I am a fan Veracrypt but I have this problem.I want my encrypted data to be secure also in a operative system , in a hardware in an software enviroment not secure .I don't want a point of failure in the hardware or in the software I use ( and for this reason the opensource nature of veracrypt is a very important characteristic ) .
The problem happen when a user mount a volume and put the password by a keyboard . The password can be recorded and it can be sent via internet. I don't want my security is based on the security of the keyboard.
I know that is possible to use keyfiles as password but again the files are limited to 1MB so the system can store and send these keyfiles through internet.Thinking about this problem the only solution I found is a huge password/keyfiles something like 10GB so I am sure it can not be sent via internet and in general is very difficult to manage for a malicious software/hardware.I think this is a very big problem because a so small the passwords can be copied really very easily .
How to solve this problem?
I think I understand your concerns, but I'm not sure that VeraCrypt (VC), or its configuration, is the total solution for your concerns.
A good administrative computer safety / security program generally has (at least) four (4) components:
(1) Preventing unauthorized access to the hardware; (I.E., Securing, or constantly monitoring access to, the actual hardware -- e.g., motherboard, keyboard and possible cabling.)
(2) Preventing unauthorized software from running on the hardware; (I.E., Preventing "malware" from running alongside / inside your operating system and/or "BIOS Firmware".)
(3) Preventing unauthorized access / modification of your file/data if an "Adversary" gains physical access to the computer, or remote access to the Operating System; (I.e., Utilizing multiple layers of proven encryption, with software based upon "open standards" -- e.g., "VeraCrypt".)
(4) Ensuring you have established a good "data backup" protocol. (I.e., "Automatic" backups, with multiple backup copies, in multiple locations.)
The best encyrption sofware ever developed, using the best, longest, most random keys possible (#3), will offer little or no protection unless the other three components are present and adequate!
You seem to be concerned that VeraCrypts' suggested / allowed "Password Lengths" and "Key File Sizes" may be unsuficient to prevent easy transmission of keys and key-files to an adversary; transmission to an adversary, over the internet, from your computer. (You specifically mention the possibility of compromised ("malicious") software / hardware.)
Regarless of how many characters are "keyboarded" into any key/password "entry box", and regardless of how many bytes of a "key file" are scanned/inputted, the combination of those two data sources will be eventually, mathematically, be reduced to only 256-bits (32-bytes), the standard key-size that all of VeraCrypt's encryption cyphers use! It is not possible to increase system security by using longer values, or preventing an adversary from transmitting (or storing on your hard drive / EEPROM chips) those 32-bytes once they have somehow been "compromised".
Basically, once an adversary has gained physical access to your computer and tampered with the hardware, or installed malware that will run inside/along-side your operating system, it is IMPOSSIBLE for any encryption sofware to ABSOLUTELY prevent hard/soft-malware from stealing your encryption keys! Then, if the adversary can gain local or remote access to your encrypted drive, the data itself cannot be protected.
This does NOT mean you can't make it VERY HARD for an adversary; hard enough to block/discourage almost any adversary, short of a large, well funded "corporate / state adversary."
First, pysically secure your computer! At the very least, keep it in private locked location when you are not present. If your security is really important, use a laptop computer AND KEEP IT WITH YOU AND UNDER CONSTANT OBSERVATION AT ALL TIMES!
Next, install good "malware" idenfication / prevention software, and keep it regularly updated!
Next, encrypt your operating system. This will prevent an adversary, who gains access to your hardware, from easily installing soft-malware that might steal and then transmit (or HDD store) your key(s).
Next, remove the "boot loader" from the first track of your operating system's hard drive. Instead, carry a copy of that boot loader with you (possibly as the "rescue disc", on a "mini DVD-R", in your wallet). Use your portable "boot loader" when you need to start your encrypted operating system. (This procedure prevents a sneaky "Evil Maid," or "black-bag intruder" from modifying your boot loader; modifying the loader to secretely steal your key and store it on your HDD for later retrieval.)
Next, whenvever possible, use a "key-file" or "security token" when you boot your encrypted operating system. This helps ensure that, just in case an adversary has installed a "hardware key-logger" in your hardware (BIOS) / keyboard / cabling, your adversary's possession of ONLY the "Key" will be insufficient to gain access to your data; you will still have physical possession of the necessary "key file" (hopefully on your person, as a "token" or "mini-DVD-R", again possibly in your wallet).
