Hello all,
I need some info before I finally decide to instal VERA CRYPT on my laptop.
Few days ago I joined a technical forum in order to ask some question about vera crypt.
I was wondering if this software will give my laptop 100% security.
I'll explain: I need an encryption software to encrypt my full disk with a pass when I start my laptop and also be sure that in case my laptop is stollen no one will be able to decrypt so access my data, also if they remove physically my hard drive and try to use it within another machine.
The answer I got was that my laptop (I will put the system description under this post) was (and I quote from the other forum:
"Indeed. The problem you have is that there is no supported software other than Bitlocker which handles GPT Windows system partitions. That's one of the factors in the cessation of the development of Truecrypt, and Veracrypt doesn't support it either (it does on MBR afaik).
So, the answer to your question is no.
If your laptop supports TPM 2, then it ought to be possible to use "Device encryption" which I think is a form of bitlocker under the hood, and this is nominally available for W10 Home.
Otherwise, you're looking at an upgrade to W10 Pro.
FWIW - I have a W7 Ultimate laptop without TPM, which can support bitlocker - but I don't think FDE is viable without TPM on a laptop because you have to supply too long a passphrase every time the thing reboots. What I do instead is to use a combination of 2FA on the account login, EFS on account files, and also a Truecrypt mount to keep things like email files encrypted. EFS is also only available on W10 Pro. Anyway, that way of running it keeps personal files encrypted so that examination of the disk at rest is somewhat protected, and I do not have a swap file so that risk is minimal.".
Now, my question is. Is that true? So if I instal vera crypt on my laptop will be protected 100% or not even in case someone have the physical access to it or to the hard disk.
Thank you very much.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The information you got is outdated. VeraCrypt now support GPT system partitions (UEFI mode) so you can use it to encrypt Windows 10 without problem.
VeraCrypt function is to protect against unauthorized access to encrypted systems. So it will answer your need. VeraCrypt encryption is protected using a password that you must type everytime you boot the machine. This password must be strong enough so that attackers will not be able to brute force it.
One point to note: VeraCrypt bootloader is not signed by Microsoft and so in order to make it possible to support Secure Boot feature of EFI systems, a manual step is required in order to load VeraCrypt custom keys into the machine firmware. This can be done using a simple script that is provided at https://sourceforge.net/projects/veracrypt/files/Contributions/SecureBootVeraCrypt.zip/download (instructions included in the zip file).
Dear Mounir,
Thank you very much for your answer and sorry for ma late answer. I was in hospital.
Once again I am bothering you with some question:
1) If I use veracrypt my disk will be safe even if someone removes it physically from the laptop?
2) The manual step is mandatory and precludes the correct function of veracrypt or not?
(I am asking this cause I am so dumb when it comes to do manual things on a pc)
Thank you very much
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, it will be safe, because it will be encrypted; unless you chose a bad password
I'll let other people answer this, but mind you: if you're not entirely comfortable using this software, be aware that accidents WILL happen at first (because you made a mistake, followed an instruction wrongly,... talking by experience here) --> always make a flawless backup of your data before you do anything and look up how to reinstall Windows in case anything goes south. A good knowledge on how to work with the BIOS/UEFI is also necessary.
I once succeeded in losing 1.2 TB of data after encrypting my volume D and not being able to mount. To this day, I really don't know what went wrong, because I typed my password correctly (I checked!), but to no avail. But luckily, it didn't matter, aside from some time -> I lost 4h while restoring my data from the backup drive after formatting my D volume.
Last edit: Mortov Molotov 2018-08-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello all,
I need some info before I finally decide to instal VERA CRYPT on my laptop.
Few days ago I joined a technical forum in order to ask some question about vera crypt.
I was wondering if this software will give my laptop 100% security.
I'll explain: I need an encryption software to encrypt my full disk with a pass when I start my laptop and also be sure that in case my laptop is stollen no one will be able to decrypt so access my data, also if they remove physically my hard drive and try to use it within another machine.
The answer I got was that my laptop (I will put the system description under this post) was (and I quote from the other forum:
"Indeed. The problem you have is that there is no supported software other than Bitlocker which handles GPT Windows system partitions. That's one of the factors in the cessation of the development of Truecrypt, and Veracrypt doesn't support it either (it does on MBR afaik).
So, the answer to your question is no.
If your laptop supports TPM 2, then it ought to be possible to use "Device encryption" which I think is a form of bitlocker under the hood, and this is nominally available for W10 Home.
Otherwise, you're looking at an upgrade to W10 Pro.
FWIW - I have a W7 Ultimate laptop without TPM, which can support bitlocker - but I don't think FDE is viable without TPM on a laptop because you have to supply too long a passphrase every time the thing reboots. What I do instead is to use a combination of 2FA on the account login, EFS on account files, and also a Truecrypt mount to keep things like email files encrypted. EFS is also only available on W10 Pro. Anyway, that way of running it keeps personal files encrypted so that examination of the disk at rest is somewhat protected, and I do not have a swap file so that risk is minimal.".
Now, my question is. Is that true? So if I instal vera crypt on my laptop will be protected 100% or not even in case someone have the physical access to it or to the hard disk.
Thank you very much.
The information you got is outdated. VeraCrypt now support GPT system partitions (UEFI mode) so you can use it to encrypt Windows 10 without problem.
VeraCrypt function is to protect against unauthorized access to encrypted systems. So it will answer your need. VeraCrypt encryption is protected using a password that you must type everytime you boot the machine. This password must be strong enough so that attackers will not be able to brute force it.
One point to note: VeraCrypt bootloader is not signed by Microsoft and so in order to make it possible to support Secure Boot feature of EFI systems, a manual step is required in order to load VeraCrypt custom keys into the machine firmware. This can be done using a simple script that is provided at https://sourceforge.net/projects/veracrypt/files/Contributions/SecureBootVeraCrypt.zip/download (instructions included in the zip file).
To setup up your encrypted system, it is advises to use the latest 1.23-BETA available at https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/. Don't hesitate to ask questions in this forum if you need help setting up your system.
Dear Mounir,
Thank you very much for your answer and sorry for ma late answer. I was in hospital.
Once again I am bothering you with some question:
1) If I use veracrypt my disk will be safe even if someone removes it physically from the laptop?
2) The manual step is mandatory and precludes the correct function of veracrypt or not?
(I am asking this cause I am so dumb when it comes to do manual things on a pc)
Thank you very much
I once succeeded in losing 1.2 TB of data after encrypting my volume D and not being able to mount. To this day, I really don't know what went wrong, because I typed my password correctly (I checked!), but to no avail. But luckily, it didn't matter, aside from some time -> I lost 4h while restoring my data from the backup drive after formatting my D volume.
Last edit: Mortov Molotov 2018-08-13