Weakened security by using weak outer passwort?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hello,
I would like to encrypt a complete external hard disk (5TB) and create a hidden volume (approx. 4TB).
To do this, an outer volume (approx. 5TB) must first be created, which requires several hours until it is encrypted (or until it is formatted with the encryption).
I use a weak/simple password for this outer volume (which is made accessible to a criminal in an emergency so that the hidden data does not have to be disclosed) so that I can quickly remember it in an emergency.
Once the outer volume has been created, the inner/hidden volume is created.
For this operation, I then enter a very secure password here for the inner/hidden volume.
I noticed, that no complete re-encryption/complete formatting of the inner/hidden volume is carried out when the inner/hidden volume is created.
Now my question:
Is the security of the inner/hidden volume with the strong password weakened because the outer volume was created/formatted with a weak/simple password?
Thank you very much for help and support.
Last edit: Bernd 2024-12-06
@Bernd
Allow me to give you an analogy.
You have a desktop or laptop computer.
You password-protect your MBR/BIOS or GPT/UEFI as your first level of protection. The password is weak and can be guessed easily.
After entering your password in the MBR/BIOS or GPT/UEFI, you boot your computer into Debian or Microsoft Windows.
You password-protect your Microsoft Windows using BitLocker or Debian using LUKS2 as a second level of protection. The password that you set for BitLocker or LUKS2 encryption is a passphrase, for example, Puke-tin is a threat to Europe
Do you think that an adversary who is able to boot your MBR/BIOS or GPT/UEFI will be able to boot up your Microsoft Windows or Debian?
Note: Usually the weakest link are the people closest to you or you yourself. Hackers, scammers and frauds use social engineering tactics to get you to reveal your secrets. These tactics are as ancient as the pyramids of Egypt.
Here's an early Christmas tip for you:
Outer Volume
Choose your encryption algorithm to be X
For the hash algorithm, you choose Y
Hidden Volume
Choose a two-cipher or three-cipher encryption algorithm
For the hash algorithm, you might want to choose something that is different from Y
Question for @Bernd
I am curious: What is your threat model? Who do you think are your adversaries? Are they law enforcement people?
Last edit: Vencent Valerian 2024-12-06
Hello everyone, does nobody really know the answer to my question? Please let me know if I have explained something incorrectly. I hope one of you can help me with my question. Thank you very much.
Hello back
Perhaps you would like to first format your original post into paragraphs, sections, etc.
Insert punctuation marks where appropriate and you may get a response? Maybe?
@Vencent Valerian:
Thank you for this hint.
My english is not fluent, so I tried to explain as easy and compact as possible.
But you are right,... a better formatting of the sentences is more pleasant.
Hope, someone could help me now.
Best regards,
Bernd
@Bernd
"My english is not fluent, so I tried to explain as easy and compact as possible."
I understand what you wrote. (I assume your native language is Deutsch?)
Moreover, the person(s) in charge of Veracrypt's forums didn't specify that users must attain a certain level of proficiency of the English language.
"But you are right,... a better formatting of the sentences is more pleasant."
You're lucky in this forum because in other more popular forums such as Reddit, Unix StackExchange etc, their moderators would've held back your original post or demanded that you format your post to make it readable to humans.
Last edit: Vencent Valerian 2024-12-06
Don't worry at all! There is no relation between the 2 passwords. I wont go into the details, but your weak password on the outer volume has NOTHING to do with your inner volume password. You can make the outer password "12345678", don't worry.
Hello Vencent Valerian,
hello Alex,
thank you very very much for your help.
Now I don't worry so much anymore.
@Vencent Valerian:
Yes, German ;o)
No law enforcement.
I would like to be able to carry my personal documents and financial records with me digitally without anyone having access to them in case of an inspection (for example at the airport,...)
Thank you again and have a nice weekend.
Best regards,
Bernd 🎅