the trim operation, please refer to documentation supplied with the device or contact the vendor/manufacturer.


https://www.veracrypt.fr/en/Trim%20Operation.html

Wear-Leveling

Wear-Leveling


Some storage devices (e.g., some solid-state drives, including USB flash drives) and some file systems utilize so-called wear-leveling mechanisms to extend the lifetime of the storage device or medium. These mechanisms ensure that even if an application repeatedly writes data to the same logical sector, the data is distributed evenly across the medium (logical sectors are remapped to different physical sectors). Therefore, multiple "versions" of a single sector may be available to an attacker. This may have various security implications. For instance, when you change a volume password/keyfile(s), the volume header is, under normal conditions, overwritten with a re-encrypted version of the header. However, when the volume resides on a device that utilizes a wear-leveling mechanism, VeraCrypt cannot ensure that the older header is really overwritten. If an adversary found the old volume header (which was to be overwritten) on the device, he could use it to mount the volume using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). Due to security reasons, we recommend that VeraCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that VeraCrypt is not used to encrypt any portions of such devices or filesystems).


If you decide not to follow this recommendation and you intend to use in-place encryption on a drive that utilizes wear-leveling mechanisms, make sure the partition/drive does not contain any sensitive data before you fully encrypt it (VeraCrypt cannot reliably perform secure in-place encryption of existing data on such a drive; however, after the partition/drive has been fully encrypted, any new data that will be saved to it will be reliably encrypted on the fly). That includes the following precautions: Before you run VeraCrypt to set up pre-boot authentication, disable the paging files and restart the operating system (you can enable the paging files after the system partition/drive has been fully encrypted). Hibernation must be prevented during the period between the moment when you start VeraCrypt to set up pre-boot authentication and the moment when the system partition/drive has been fully encrypted. However, note that even if you follow those steps, it is not guaranteed that you will prevent data leaks and that sensitive data on the device will be securely encrypted. For more information, see the sections Data Leaks, Paging File, Hibernation File, and Memory Dump Files.


If you need plausible deniability, you must not use VeraCrypt to encrypt any part of (or create encrypted containers on) a device (or file system) that utilizes a wear-leveling mechanism.


To find out whether a device utilizes a wear-leveling mechanism, please refer to documentation supplied with the device or contact the vendor/manufacturer.


https://www.veracrypt.fr/en/Wear-Leveling.html

Encryption scheme

Algorithms

Individual ciphers supported by VeraCrypt are AES, Serpent, Twofish, Camellia, and Kuznyechik. The Magma cipher was removed in version 1.19 in response to a security audit.[12] Additionally, ten different combinations of cascaded algorithms are available: AES–Twofish, AES–Twofish–Serpent, Camellia–Kuznyechik, Camellia–Serpent, Kuznyechik–AES, Kuznyechik–Serpent–Camellia, Kuznyechik–Twofish, Serpent–AES, Serpent–Twofish–AES, and Twofish–Serpent.[13] The cryptographic hash functions available for use in VeraCrypt are RIPEMD-160, SHA-256, SHA-512, Streebog and Whirlpool.[14]

Modes of operation

VeraCrypt uses the XTS mode of operation.[15]

Keys

The header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-bit salt and 327,661 to 655,331 iterations, depending on the underlying hash function used.[16]

Security improvements

Template:See also

  • The VeraCrypt development team considered the TrueCrypt storage format too vulnerable to a National Security Agency (NSA) attack, so it created a new format incompatible with that of TrueCrypt. This is one of the main differences between VeraCrypt and its competitor CipherShed, which continues to use the TrueCrypt format. VeraCrypt is still capable of opening and converting volumes in the TrueCrypt format.[17][18]
  • An independent security audit of TrueCrypt released 29 September 2015 found TrueCrypt includes two vulnerabilities in the Windows installation driver allowing an attacker arbitrary code execution and privilege escalation via DLL hijacking.[19] This was fixed in VeraCrypt in January 2016.[20]
  • While TrueCrypt uses 1000 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, VeraCrypt uses 327,661 iterations. For standard containers and other partitions, VeraCrypt uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slower at opening encrypted partitions, it also makes password guessing attacks slower.[21]
  • Additionally, since version 1.12 a new feature called "Personal Iterations Multiplier" (PIM) provides a parameter whose value is used to control the number of iterations used by the header key derivation function, thereby making brute-force attacks potentially even more difficult. Veracrypt out of the box uses a reasonable PIM value to improve security,[22] but users can provide higher value to enhance security. The primary downside of this feature is that it makes the process of opening encrypted archives even slower.[23][24][25][22]
  • A vulnerability in the bootloader was fixed on Windows and various optimizations were made as well. The developers added support for SHA-256 to the system boot encryption option and also fixed a ShellExecute security issue. Linux and macOS users benefit from support for hard drives with sector sizes larger than 512. Linux also received support for the NTFS formatting of volumes.
  • VeraCrypt added the capability to encrypt GPT system partitions and boot them using UEFI in version 1.18a.[17]
  • Option to enable/disable support for TRIM command for both system and non-system drives is added in version 1.22.[17]

