Veracrypt data corruption
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I currently use Truecrypt and was thinking of switching over to Veracrypt.
However I was concerned about chances of encrypted containers getting corrupted. I have use Truecrypt for over 5 years and never had issues with data corruption. I would appreciate any anecdotal advice on this.
Thanks
VeraCrypt has been around for more than a year and half, and it is used by thousands of people with no report of data corruption.
Moreover, VeraCrypt is based on TrueCrypt and it uses its data handling engine so you should to expect the same stability as for TrueCrypt.
Actually the big risk for data corruption doesn't come from VeraCrypt or TrueCrypt but rather from disk failure and hardware errors: encryption can not protect from errors and it doesn't detect them.
At how many places on the disk does TC/VC store the header to get protection against corrupt parts of the drive?
What would happen if some parts of the drive get corrupted, can the volume still be mounted if you have an undamaged header?
TC/VC store the volume header at two place: at the start and at the end of volume. The one at the start is the main one and the one at the end is for backup.
This mechanism is usually sufficient to enable access when a part of the drive is damaged or corrupted because the damage is often local. if the damage occur to both the start and the end of the drive, then the drive is almost certainly dead.
Please note that in case of a damaged or corrupted drive, you'll have the same data loss as when you don't use encryption. This means that even if you are able to mount the volume, there data read may be corrupted.
So, always think about data backup because encryption doesn't protect from data corruption.
1) Truecrypt has a feature which allows for the header to be manually backed up and applied in case both the headers in a container are encrypted
2) If there is data corruption in TC, it doesn't affect all files but the specific sector.
Does veracrypt have these features as well and any other features to prevent data corruption?
Thanks
VeraCrypt inherited the same features from TrueCrypt and thus the answer is yes for both questions.
The other data corruption prevention is the presence of a backup header at the end of the volume in order to be able to mount a volume if its header has been damaged. This is also inherited from TrueCrypt and it is present in VeraCrypt.
VeraCrypt didn't add any new feature for protection against data corruption because there is no new idea on this field and I personally don't see what can we do more that what we have today. Unfortunate, there are limits to what a disk encryption software can do to mitigate such risks.
Nevertheless, please feel free to propose anything that maybe useful to implement in VeraCrypt so that we can have more resilience against data corruption scenarios.
Thanks. It looks like you put a lot of effort in making it easy for truecrypt users to migrate to Vera.
I will download your software and start using it.
Any plans to add new algorithms or you think it isn't necessarily a boost in security?
I say it because on different blogs there's people that say that the current algorithms are enough and that they're secure.
Some people think it would be 'fun' to see many more algorithms there. Secure algorithms of course, just a bigger selection of them and hash algorithms too.
Indeed the current portfolio of algorithms brings enough security to all users as it contains different two set of algorithms:
Adding new algorithms always come at the cost of extra work, so any integration must justified by a real gain.
There is one argument for the integration of new algorithms: all current algorithm are designed in western countries and some users a requesting algorithms designed on other parts of the world.
For example, as an encryption algorithm, Camellia is a strong cipher developed in Japan and that has been standardized and it is included in many security products.
For hashing, the new Russian cryptographic hash standard Streebog is a good candidate.
Wow! Awesome point!
I'm tempted: What do you think about them? Would you use them for protection? I'm not asking to implement it on Veracrypt if it isn't a priority, just an opinion.
I read that BolehVPN were thinking about using Camellia.
On some sites some people say Camellia is broken. But maybe they say it for political reasons. I never though such things matter on cryptography.
Wikipedia says Camellia is patented, and designed by Mitsubishi. Is it secure? Could there be a backdoor?
Camellia is available at a royality-free license base so the patent doesn't forbid including it in VeraCrypt.
Camellia has been well studied and it has been standardized by many international bodies. As of today, the security offered by Camellia is equivalent to AES.
Moreover, an interesting point is that Camellia uses the well-know Feistel network design which has been studied and scrutinized for more than 40 years. On the other hand, AES is based on a newer design (SP-network). So, from a conservative point of view, more confidence can be given to Camellia compared to AES.
I'm not aware of any backdoor claim concerning Camellia.
Thank you for your explanation!
Have a good weekend!
I used it and it became corrupted and there's no fixing it, even with the correct password. I do not recommend. I lost 20 years of work because I trusted it.
Operation failed due to one or more of the following:
Incorrect password.
Incorrect Volume PIM number.
Incorrect PRF (hash).
Not a valid volume.
Source: MountVolume:7763
The mistake I made was not creating an extra backup of the volume headers. I also tried checkin the hard drive/etc. No errors were reported. I had one file open in a program when i dismounted it, and that's probably what caused it.
Last edit: Nebu Chadnezzar 2017-05-23
@Nebu, have you tried mounting the volume with automatic detection of the backup header?