Just went thru the Tutorial, very good, a questiona dn suggestion
Note in Step 6, there is ome confusion where you create the volume. it shows F Data, yet you say D My Documents.
Here is would be helpful if you told us where to create the volume or if it mattered. I only have C and E storage, so picked storage.
Final Step \ you say "You can open the mounted volume, for example, by double-clicking the item marked with a red rectangle in the screenshot above." Yet there is no screen shot
I am still confused by the file I created in E drive - it seems to just be a file yet when I click on it, it can't open. cant drag anything into it. As a real beignner this is confusing.
I ended up solving my problem by adding the new drive I used as mount to my my EDrive library as a new location. Not sure this is intended or not, but Idon't see another way to get there without going to My Computer.
thaks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank for your feedback. I have just corrected the path in the tutorial to always have the value F:\Data.
The path given in the tutorial is just an example. You can create your container file in any location your want (for example, it could be "C:\Data\").
For the final step, I corrected the sentence and now it reads: "You can open the mounted volume, for example, by selecting it on the list as shown in the screenshot above (blue selection) and then double-clicking on the selected item.".
Indeed, the created file will not open if you double click on it. For the double-click to work, it must have the extension .hc (for example "E:\Data\My Volume.hc"). Without this .hc extension, the only way to open the created file is to use the method described in STEP 14 and STEP 15 of the tutorial.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-16
Thank you very much. A few more similiar questions
I gather you can't add .hc to the volume somehow.
If I backup the entire pc to an external hardrive, is the volume also encrypted there or do I need to do something extra?
I have read of novices managing somehow to lose data if they encrypt their pc (I think I read this re encrypting the whole pc, not just some folders) and am not sure of the risks inherent here for those of us that sort of haphazardly make our way around the pc. Is there more to read specifically for a beginner as to easy do's and don'ts Seems staightforward enuf, as long as I remember my volume name and don't delete it by accident. 4. I don't know anything re True Crypt or what happened, but is there some risk that Veracrypt gets corrupted, goes bankrupt or who knows what and then while others can't get at my info, I can't either - the veracrypt app doesn't show up or work anymore so I can't remount my volume. I am assuming this risk is almost nonexistent or Veracrypt wouldn't be very popular.
lastly I mentioned i put my volume in my edrive, as I don't have much cdrive space left. I have a single computer with various user accounts, and was surprised to find the guest account had access to newly created F drive where I mounted the volume. As I played with the pc, I realize if I log out of the other account the F Drive disappears since it is no longer mounted. BUt if I forget....., seems like other users have access. Note that I found this true of all E Drive folders, and needed to change permissions on them so that only certain users had access, but when I tried the same for the F drive, it didn't work - even if I specifically put in guest on permissions and denied access, the guest had access whiel the other user is logged in.
thanks much for your help
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
it is up to the user to choose the name file, VeraCrypt doesn't enfore anything although it offers the .hc extension as a helper. For security reason, many users use "fake" extension to their container file name (like .avi or .mp3) to make it difficult for an attacker to find the container files.
I'm afraid the only resources available is the documentation, specifically the system encryption section and its subsections: https://veracrypt.codeplex.com/wikipage?title=System%20Encryption. Also the section "Incompatibilities" explains how some kind of software can provoke issues with system encryption: https://veracrypt.codeplex.com/wikipage?title=Incompatibilities. Other information can be found also on the FAQ and troubleshooting sections. What I strongly recommend to beginners is to start playing with system encryption by using a virtual machine (for example using Virtual Box). You just need a Windows installation CD and make sure not to activate Windows in the VM as we don't need activation for making the encryption work.
VeraCrypt, like TrueCrypt, will continue to work even of the project doesn't exist anymore. They don't need to connect to internet or anything. So you will always be able to mount your volumes no matter what happens to VeraCrypt. The only issue is with the support , the correction of bugs and the implementation of features. VeraCrypt is an active project with a good following and there is no risk in the near future to see it stopping. The only point that may arise in the future is the question of funding since the donation level is very low and some advances features or an audit will need financing to pay for the needed time to implement/perform them.
