2-stage encryption
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I have a number of hard disks with 2 nested encryptions: the disk itself (no partition) is encrypted with VeraCrypt; inside it there is a file encrypted with TrueCrypt. No problem ever.
Recently I tried to make a 2-stage Veracrypt-only encryption (i.e. both the disk and the inner file encrypted with VC), but Veracrypt doesn't work: once encrypted and mounted the disk, it takes forever to create the inner file. I never got to see the end of the process.
Why is this?
What size is the encrypted disk and what did you select for the filesystem?
What size is the file container you are creating within the encrypted disk and the filesystem?
Which format did you select for file container? (Full, Quick, Fast)
Are you using a custom PIM value for either or both disk and file container?
You understand that when you are encrypting within an encrypted volume, you are doubling the CPU workload and doubling the disk read/write processing.
Last edit: Enigma2Illusion 2024-08-31
Hi,
the disks are usually formatted in exFat (since in it there is only one gigantic file and no cluster waste); the most frequent size is 2TB.
I usually do this to new disks, so I create the external container with Quick format.
the inner file (which exact size determination requires a lot of trial-and-error work) is the maximum size within the encrypted drive; usually it is NTFS.
I use a 256-char password for both volumes, a custom PIM for the VC disk and keyfiles for both containers.
The workload for the CPU (4-core 4770K) reaches its peak when I copy from one such volume to another, i.e. it has to do 2 decryptions AND 2 encryptions at the same time, and it has never reached 100%.
Any opinion?
Thank you very much.
Read my post at the link below to get a better understanding of Quick Format.
.
Hence, it is going to take a long time.
https://sourceforge.net/p/veracrypt/discussion/general/thread/8bf650d8ce/?limit=25#c3c9
Something for your consideration is to use NTFS with a larger than default cluster size to reduce slack space when dealing with a lot of large files vs smaller files and have the NTFS journaling file system which tracks changes before they're written to help with data recovery in the event of a system failure.
That's very interesting! I believed that GUI- and line- usage were equivalent, but now I'm going to test the /FastCreateFile switch and see; unless more recent versions of VeraCrypt (I use 1.25.9) will incorporate this option in GUI too...
moreover, since I have to fill almost completely the inner archive, and after that I fill it up using a file generator, the security problem does not arise, but I avoid writing every sector twice :)
Thanx!
The Fast Create was added to the GUI starting with 1.26.7 version.
The latest version is 1.26.14 and I would recommend all users upgrade to the latest version.
Pay attention to my note at the top before upgrading to 1.26 or newer versions.
https://sourceforge.net/p/veracrypt/discussion/general/thread/8d9f4f9c84/
Mounir has written a utility that will allow you to migrate from TrueCrypt to VeraCrypt that is in the documentation.
Wonderful!
I upgraded to 1.26.15 and made my new 2-stage encrypted disk using fast format and it worked flawlessly :)
Just 2 thoughts:
1. why does Fast Format need 2 minute to complete the format? I don't remember this wait when I used TrueCrypt for my old disks...
(Note: I don't see all the worries about Truecrypt compatibility removed in latest VeraCrypt releases; it just suffices... to keep TrueCrypt installed :))
)
Thanks a lot!
Last edit: antonio esposito 2024-09-08
VeraCrypt by default performs more iterations for the hash than TrueCrypt.
If you have not seen this message when upgrading previous VeraCrypt system encryption, I do not know why this message was displayed or the technical reason for the message.