Next, prevent unneeded volumes / containers of encrypted data from being "mounted," or remaining "mounted", unless the contained data is immediately needed. (VeraCrypt has options to only mount those data volumes / containers that you need, and to automatically "dismount" them, and automatically erase keys, in a variety of circumstances ("not needed", computer entering "power saver modes", etc.). Use such administrative protocols, and these VeraCrypt features, to minimize the possibility that any unknown hard/soft-malware might gain access your data/keys.
Finally, VeraCrypt offers the option of storing any needed keys in an "encrypted" format in RAM! While stored in this encrypted format in RAM, such keys are useless to any hard/soft-malware that might be present. The encrypted keys are only, very briefly, decrypted when actually needed for specific tasks.
No safety and security protocol can provide absolute safety and security. However, the questions and challenges you mention in your post have been considered, and analyzed, by many, MANY "security professionals" over the past three to four decades. The designers and user-community of VeraCrypt have incorporated and tested features that are considered very effective at minimizing the "attack surface" of VeraCrypt and your valuable encrypted data.
(I hope, that if any "VeraCrypt Developers", or established members of the "VC User-Community), have any other suggestions, or if I have possibly misunderstood or omitted some of VC's feature/ options, they will jump in and assist Denis in these matters.)
In closing, Denis, (1) establish (written) safety and security protocols; (2) test those protocols, (3) practice and establish a strong pattern of using the protocols, (4) periodically evaluate changes in your situation and the available "best solutions"!
The problem is that following all your points there is a big weak point in the system because you have to trust the operative system and the hardware . I don't want my security is founded on the trust of the operative system and the hardware and I really think it is not a good advice to trust the operative system and the hardware.
To make my system secure I have to suppose my operative system is malicious and want to transmit my passwords .
Thinking how to avoid this possibility the only way I found is to make a very large password .
I don't want a low probability that my system can be hacked I want a proof that my system can not be hacked!
How much large the password must be? The password must be changed everytime we reach the transmission size . If the system can send 1GB in one day we have to change the password everyday .
It is not a contradiction to let a not trusted operative system to access a private content because the private content can be enough large that can not trasmitted because the comunication channel is not enough large.
It seem strange to me that there are not system to solve this problem.
Denis
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If, for example, Intel's hardware-design (e.g., the "Chipset"; the "CPU") and/or Microsoft's "closed source" OS-design ("Windows") is either defective (zero-day bugs) or intentionally designed with "backdoors," in possible "collusion" with the US National Security Agency (NSA), then the procedures I outlined to protect the system (hardware and OS) from "after the fact / after the design" corruption would offer no protection from such "big-corporate"/"governement" adversaries. (I said as much in my original post. ) SUCH SYSTEMS (HARD AND SOFT) WOULD BE COMPROMISED FROM THE MOMENT THEY LEFT THE ORIGINAL MANUFACTURING FACILITIES (or were later intercepted and tampered with during cargo transport)! There is "circumstantial" and "documentary" evidense (i.e., "Snowden Files"; "ShadowBrokers" NSA-tool dumps; manufacturer "non-denial 'denials'") that the NSA engages in all such activities!
The best that I, personally, can do is try to prevent other types of "adversaries" from compromising my hardware and software. And also prevent any important compromised data from being "exfiltrated" to an adversary; exfiltrated via internet or physical media.
(For my own use, I have two "high security" "open source" (i.e., "Linux") systems that are encrypted. One system is ONLY used to gather or send limited, lower-value data through well-controlled internet connections (Tor over VPN) with hard-firewall control of exterior IP-addresses. The second system, for higher value data, is entirely "air gapped"; no network connections whatsoever! For both systems, all of the USB and firewire ports are physically blocked/locked-out. When I need to transfer any files/data onto or off of either system, that is only done via writing, and then "closing" (i.e., "read-only") optical media; after use, the optial media is first "cross-shredded", then the fragments are "microwaved" on high-power for 20-30 seconds, destroying the metalic data layer -- NO DATA RECOVERABLE!)
Your proposed solution to prevent/detect "exfiltration" of your "password" on your internet connection ("make a very large (10GB) password") does not appear to be a solution. As I previously mentioned, if an adversary has complete "internal access/control" of your systems, that adversary could obtain the condensed 128-512 bit (16-64 bytes) internal encryption keys (derived from the "password hash"), and instead "exfiltrate" those few, easily disguised bytes. (Yes, it is well documented that the US-NSA uses such techniques as attaching small "data packets" to common/everyday data transmissions (e.g., "DNS Requests") to slowly exfiltrate large amounts of data from attacked systems. Your 16-64 bytes could easily be attached to one single DNS request, which would be almost impossible for you to identify or stop.