In order to make the mounted drive disappear when you switch user, open VeraCrypt, go to menu "Settings -> Preferences" and then check the option "User Session Locked". This way, even of you don't log out, the volume will dismount when you lock the session or you switch user to another account.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-17
Thank u very much very helpful. Hadn't heard of vm will have to explore
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-18
Thanks, had a chance to read some of the materials.
If I just do a volume, not system or partitions, it seems most of the risk of the beginner is minimized. for example, I don't need a protection disk like a system encryption has. And the risk of corruption seems lower.
Not quite sure I follow on backups
1. your link did a backup on the same pic, it seemed. Is that still suggested if you do a bakup on an external drive. Is teh concern that the file is corrupted, and that corrupted file is then backed up on the external drive, so better to have extras
2, Not sure if it matters if the volume is mounted or not when I back to exteranl drive, in my case a Seagate FreeAgent. or if it matters wehn I umplug the external drive - for example you say that is to be done for a hotplug device and I am not sure if my external drive qualifes.
same as #2 above for sending to cloud - does it matter if mounted or not?
thanks again
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No matter which type of encryption method you chose (file container, system, partition) or no encryption, backups should be part of your system's recovery plan.
Hard drives can fail suddenly, system crashes can prevent being able to access the disk again or user error of deleting files.
For file containers, you can backup the contents while the volume is mounted but you should not backup the actual file container file itself unless the volume is dismounted.
Your backup software should create encrypted backup files. What software are you using to perform your backup?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-20
Hi Enigma.
I struggle with this, sorry about that. I have Windows 7 and think I just use Windows Backup to the Seagate external drive. THe backup does show the the encrypted volume. BUt I am not sure I follow when you say my software should create encrypted backup files - are you just meaining copies of the encrypted Veracrypt volume, or some separate encryption method unde that software.
I sort of amused myself by trying different things, and I would like to see if my results are consistent with what you expect. IT may also help others new to this. So you know, I am a home user, just trying to provide some level of protection for finaancial materials on the pc, and backing them up on the cloud as well - in my case on Spideroak. My preference would be one folder and one volume, in my case now about 600MG.
Here is what I found . While you can back up an encrypted folder (volume) on either an external drive or the cloud (like Spideroak), a problem arises if you then change what is in the volume. I tried this by creating a volume (original volume), adding files while mounted, and dismounting. I then backed up to external drive and to SPideroak. I down loaded from both, and all downloads matched what I have originally.
I then remounted the volume, and changed some internal folders and files so now it is a changed volume. Dismounted. Waited over an hour, and backed up on external drive. I found
1. When I downloaded from the external drive, it was the Original Volume, and did not show any any changes.
2. The Changed Volume did not sync with spideroak - even after hours, the Old Volume was what was there when I downloaded it.
So it seems to solve this problem more steps are needed.
1. For the external drive, it seems that the Veracrypt manual is the answer, you need to create a new volume, using the Veracrypt wizard, and copy the materials and move the materials into it. (Actually, I am not sure why you cant’ copy the crypt and just give it a new name??? Wouldn’t this work also, althought the password and encryption will be the same as the first crypt)
2. If I wanted I could do the same with Spideroak. For me, I think it is preferable to upload the volume while it is mounted originally. And then when I change a document, I can just delete the original and upload the new changed one. This has the advantage of allowing me to see the individual documents inside the volume while on Spideroak, and if I need something, just download that one document rather than the download and then mount the entire crypt. I suppose I don’t have an encrypted volume inside Spideroak, but as long as I log off, I am protected by my Spideroak password.