VeraCrypt audit

An audit of VeraCrypt 1.18 was conducted by QuarksLab on behalf of the Open Source Technology Improvement Fund, taking 32 man-days and published on 17 October 2016.[26][27] The major vulnerabilities identified in this audit were resolved in VeraCrypt 1.19, released the same day.[28][29]

Security precautions

There are several kinds of attacks that all software-based disk encryption is vulnerable to. As with TrueCrypt, the VeraCrypt documentation instructs users to follow various security precautions to mitigate these attacks,[9][30] several of which are detailed below.

Encryption keys stored in memory

VeraCrypt stores its keys in RAM; on an ordinary personal computer DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.[31]

Physical security

VeraCrypt documentation states that VeraCrypt is unable to secure data on a computer if an attacker physically accessed it and VeraCrypt is then used on the compromised computer by the user again. This does not affect the common case of a stolen, lost, or confiscated computer.[32] The attacker having physical access to a computer can, for example, install a hardware or a software keylogger, a bus-mastering device capturing memory or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords) or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called "evil maid attacks".[33]

Malware

Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when they gain physical access to the computer.[34]

Trusted Platform Module

The FAQ section of the VeraCrypt website[35] states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the attacker has physical or administrative access to the computer and you use it afterwards, the computer could have been modified by the attacker e.g. a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, VeraCrypt will not support TPM.


See also


References

  1. "VeraCrypt Official Site"
  2. Template:Cite web
  3. Template:Cite web
  4. Template:Cite web
  5. "VeraCrypt Downloads"
  6. Template:Cite web
  7. Template:Cite web
  8. Template:Cite web
  9. 9.0 9.1 Template:Cite web
  10. Allegedly, for 1.5-35 seconds under normal operating temperatures (26-44 °C) and up to several hours when the memory modules are cooled (when the computer is running) to very low temperatures (e.g. -50 °C). New types of memory modules allegedly exhibit a much shorter decay time (e.g. 1.5-2.5 seconds) than older types (as of 2008).
  11. Before a key can be erased from RAM, the corresponding VeraCrypt volume must be dismounted. For non-system volumes, this does not cause any problems. However, as Microsoft currently does not provide any appropriate API for handling the final phase of the system shutdown process, paging files located on encrypted system volumes that are dismounted during the system shutdown process may still contain valid swapped-out memory pages (including portions of Windows system files). This could cause 'blue screen' errors. Therefore, to prevent 'blue screen' errors, VeraCrypt does not dismount encrypted system volumes and consequently cannot clear the master keys of the system volumes when the system is shut down or restarted.
  12. https://www.theregister.co.uk/2016/10/18/veracrypt_audit/
  13. Template:Cite web
  14. Template:Cite web
  15. Template:Cite web
  16. Template:Cite web
  17. 17.0 17.1 17.2 "VeraCrypt Release Notes"
  18. Castle, Alex (March, 2015). "Where Are We At With TrueCrypt?". MaximumPC, p. 59.
  19. http://www.pcworld.com/article/2987439/encryption/newly-found-truecrypt-flaw-allows-full-system-compromise.html
  20. CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
  21. Template:Cite web
  22. 22.0 22.1 Template:Cite web
  23. Template:Cite web
  24. Template:Cite web
  25. Template:Cite web
  26. Template:Cite web
  27. Template:Cite web
  28. Template:Cite web
  29. Template:Cite web
  30. Template:Cite web
  31. Template:Cite web
  32. Template:Cite web
  33. Template:Cite web
  34. Template:Cite web
  35. Template:Cite web

External links

Retrieved from "http://hiddenwep33eg4w225lcdwcez4iefacwpiia6cwg7pfmcz4hvijzbgid.onion/index.php?title=VeraCrypt&oldid=29205"