Security and Requirements Questions
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I have a couple of question after reading the Security and Requirements section.
Documentation says: “A file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS). A copy of the VeraCrypt container (or of its fragment) may remain on the host volume. To prevent this, do one the following: Use a partition/device-hosted VeraCrypt volume instead of file-hosted”
It also says: “A VeraCrypt partition is a hard disk partition encrypted using VeraCrypt”
Question: So, to prevent this basically I should just encrypt my hard disk? Or I shouldn’t be using NTFS to begin with?
Documentation says: “Store the container in a non-journaling file system (for example, FAT32).
Question: Unfortunately, I’m using Win10 which uses NTFS. I can format it using a program to convert it to FAT32 but will reformatting my hard disk to Fat32 affect anything since I’ve already created a file container? Or should I convert to Fat32 FIRST THEN create a file container? (FYI I’ve created a file container just for practice no critical info is stored in it)
Documentation says: “mount hidden volumes only when the hidden operating system is running.”
Question: How else is it possible to mount a hidden OS? Once you put in the pw for your hidden volume aren’t you automatically mounting the hidden OS?
Documentation says: “When the hidden operating system is running, the computer should not be connected to any network, including the internet”
Question: This really sucks cause my goal was to create a VM inside my hidden OS and access the internet. My question is how critical is it not to use the internet while my hidden OS is running?
Thanks in Advance.
I think I can help with the first question...
Question: So, to prevent this basically I should just encrypt my hard disk? Or I shouldn’t be using NTFS to begin with?
A: As you know, a physical hard drive and contain multiple logical partitions. I keep my OS on an SSD drive and my data and third-party programs on asecond traditional hard disk drive. Both drives use NTFS. Then, I used the Windows Disk Management tool to shrink the data partition on the data hard disk and created an “encrypted” partition.
If you want to use an encrypted file (rather than an encrypted volume), you could do something similar. Use the Windows Disk Management tool to shrink your partition. Create a new “simple volume” using the available space, and format it with FAT32. Finally create an encrypted container file on the new FAT32 partition.
Unless you have reasons to copy the encrypted file container to another location (e.g., to cloud storage, a USB flash drive, etc.), I think it's easier to create an encrypted volume and forego the encrypted container file.
Does this make sense? I hope it helps.
Robert
Thanks Robert (face to palm momment). Yeah that makes a lot of sense. I barley use the Disk management tool other than just checking my Unallocated space. You sir are a genius. You also essentially answered my second question as well. Thanks.
Welcome to the face-to-palm brotherhood, where all of us are members and most of us pay weekly dues. ;)
Take care,
Robert