3. Returning to the hard drive, I don’t see how I can safely use what I want to do in #2 above here. For spideroak I have a password protecting it. But for the external drive, there is no password, that is the point of encrypting the volume. SO I think I need to back up a new volume as per #1.
any thoughts appreciated.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for providing detailed description. Very helpful. Also, kudos to you for experimenting. This is how we learn. :)
From reading your reply, you appear to have created a VeraCrypt file container. In other words, you did not attempt to encrypt a partition or your system (C drive in Windows).
In order for Spideroak to recognize that the contents within the file container have changes, you need to configure VeraCrypt to change the timestamp on the file container.
In VeraCrypt main window, go to Settings > Preferences, and look for "Preserve modification timestamp of file containers" and uncheck the box. By unchecking this option, you are telling VeraCrypt to allow the timestamp of the file container to be updated.
Now repeat your experiment by mounting the file container, change a file and unmount the file container. Spideroak should copy the entire VeraCrypt file container during its next run.
Windows Backup and VeraCrypt
In your case, since you are only backing-up the unmounted VeraCrypt file container, you can configure the Windows backup to copy the entire file container to your external drive.
Windows Backup is not user friendly when using encrypted partitions.
In your case, the unmounted VeraCrypt file container is encrypted. Hence, you do not need the backup program to produce it's backup encrypted.
If you were backing-up the contents of the mounted file container or encrypted partitions, then you want the output of the backup to be encrypted to prevent someone from viewing or stealing the information.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-20
THanks much,
I will try the Spideroak fix you mentioned, let u know later
Yes, I am doing a single file container, not partition or system. May tackle that sometime, but seems safer to me not to. ON other forums I was advised that average users probably best not encrypt the whole computer, they have seen too many folks screw up and lose everything by not knowing what they were doing.
Lastly, I think I missed your point re Windows backup of a container. You said "you can configure the Windows backup to copy the entire file container to your external drive." I don't know what that means - configure? As mentioned, the original volume does back up, but if I make changes on the volume, and dismount, then the normal backup doesn't seem to pick up any changes I have made. Do you just mean I need to do as I said above
"it seems that the Veracrypt manual is the answer, you need to create a new volume, using the Veracrypt wizard, and copy the materials and move the materials into it. (Actually, I am not sure why you cant’ copy the crypt and just give it a new name??? Wouldn’t this work also, althought the password and encryption will be the same as the first crypt)"
or is there a way to avoid this, like the timestamp thing you mentioned for Spideroak.
O, a tad unrelated, will it take longer to mount a larger volume than a smaller one. I have been practicing with a 10 mg container, and also a 1 GB container, but with only a few MG of actual data in it. Seems to mount in about 5-10 seconds. IF I have a 1gb containter with 600MB of files, will that take much longer?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Lastly, I think I missed your point re Windows backup of a container. You said "you can configure the Windows backup to copy the entire file container to your external drive." I don't know what that means - configure?
Configure. Meaning that backup programs have options to control what they backup, where they backup, how many generations/copies of a file to keep in the backups and if the feature is available to encrypt the backup.
Perform the changes in the Preferences to allow updating the timestamp and you should be fine using Spideroak.
The size of the file container will not impact the mount times.
Do you just mean I need to do as I said above
"it seems that the Veracrypt manual is the answer, you need to create a new volume, using the Veracrypt wizard, and copy the materials and move the materials into it. (Actually, I am not sure why you cant’ copy the crypt and just give it a new name??? Wouldn’t this work also, althought the password and encryption will be the same as the first crypt)"
If Spideroak is already keeping X copies of the same filename, then there is no reason to reinvent the wheel. And yes, you could copy the unmounted file container with a new filename for your backups if you do not want to have VeraCrypt update the file container's timestamp as outlined in my instructions.
Last edit: Enigma2Illusion 2015-02-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-21
Thanks again.
Your suggestion worked great.
Spideroak. I unchecked the box and so I presume that Spikeroak now recognizes this as a new file, or more accurately an new version, and syncs it automatically. When I checked, and downloaded, it showed the changes I made.
