A few questions before I install VeraCrypt
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
A few basic questions before I install VeraCrypt. I will use it to create one encrypted container on each of my two data HDD (not RAID). There will also be un-encrypted data on each of these data HDDs. The system SSD (Windows 7 Home Premium 64-Bit) will remain un-encrypted.
--- Choice of drive letters for new containers - As of now, the highest drive letter is G, for the DVD-RW drive. Higher letters appear when I plug-in a USB key or a USB external HDD. I want to make sure there are no potential conflicts between my existing drives and the new encrypted drives/containers. Should I select the next letters in sequence, I and J, for the encrypted containers, or is it better to move them farther up the alphabet, such as N and O? If I use N and O, for example, under which letter will a removable external drive appear when plugged in (with encrypted drives mounted or unmounted)? Will it be H or P?
--- Minimizing risk of data loss - From what I have read online about TrueCrypt, data loss on an encrypted disk or container/partition is often caused by a corrupted MBR. I have also seen that encrypting only a container is safer (lower risk of data loss) than whole disk encryption. Is this true and if so, why? When only an encrypted container/partition is created on a HDD, is there less (or no) modification to the MBR than when the whole disk is encrypted?
--- Update procedure - When updating VeraCrypt to a newer version, should the previous version be uninstalled first, or is it better to install the new version over ("écraser") the older version. Am I right to assume the password information is included in the encrypted container, not in the program files?
--- Next version of VeraCrypt - When are you planning to release the next version of VeraCrypt? As installing and testing VeraCrypt will be a project for those boring days during the Holidays, I am just curious to know if there will be a new version out before Christmas.
Thanks!
Bernard
Hi,
You can use the favorites volumes feature in order to set a fixed drive letter for the encrypted partition. You'll have also to free original drive letter to avoid being prompt to format it as explained in the FAQ: https://veracrypt.codeplex.com/wikipage?title=FAQ#non_system_drive_letter. You can control the drive letter associated with your partitions.
In your question, you asked about container/partition encryption influence. In case of container, there is no influence since it is a simple file. The only risk in this case is if the container file is corrupted (for example, during download or synchronization). There are cases where using a container file is not practical, thus leaving only the option of encryption an entire partition or the entire hard drive. VeraCrypt doesn't change the partition table of the drive when a partition is encrypted. MBR is modified only when the system partition is encrypted which is not your case since you are not going to encrypt Windows.
When a new VeraCrypt version is available, you don't need to uninstall the previous one. Just run the new installer and it will update VeraCrypt. You are right: every encrypted container/partition includes a header that is used to decrypt it when the password is given. Thus, you can use the encrypted container/partition on any machine and any OS. No password information are stored or written in the PC.
We already released a beta of the up coming 1.0f version and the final release is expected to be available before Christmas, just on time for the Holidays!
Cheers,
Thanks Mounir for your reply. It's very useful. I will however have to be more specific with my original question no 1.
From reading the VeraCrypt documentation, my understanding is that even if I create "only" an encrypted container on an existing single-partition data HDD, this new container will have to be considered as a "volume" by VeraCrypt and thus assigned a drive letter. Is my understanding correct? If so, you can see why I asked about which drive letter to allocate to the encrypted container in order to avoid potential conflicts with removable drives.
Since dealing with additional drive letters seems unavoidable, the next logical step is to ask if it would be simpler to create a new Windows partition on each of my data HDD (with Windows Disk Management), and then to fully encrypt these new partitions. Presumably, I also could use Windows Disk Management to expand these partitions if need arise. Would this be a way to circumvent the "Encrypted partitions cannot be resized" limitation in VeraCrypt? (I would guess... no... but why?)
If I was to create new partitions for encrypted data on each data HDD, my system would look like this, assuming using N and O in Windows for the encrypted partitions:
C: System (SSD - existing first partition)
D: Work (SSD - existing second partition)
E: Data (HDD 1 - existing first partition - non-encrypted)
N: DataVC (HDD 1 - new second partition - encrypted)
F: Backup (HDD2 - existing first partition - non-encrypted)
O: BackupVC (HDD 2 - new second partition - encrypted)
G: DVD-RW
With this scenario, I still have a few questions:
--- When I plug-in a removable device, will it appear with the letter H or with the letter P?
--- Will the encrypted partitions N and O appear on Windows startup (as they have been created with Windows Disk Management), even if they are not mounted in VC yet?
--- If so, what happens if I try to open, for example the N volume, before it has been mounted by VC? Will I get a Password pop-up?
--- Would it be simpler/better to use the letters G and H for the new encrypted partitions and change the DVD-RW letter to I?
Thanks again for your time
Bernard
When using an encrypted container file, you'll have to deal with drive letter ONLY when you mount the container file. Before this, it will be like a regular file.
On the other hand, if you use encrypted partition, you'll have two drive letters: one for the real physical partition and one for the logical VeraCrypt partition. The link I noted in my previous post (https://veracrypt.codeplex.com/wikipage?title=FAQ#non_system_drive_letter) talks about this and show how to disable the drive letter for the physical partition in order to avoid any confusion.
So, if you really have issues with drive letter, I advise you to use container files since the drive letter will appear only when you mount it in VeraCrypt.
Concerning expanding an encrypted partition, this is not supported as described in the documentation (https://veracrypt.codeplex.com/wikipage?title=Issues%20and%20Limitations). There is a technical reason behind this related. There have been tools for VeraCrypt that tried to implement this (like here http://wiki.schlimmchen.de/doku.php?id=public:resizing_and_moving_truecrypt_volumes) but there are so many cases to handle that it is big risk to do that. Currently, we have no plan to implement such functionality.
As for your questions :
Cheers,
Thanks again Mounir for your exhaustive answers.
I have made up my mind: I will create containers only and assign them letters N and O in VC. This seems the simplest and safest way to do what I want.
Bernard