If you don't want adversaries exfiltrating passwords / data: (1) Physically secure your computer; and (2) "Air Gap" your computer -- do not connect it to ANY networks.
I've been studying crytography (as an "advanced hobby") for slightly over three decades. I KNOW OF NO OTHER METHODS TO PREVENT "EXFILTRATION" IF YOUR HARDWARE AND/OR OS HAVE BEEN COMPROMISED.
Denis: "I want . . . proof that my system can not be hacked!"
The US-NSA is considered the premier computer security/insecurity agency in the world. They supply the high-security (i.e., "Top Secret" grade) laptop computers for all major branches of US-Governement and US-Military. Their computers are assembled in dedicated, high-security factories, using custom, NSA-designed "chipsets and "CPU's". They utilize their own "closed source" high security versions of UNIX-based operating systems. They use the best encryption they can design to secure the hard drives on their systems. They use "multi-factor" authentication (passwords + physical "security tokens") to access the contents of all their computer systems.
You cannot expect (you, being an "amateur, part-time, cryptography user") to be better, or create better security, than the US-NSA. Can you, really?
With all of the NSA's "best in the world" security, the NSA has repeatedly had massive amounts of data "exfiltrated" from their own systems over the past decade (e.g., "Snowden Papers"; multiple "ShadowBrokers" data/tool dumps).
Denis: "It seem strange to me that there are not [a solution to my] problem."
BASICALLY, ONCE AN ADVERSARY IS INSIDE YOUR SYSTEMS, AND YOU ALLOW ANY POSSIBLE METHOD OF "EXFILTRATION", YOU AND YOUR DATA "ARE TOAST!"
-- RadMan
Last edit: RadMan 2020-10-18
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am a fan Veracrypt but I have this problem.I want my encrypted data to be secure also in a operative system , in a hardware in an software enviroment not secure .I don't want a point of failure in the hardware or in the software I use ( and for this reason the opensource nature of veracrypt is a very important characteristic ) .
The problem happen when a user mount a volume and put the password by a keyboard . The password can be recorded and it can be sent via internet. I don't want my security is based on the security of the keyboard.
I know that is possible to use keyfiles as password but again the files are limited to 1MB so the system can store and send these keyfiles through internet.Thinking about this problem the only solution I found is a huge password/keyfiles something like 10GB so I am sure it can not be sent via internet and in general is very difficult to manage for a malicious software/hardware.I think this is a very big problem because a so small the passwords can be copied really very easily .
How to solve this problem?
Hi Denis:
I think I understand your concerns, but I'm not sure that VeraCrypt (VC), or its configuration, is the total solution for your concerns.
A good administrative computer safety / security program generally has (at least) four (4) components:
(1) Preventing unauthorized access to the hardware; (I.E., Securing, or constantly monitoring access to, the actual hardware -- e.g., motherboard, keyboard and possible cabling.)
(2) Preventing unauthorized software from running on the hardware; (I.E., Preventing "malware" from running alongside / inside your operating system and/or "BIOS Firmware".)
(3) Preventing unauthorized access / modification of your file/data if an "Adversary" gains physical access to the computer, or remote access to the Operating System; (I.e., Utilizing multiple layers of proven encryption, with software based upon "open standards" -- e.g., "VeraCrypt".)
(4) Ensuring you have established a good "data backup" protocol. (I.e., "Automatic" backups, with multiple backup copies, in multiple locations.)
The best encyrption sofware ever developed, using the best, longest, most random keys possible (#3), will offer little or no protection unless the other three components are present and adequate!
You seem to be concerned that VeraCrypts' suggested / allowed "Password Lengths" and "Key File Sizes" may be unsuficient to prevent easy transmission of keys and key-files to an adversary; transmission to an adversary, over the internet, from your computer. (You specifically mention the possibility of compromised ("malicious") software / hardware.)
Regarless of how many characters are "keyboarded" into any key/password "entry box", and regardless of how many bytes of a "key file" are scanned/inputted, the combination of those two data sources will be eventually, mathematically, be reduced to only 256-bits (32-bytes), the standard key-size that all of VeraCrypt's encryption cyphers use! It is not possible to increase system security by using longer values, or preventing an adversary from transmitting (or storing on your hard drive / EEPROM chips) those 32-bytes once they have somehow been "compromised".