Windows Backup to External Hardrive. THe same change, uncheckin the box, seems to work for Windows backup.
So all works. By unchecking the box, the new changes get backed up to both Spideroak and my external hard drive.
I confess,however, to still being unsure I followed your suggestion. I read your comments to mean that I should go into Windows Backup and adjust its settings in some manner to allow the changed volume to be backed up. I didn't do anything, other than change the preferences in Veracrypt re the time stamp. Were you suggesting something different.
Also, As far as i know you cant do backup encrption using Windows 7 home version without third party software. At least Bit locker doesn't work.
thanks again,
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I read your comments to mean that I should go into Windows Backup and adjust its settings in some manner to allow the changed volume to be backed up. I didn't do anything, other than change the preferences in Veracrypt re the time stamp.
Sorry for the confusion. I was wanting to make sure you were backing-up the file container verses a mounted file container's contents which is why I wanted to know if the backup program was able to perform encryption.
I am glad both Spideroak and backing-up to your external drive is working as you planned after the setting change in VeraCrypt. :)
Last edit: Enigma2Illusion 2015-02-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-21
Ok, I got it. and all seems to work well. I have been emailing a Spideroak fellow and will point out this post for him. Only thing I am unsure about with the time stamp is how it measures the volumes when there is a new timestamp. I noticed that it had historical versions with the new time, and I don't know if that means it counts each version at the full, say 600MB, of the volume if that is what I use. Or, for that matter, if it has to upload all 600 mb of the changed volume. If these are true, that will take some time to upload, and i will need to delete old versions or run out of space. I guess this depends on wehter Spideroak can "see" thru the volume and realize there is only a few changes.
Two last questions, completely unrelated
I got started on this all mainly by reading about passwords. I don't think anyone else has suggested a 20plus number one. Any suggestions how to remember such a password without writing it down, which sort of defeats the purpose. Also think I read in some document here that password generators shouldn't be used for Veracrypt. Can't remember where.
what is a cascade of encryptors. I am guessing volumes inside of volumes inside of volumes, each with different ciphers. OR can you do that automatically in preferences somehow.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since the file container is encrypted, I would expect Spideroak to copy the entire file each time the timestamp is updated unless Spideroak at the backup storage level performs block level comparison of the file what is called deduplication. This is handled by Spideroak's backup storage and nothing you setup.
Passwords
There are no issues using password generators as long as they produce USA keyboard characters.
You can create long passwords with numbers and special characters by taking a phrase that you create and include numbers and special characters.
Just as an example: Th3Cow#JumPeD*Over!$heM00n4Me2CaTch
Of course, use a phrase that is not common and make the phase nonsensical.
You can create file containers within file containers with different encryption algorithms. However, I would recommend creating one file container using VeraCrypt's cascade: AES-Twofish-Serpent
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-22
Thanks again. All very helful if the specifics are like a foreign langauge. Encryption algorithms, hashtag, FATS or NTFS, I suppose will remain a black hole!
I did create a volume with the 3 cipher u suggestedna dn passord generator worked, tho it seemed that teh Veracrypt box disappeared from teh screen and I had to cut a paste it rather than it appearing automatically in teh password space.
I see how to change a password for a volume, can one change the encryption algorithm or do you start over again. I wonder if I used the same folder name if Spider oak and backup would treat as new vrsion rather than new volume.
Spideroak seems to have deduplication if I followed you. In any case, I have a 900mb volume and it took hours to upload origianlly, but when I remounted and changed a few things, it took less than a minute to sync, and did not use more space on Spideroak.
thanks much
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I see how to change a password for a volume, can one change the encryption algorithm or do you start over again.
To change the encryption algorithm (AES, Twofish, Serpent) you will have start again. You can change the password, add/remove keyfiles and the hash (SHA-512, Whirlpool, SHA-256) on an existing volume.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-22
THanks very much for all your help, it is greatly appreciated. I feel pretty comfortable using this now.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, Didn't know where else to post so this is what came up in google so posting here.
