Veracrypt-Container on NAS

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

Veracrypt-Container on NAS

Forum: General Discussion

Creator: Anonymous

Created: 2014-12-09

Updated: 2014-12-10

Anonymous - 2014-12-09

I plan to build up a NAS. On this there will be sensible data, so that I'm going to encrypt them with Veracrypt. This Container will be more than 100GB.
The only problem is, that the connection to the NAS is not safe.

So my question is,when will be the container decoded? Before or after the transfer?

Will I allways have to download the whole container to my PC, or is Veraycrypt able to download just a part of this container?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mounir IDRASSI - 2014-12-10

You are on the case number 2 described in the documentation: https://veracrypt.codeplex.com/wikipage?title=Sharing%20over%20Network

Basically, the container is mounted locally in your PC and so the data is only decrypted locally and it is always sent encrypted over the network.

VeraCrypt doesn't implement any network protocol, so the file must be seen as a regular one. Usually, you would use NFS or Samba for sharing the file and this is what is needed by VeraCrypt.

As described in the documentation, if different users are accessing the same container file, there can be a data corruption if they write data to it. So, either make it read-only or have only a unique user accessing the container at a time.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2014-12-10

Additionally I can say that my experience currently is (Synology/SAMBA), that if you lose the connection, Verycrypt was not able to continue to use the mounted volume even if the connections comes back quickly. I always had to dismount and mount again. I have to try this with a Windows-Share again.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mounir IDRASSI - 2014-12-10

If the connection to the NAS is lost, the handles opened on the remote file become invalid and thus we can't continue using it. Even if the connection comes back "quickly", we can't reconnect manually as everything is mapped using the old file handles.

Moreover, if data were being written to the VeraCrypt volume when the connection was lost, there is a risk of data corruption because there is no guarantee that the data written by VeraCrypt arrived to the server before the connection was cut.

There are so many risks when sharing encrypted container over the network in Read/Write mode. If you really need to write data to the container, download it first, modify it and then upload it again.

By the way, these risks are not proper to VeraCrypt. They affect all programs who need to handle files over the network in Read/Write mode.

Last edit: Mounir IDRASSI 2014-12-10

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2014-12-10

OK. Thanks a lot :-)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.