Basically, once an adversary has gained physical access to your computer and tampered with the hardware, or installed malware that will run inside/along-side your operating system, it is IMPOSSIBLE for any encryption sofware to ABSOLUTELY prevent hard/soft-malware from stealing your encryption keys! Then, if the adversary can gain local or remote access to your encrypted drive, the data itself cannot be protected.
This does NOT mean you can't make it VERY HARD for an adversary; hard enough to block/discourage almost any adversary, short of a large, well funded "corporate / state adversary."
First, pysically secure your computer! At the very least, keep it in private locked location when you are not present. If your security is really important, use a laptop computer AND KEEP IT WITH YOU AND UNDER CONSTANT OBSERVATION AT ALL TIMES!
Next, install good "malware" idenfication / prevention software, and keep it regularly updated!
Next, encrypt your operating system. This will prevent an adversary, who gains access to your hardware, from easily installing soft-malware that might steal and then transmit (or HDD store) your key(s).
Next, remove the "boot loader" from the first track of your operating system's hard drive. Instead, carry a copy of that boot loader with you (possibly as the "rescue disc", on a "mini DVD-R", in your wallet). Use your portable "boot loader" when you need to start your encrypted operating system. (This procedure prevents a sneaky "Evil Maid," or "black-bag intruder" from modifying your boot loader; modifying the loader to secretely steal your key and store it on your HDD for later retrieval.)
Next, whenvever possible, use a "key-file" or "security token" when you boot your encrypted operating system. This helps ensure that, just in case an adversary has installed a "hardware key-logger" in your hardware (BIOS) / keyboard / cabling, your adversary's possession of ONLY the "Key" will be insufficient to gain access to your data; you will still have physical possession of the necessary "key file" (hopefully on your person, as a "token" or "mini-DVD-R", again possibly in your wallet).
Next, prevent unneeded volumes / containers of encrypted data from being "mounted," or remaining "mounted", unless the contained data is immediately needed. (VeraCrypt has options to only mount those data volumes / containers that you need, and to automatically "dismount" them, and automatically erase keys, in a variety of circumstances ("not needed", computer entering "power saver modes", etc.). Use such administrative protocols, and these VeraCrypt features, to minimize the possibility that any unknown hard/soft-malware might gain access your data/keys.
Finally, VeraCrypt offers the option of storing any needed keys in an "encrypted" format in RAM! While stored in this encrypted format in RAM, such keys are useless to any hard/soft-malware that might be present. The encrypted keys are only, very briefly, decrypted when actually needed for specific tasks.
No safety and security protocol can provide absolute safety and security. However, the questions and challenges you mention in your post have been considered, and analyzed, by many, MANY "security professionals" over the past three to four decades. The designers and user-community of VeraCrypt have incorporated and tested features that are considered very effective at minimizing the "attack surface" of VeraCrypt and your valuable encrypted data.
(I hope, that if any "VeraCrypt Developers", or established members of the "VC User-Community), have any other suggestions, or if I have possibly misunderstood or omitted some of VC's feature/ options, they will jump in and assist Denis in these matters.)
In closing, Denis, (1) establish (written) safety and security protocols; (2) test those protocols, (3) practice and establish a strong pattern of using the protocols, (4) periodically evaluate changes in your situation and the available "best solutions"!
Also, you might want to examine the documentation on the "Security Model / Limitations of VeraCrypt" at https://www.veracrypt.fr/en/Security%20Model.html, as well as the "Security Requirements and Precautions" for using VeraCrypt at https://www.veracrypt.fr/en/Security%20Requirements%20and%20Precautions.html.
Please let us know if you have any questions, or need expansion / suggestions regarding protocols.
Best of luck, -- RadMan
Last edit: RadMan 2020-10-18
Thank you RadMan for your answer.
The problem is that following all your points there is a big weak point in the system because you have to trust the operative system and the hardware . I don't want my security is founded on the trust of the operative system and the hardware and I really think it is not a good advice to trust the operative system and the hardware.
To make my system secure I have to suppose my operative system is malicious and want to transmit my passwords .
Thinking how to avoid this possibility the only way I found is to make a very large password .
I don't want a low probability that my system can be hacked I want a proof that my system can not be hacked!
How much large the password must be? The password must be changed everytime we reach the transmission size . If the system can send 1GB in one day we have to change the password everyday .
It is not a contradiction to let a not trusted operative system to access a private content because the private content can be enough large that can not trasmitted because the comunication channel is not enough large.
It seem strange to me that there are not system to solve this problem.