Am tyring to move from Bitlocker to VC.
Sync with Dropbox and GDrive is an issue as file needs to be mounted and dismounted after every write to the encryted file's contents. Would be great if file time stamp could be updated in realtime as in the case of Bitlocker.
Thanks for a great piece of software!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If VeraCrypt allowed the timestamp of the file container to update each time a write is performed to the volume would cause performance issues in the case of many files be copied, written or updated on the volume. A bigger issue would be a "corrupted" file container sync to Dropbox and GDrive since the file container could have changes in-flight when the sync occurs.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have been using bitlocker with dropbox in a similar (500MB file container & mounted drive) config for an year now and haven't had that issue. I want to move coz I feel locked-in with bitlocker.
My guess is that the OS r/w locks and sync algorithms in cloud sync applications are robust enough to handle file updates in the middle of an active sync. I often work with large files which are frequently saved and not had a corruption yet(!). All this even when the file in the floder shows "syncing" state (dropbox and gdrive change icons to show syncing or synced).
I also think it would be chaotic if cloud sync apps could not handle these scenarios as this probably is part of basic functionality. Am thinking situations where file starts to sync and gets unterrupted for any reason (say network connection drops) and edits are performed.
You probably would have experimented with this already, but this is a great functionality to have. Its nearly impossible to unmount/mount after every r/w or every now and then.
A possibility could be to update time stamp when device is idle.. similar to an option in windows task scheduler. Might not be an instant cloud backup but at least could run in the background unattended. Or to update after, say, 5 seconds of the last write / update operation?
Thanks!
Last edit: Raj kumar 2016-07-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just went thru the Tutorial, very good, a questiona dn suggestion
Note in Step 6, there is ome confusion where you create the volume. it shows F Data, yet you say D My Documents.
Here is would be helpful if you told us where to create the volume or if it mattered. I only have C and E storage, so picked storage.
Final Step \ you say "You can open the mounted volume, for example, by double-clicking the item marked with a red rectangle in the screenshot above." Yet there is no screen shot
I am still confused by the file I created in E drive - it seems to just be a file yet when I click on it, it can't open. cant drag anything into it. As a real beignner this is confusing.
I ended up solving my problem by adding the new drive I used as mount to my my EDrive library as a new location. Not sure this is intended or not, but Idon't see another way to get there without going to My Computer.
thaks.
Hi,
Thank for your feedback. I have just corrected the path in the tutorial to always have the value F:\Data.
The path given in the tutorial is just an example. You can create your container file in any location your want (for example, it could be "C:\Data\").
For the final step, I corrected the sentence and now it reads: "You can open the mounted volume, for example, by selecting it on the list as shown in the screenshot above (blue selection) and then double-clicking on the selected item.".
Indeed, the created file will not open if you double click on it. For the double-click to work, it must have the extension .hc (for example "E:\Data\My Volume.hc"). Without this .hc extension, the only way to open the created file is to use the method described in STEP 14 and STEP 15 of the tutorial.
Thank you very much. A few more similiar questions
thanks much for your help
Last edit: Mounir IDRASSI 2015-02-16
Thank u very much very helpful. Hadn't heard of vm will have to explore
Thanks, had a chance to read some of the materials.
If I just do a volume, not system or partitions, it seems most of the risk of the beginner is minimized. for example, I don't need a protection disk like a system encryption has. And the risk of corruption seems lower.
Not quite sure I follow on backups
1. your link did a backup on the same pic, it seemed. Is that still suggested if you do a bakup on an external drive. Is teh concern that the file is corrupted, and that corrupted file is then backed up on the external drive, so better to have extras
2, Not sure if it matters if the volume is mounted or not when I back to exteranl drive, in my case a Seagate FreeAgent. or if it matters wehn I umplug the external drive - for example you say that is to be done for a hotplug device and I am not sure if my external drive qualifes.
thanks again
No matter which type of encryption method you chose (file container, system, partition) or no encryption, backups should be part of your system's recovery plan.
