Read-Only Containers for Cloud Backups
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Veracrypt would benefit from Read-Only encrypted containers for the purposes of backing up to the cloud.
Currently, if you backup a container to the cloud and unknowingly (from malware or overzealous programs that open certain files, changing the 'date modified' or other attributes) or accidentally change the contents of the container, an adversary could figure out the key by looking at the changed bits and then decrypt your whole container. This was a known vulnerability with Truecrypt.
So why not then be able to create Read-Only encrypted containers and back those up to the cloud? Integrating this with the file manager application would make it even better. E.g. Right click the folders you want to backup, click a relevant setting and begin the Veracrypt process in a window to create the container. Or you can do this process once in VC and then create backups with just one click? This would negate the need to randomly move your cursor in a window and enter a long password everytime. Though the question becomes if that potentially sensitive local data can be saved securely. If not, you can have a window popping up alerting the user of this security risk and they can go ahead with it anyways if they're not concerned with that data being saved locally; e.g. if the backup is to be saved in the cloud, the user might not care if the password and random cursor movements are saved locally. Especially if that sensitive data will be saved on an encrypted-Host/OS drive.
This would also make VC a decent program for making backups as well on local or network drives. When I make folder backups, it can sometimes get confusing remembering when backups were made since I have to remember to date folders in a standard format - having to then encrypt them to secure them from prying eyes and malware. This new feature would massively simplify the process. Currently, remembering to open the containers as read-only is too risky if the contents are sensitive.
Thoughts?
Alir--you seem to be very knowledgeable about Veracrypt. I have just started using it and have a couple of questions. First, how does anyone know the files in the volume are actually encrypted? Is there anyway these files can be opened in an encrypted format (either in or outside of) Veracrypt? Also, I back up my files to the cloud (iDrive). I backed up an encrypted file from my volume to iDrive, opened it online, and it is unencrypted. I would like these sensitive files to be encrypted on iDrive. How can I do this? Thank you for any help!
keep your container in Documents folder, it will copy to iCloud encrypted file
It is possible to improve VeraCrypt for clouds backup. It might require integration with cloud client software. No contacts/resources.