Denis
Hi again Denis:
Yes, you are correct.
If, for example, Intel's hardware-design (e.g., the "Chipset"; the "CPU") and/or Microsoft's "closed source" OS-design ("Windows") is either defective (zero-day bugs) or intentionally designed with "backdoors," in possible "collusion" with the US National Security Agency (NSA), then the procedures I outlined to protect the system (hardware and OS) from "after the fact / after the design" corruption would offer no protection from such "big-corporate"/"governement" adversaries. (I said as much in my original post. ) SUCH SYSTEMS (HARD AND SOFT) WOULD BE COMPROMISED FROM THE MOMENT THEY LEFT THE ORIGINAL MANUFACTURING FACILITIES (or were later intercepted and tampered with during cargo transport)! There is "circumstantial" and "documentary" evidense (i.e., "Snowden Files"; "ShadowBrokers" NSA-tool dumps; manufacturer "non-denial 'denials'") that the NSA engages in all such activities!
The best that I, personally, can do is try to prevent other types of "adversaries" from compromising my hardware and software. And also prevent any important compromised data from being "exfiltrated" to an adversary; exfiltrated via internet or physical media.
(For my own use, I have two "high security" "open source" (i.e., "Linux") systems that are encrypted. One system is ONLY used to gather or send limited, lower-value data through well-controlled internet connections (Tor over VPN) with hard-firewall control of exterior IP-addresses. The second system, for higher value data, is entirely "air gapped"; no network connections whatsoever! For both systems, all of the USB and firewire ports are physically blocked/locked-out. When I need to transfer any files/data onto or off of either system, that is only done via writing, and then "closing" (i.e., "read-only") optical media; after use, the optial media is first "cross-shredded", then the fragments are "microwaved" on high-power for 20-30 seconds, destroying the metalic data layer -- NO DATA RECOVERABLE!)
Your proposed solution to prevent/detect "exfiltration" of your "password" on your internet connection ("make a very large (10GB) password") does not appear to be a solution. As I previously mentioned, if an adversary has complete "internal access/control" of your systems, that adversary could obtain the condensed 128-512 bit (16-64 bytes) internal encryption keys (derived from the "password hash"), and instead "exfiltrate" those few, easily disguised bytes. (Yes, it is well documented that the US-NSA uses such techniques as attaching small "data packets" to common/everyday data transmissions (e.g., "DNS Requests") to slowly exfiltrate large amounts of data from attacked systems. Your 16-64 bytes could easily be attached to one single DNS request, which would be almost impossible for you to identify or stop.
If you don't want adversaries exfiltrating passwords / data: (1) Physically secure your computer; and (2) "Air Gap" your computer -- do not connect it to ANY networks.
I've been studying crytography (as an "advanced hobby") for slightly over three decades. I KNOW OF NO OTHER METHODS TO PREVENT "EXFILTRATION" IF YOUR HARDWARE AND/OR OS HAVE BEEN COMPROMISED.
Denis: "I want . . . proof that my system can not be hacked!"
The US-NSA is considered the premier computer security/insecurity agency in the world. They supply the high-security (i.e., "Top Secret" grade) laptop computers for all major branches of US-Governement and US-Military. Their computers are assembled in dedicated, high-security factories, using custom, NSA-designed "chipsets and "CPU's". They utilize their own "closed source" high security versions of UNIX-based operating systems. They use the best encryption they can design to secure the hard drives on their systems. They use "multi-factor" authentication (passwords + physical "security tokens") to access the contents of all their computer systems.
You cannot expect (you, being an "amateur, part-time, cryptography user") to be better, or create better security, than the US-NSA. Can you, really?
With all of the NSA's "best in the world" security, the NSA has repeatedly had massive amounts of data "exfiltrated" from their own systems over the past decade (e.g., "Snowden Papers"; multiple "ShadowBrokers" data/tool dumps).
Denis: "It seem strange to me that there are not [a solution to my] problem."
BASICALLY, ONCE AN ADVERSARY IS INSIDE YOUR SYSTEMS, AND YOU ALLOW ANY POSSIBLE METHOD OF "EXFILTRATION", YOU AND YOUR DATA "ARE TOAST!"
-- RadMan
Last edit: RadMan 2020-10-18
Denis:
To help keep things in proper "perspective", please consider the situation depicted here:
https://imgs.xkcd.com/comics/security.png
Computer security always "breaks" at the "weakest link," which is unlikely to be the actual encryption method, software or "password length/strength."
-- RadMan