Hard drives can fail suddenly, system crashes can prevent being able to access the disk again or user error of deleting files.
For file containers, you can backup the contents while the volume is mounted but you should not backup the actual file container file itself unless the volume is dismounted.
Your backup software should create encrypted backup files. What software are you using to perform your backup?
Hi Enigma.
I struggle with this, sorry about that. I have Windows 7 and think I just use Windows Backup to the Seagate external drive. THe backup does show the the encrypted volume. BUt I am not sure I follow when you say my software should create encrypted backup files - are you just meaining copies of the encrypted Veracrypt volume, or some separate encryption method unde that software.
I sort of amused myself by trying different things, and I would like to see if my results are consistent with what you expect. IT may also help others new to this. So you know, I am a home user, just trying to provide some level of protection for finaancial materials on the pc, and backing them up on the cloud as well - in my case on Spideroak. My preference would be one folder and one volume, in my case now about 600MG.
Here is what I found . While you can back up an encrypted folder (volume) on either an external drive or the cloud (like Spideroak), a problem arises if you then change what is in the volume. I tried this by creating a volume (original volume), adding files while mounted, and dismounting. I then backed up to external drive and to SPideroak. I down loaded from both, and all downloads matched what I have originally.
I then remounted the volume, and changed some internal folders and files so now it is a changed volume. Dismounted. Waited over an hour, and backed up on external drive. I found
1. When I downloaded from the external drive, it was the Original Volume, and did not show any any changes.
2. The Changed Volume did not sync with spideroak - even after hours, the Old Volume was what was there when I downloaded it.
So it seems to solve this problem more steps are needed.
1. For the external drive, it seems that the Veracrypt manual is the answer, you need to create a new volume, using the Veracrypt wizard, and copy the materials and move the materials into it. (Actually, I am not sure why you cant’ copy the crypt and just give it a new name??? Wouldn’t this work also, althought the password and encryption will be the same as the first crypt)
2. If I wanted I could do the same with Spideroak. For me, I think it is preferable to upload the volume while it is mounted originally. And then when I change a document, I can just delete the original and upload the new changed one. This has the advantage of allowing me to see the individual documents inside the volume while on Spideroak, and if I need something, just download that one document rather than the download and then mount the entire crypt. I suppose I don’t have an encrypted volume inside Spideroak, but as long as I log off, I am protected by my Spideroak password.
3. Returning to the hard drive, I don’t see how I can safely use what I want to do in #2 above here. For spideroak I have a password protecting it. But for the external drive, there is no password, that is the point of encrypting the volume. SO I think I need to back up a new volume as per #1.
any thoughts appreciated.
Thank you for providing detailed description. Very helpful. Also, kudos to you for experimenting. This is how we learn. :)
From reading your reply, you appear to have created a VeraCrypt file container. In other words, you did not attempt to encrypt a partition or your system (C drive in Windows).
In order for Spideroak to recognize that the contents within the file container have changes, you need to configure VeraCrypt to change the timestamp on the file container.
In VeraCrypt main window, go to Settings > Preferences, and look for "Preserve modification timestamp of file containers" and uncheck the box. By unchecking this option, you are telling VeraCrypt to allow the timestamp of the file container to be updated.
Now repeat your experiment by mounting the file container, change a file and unmount the file container. Spideroak should copy the entire VeraCrypt file container during its next run.
Windows Backup and VeraCrypt
In your case, since you are only backing-up the unmounted VeraCrypt file container, you can configure the Windows backup to copy the entire file container to your external drive.
Windows Backup is not user friendly when using encrypted partitions.
You can read about it in this thread.
https://veracrypt.codeplex.com/discussions/577924
Encrypted Backups
In your case, the unmounted VeraCrypt file container is encrypted. Hence, you do not need the backup program to produce it's backup encrypted.
If you were backing-up the contents of the mounted file container or encrypted partitions, then you want the output of the backup to be encrypted to prevent someone from viewing or stealing the information.
THanks much,
I will try the Spideroak fix you mentioned, let u know later
Yes, I am doing a single file container, not partition or system. May tackle that sometime, but seems safer to me not to. ON other forums I was advised that average users probably best not encrypt the whole computer, they have seen too many folks screw up and lose everything by not knowing what they were doing.
Lastly, I think I missed your point re Windows backup of a container. You said "you can configure the Windows backup to copy the entire file container to your external drive." I don't know what that means - configure? As mentioned, the original volume does back up, but if I make changes on the volume, and dismount, then the normal backup doesn't seem to pick up any changes I have made. Do you just mean I need to do as I said above
"it seems that the Veracrypt manual is the answer, you need to create a new volume, using the Veracrypt wizard, and copy the materials and move the materials into it. (Actually, I am not sure why you cant’ copy the crypt and just give it a new name??? Wouldn’t this work also, althought the password and encryption will be the same as the first crypt)"
or is there a way to avoid this, like the timestamp thing you mentioned for Spideroak.
O, a tad unrelated, will it take longer to mount a larger volume than a smaller one. I have been practicing with a 10 mg container, and also a 1 GB container, but with only a few MG of actual data in it. Seems to mount in about 5-10 seconds. IF I have a 1gb containter with 600MB of files, will that take much longer?
Configure. Meaning that backup programs have options to control what they backup, where they backup, how many generations/copies of a file to keep in the backups and if the feature is available to encrypt the backup.
Perform the changes in the Preferences to allow updating the timestamp and you should be fine using Spideroak.
The size of the file container will not impact the mount times.
If Spideroak is already keeping X copies of the same filename, then there is no reason to reinvent the wheel. And yes, you could copy the unmounted file container with a new filename for your backups if you do not want to have VeraCrypt update the file container's timestamp as outlined in my instructions.
Last edit: Enigma2Illusion 2015-02-20
Thanks again.
Your suggestion worked great.
Spideroak. I unchecked the box and so I presume that Spikeroak now recognizes this as a new file, or more accurately an new version, and syncs it automatically. When I checked, and downloaded, it showed the changes I made.
Windows Backup to External Hardrive. THe same change, uncheckin the box, seems to work for Windows backup.
So all works. By unchecking the box, the new changes get backed up to both Spideroak and my external hard drive.
I confess,however, to still being unsure I followed your suggestion. I read your comments to mean that I should go into Windows Backup and adjust its settings in some manner to allow the changed volume to be backed up. I didn't do anything, other than change the preferences in Veracrypt re the time stamp. Were you suggesting something different.
Also, As far as i know you cant do backup encrption using Windows 7 home version without third party software. At least Bit locker doesn't work.
thanks again,
Sorry for the confusion. I was wanting to make sure you were backing-up the file container verses a mounted file container's contents which is why I wanted to know if the backup program was able to perform encryption.
I am glad both Spideroak and backing-up to your external drive is working as you planned after the setting change in VeraCrypt. :)
Last edit: Enigma2Illusion 2015-02-21
Ok, I got it. and all seems to work well. I have been emailing a Spideroak fellow and will point out this post for him. Only thing I am unsure about with the time stamp is how it measures the volumes when there is a new timestamp. I noticed that it had historical versions with the new time, and I don't know if that means it counts each version at the full, say 600MB, of the volume if that is what I use. Or, for that matter, if it has to upload all 600 mb of the changed volume. If these are true, that will take some time to upload, and i will need to delete old versions or run out of space. I guess this depends on wehter Spideroak can "see" thru the volume and realize there is only a few changes.
Two last questions, completely unrelated
I got started on this all mainly by reading about passwords. I don't think anyone else has suggested a 20plus number one. Any suggestions how to remember such a password without writing it down, which sort of defeats the purpose. Also think I read in some document here that password generators shouldn't be used for Veracrypt. Can't remember where.
what is a cascade of encryptors. I am guessing volumes inside of volumes inside of volumes, each with different ciphers. OR can you do that automatically in preferences somehow.
Since the file container is encrypted, I would expect Spideroak to copy the entire file each time the timestamp is updated unless Spideroak at the backup storage level performs block level comparison of the file what is called deduplication. This is handled by Spideroak's backup storage and nothing you setup.
Passwords
There are no issues using password generators as long as they produce USA keyboard characters.
You can create long passwords with numbers and special characters by taking a phrase that you create and include numbers and special characters.
Just as an example: Th3Cow#JumPeD*Over!$heM00n4Me2CaTch
Of course, use a phrase that is not common and make the phase nonsensical.
Cascades
You can read about Cascades in the documentation.
You can create file containers within file containers with different encryption algorithms. However, I would recommend creating one file container using VeraCrypt's cascade: AES-Twofish-Serpent
Thanks again. All very helful if the specifics are like a foreign langauge. Encryption algorithms, hashtag, FATS or NTFS, I suppose will remain a black hole!
I did create a volume with the 3 cipher u suggestedna dn passord generator worked, tho it seemed that teh Veracrypt box disappeared from teh screen and I had to cut a paste it rather than it appearing automatically in teh password space.
I see how to change a password for a volume, can one change the encryption algorithm or do you start over again. I wonder if I used the same folder name if Spider oak and backup would treat as new vrsion rather than new volume.
Spideroak seems to have deduplication if I followed you. In any case, I have a 900mb volume and it took hours to upload origianlly, but when I remounted and changed a few things, it took less than a minute to sync, and did not use more space on Spideroak.
thanks much
To change the encryption algorithm (AES, Twofish, Serpent) you will have start again. You can change the password, add/remove keyfiles and the hash (SHA-512, Whirlpool, SHA-256) on an existing volume.
THanks very much for all your help, it is greatly appreciated. I feel pretty comfortable using this now.
Hi, Didn't know where else to post so this is what came up in google so posting here.
Am tyring to move from Bitlocker to VC.
Sync with Dropbox and GDrive is an issue as file needs to be mounted and dismounted after every write to the encryted file's contents. Would be great if file time stamp could be updated in realtime as in the case of Bitlocker.
Thanks for a great piece of software!
Hello Raj,
If VeraCrypt allowed the timestamp of the file container to update each time a write is performed to the volume would cause performance issues in the case of many files be copied, written or updated on the volume. A bigger issue would be a "corrupted" file container sync to Dropbox and GDrive since the file container could have changes in-flight when the sync occurs.
Hi,
I have been using bitlocker with dropbox in a similar (500MB file container & mounted drive) config for an year now and haven't had that issue. I want to move coz I feel locked-in with bitlocker.
My guess is that the OS r/w locks and sync algorithms in cloud sync applications are robust enough to handle file updates in the middle of an active sync. I often work with large files which are frequently saved and not had a corruption yet(!). All this even when the file in the floder shows "syncing" state (dropbox and gdrive change icons to show syncing or synced).
I also think it would be chaotic if cloud sync apps could not handle these scenarios as this probably is part of basic functionality. Am thinking situations where file starts to sync and gets unterrupted for any reason (say network connection drops) and edits are performed.
You probably would have experimented with this already, but this is a great functionality to have. Its nearly impossible to unmount/mount after every r/w or every now and then.
A possibility could be to update time stamp when device is idle.. similar to an option in windows task scheduler. Might not be an instant cloud backup but at least could run in the background unattended. Or to update after, say, 5 seconds of the last write / update operation?
Thanks!
Last edit: Raj kumar 2016-07-27