Creating uncrackable VeraCrypt containers for data protection
In one way or another, your enemies, law enforcement agencies, and other citizens who are not indifferent to your data want to access the personal data you so diligently hide.
A strong password or storing files on removable devices is sometimes not enough to protect confidential information from hacking.
Even using BitLocker doesn't guarantee the safety of information!
Cyber security enthusiasts experimented and revealed that the brute force speed for BitLocker volumes is only 860 passwords per second when using a hardware accelerator based on NVIDIA GTS 1080.
But for Microsoft Office 2013 documents, the indicators are entirely different − as many as 7100 passwords per second! It means that on a gaming laptop with a hardware accelerator, a password consisting of five letters and numbers will be cracked in a day.
How can you protect your data from nosy foes? There is one universal solution −the VeraCrypt utility. Only you need to try a little to make the program's protection system as strong as possible.
Today I will share with you VeraCrypt's secret chips and tell you how to protect your data. Let's start!
Table of Contents
Disclaimer: Any illegal use and distribution of the article materials for destructive purposes are prohibited. We are against using the materials of the article to implement hacking and data theft. Our goal is to help protect your data from hacking, not facilitate crime.
What is a VeraCrypt?
VeraCrypt is a free disk encryption software. The utility is designed for Windows, Mac OSX, and Linux operating systems. According to my observations, VeraCrypt is most in demand among Linux users.
VeraCrypt has an intuitive user interface and performs many tasks, namely:
- Creating a virtual encrypted disk in a file
- Device encryption (e.g., USB or hard drive)
- Disk encryption on Windows OS (pre-boot authentication)
- Providing plausible denial in case an attacker forces you to reveal your password: Hidden volume (steganography), remote operating system, etc.
VeraCrypt is a genuinely indispensable program for everyone who wants to protect their data from hacking and theft!
During the research, I noticed that encryption in the utility could be hardware-accelerated on modern processors. You don't have to wait many hours while a disk or a partition is encrypted − now, it will take several minutes.
Well, before testing Vera Crypt's features, let's install it on your computer!
How to install VeraCrypt?
Before making the VeraCrypt utility stronger than titanium, we need to install it on a computer.
First, you need to go to the official website of the utility and download it. The boot file takes up little memory so that you can install it on any disk.
So, you have downloaded the installer file. What's next?
- Run the installer file and select the language you will be more comfortable using VeraCrypt.
- Read the license and agree to the terms of use by checking the box in the left corner. Yes, I know that we usually always skip reading the license and immediately agree. However, this time, break the system and still read the license agreement − it will not be superfluous.
- Select complete installation (first option).
- Select the drive on which you want to install the program. I always install the system utilities on the C: drive, and I advise you to do the same.
- The installation of the program will take a few minutes.
- After successful installation, you will see this message on the screen:
- VeraCrypt is a free program. However, the developers are happy to receive any financial assistance, so follow the link you see on the screen if you want to donate.
I repeat − this is optional.
- After installing the program, you will see a message with a recommendation to read the tutorial.
Don't be lazy to spend a few minutes studying the commands and capabilities of VeraCrypt − this will make it easier for you to navigate the utility.
If you have read up to this point, I can congratulate you on the successful installation of VeraCrypt!
Well, now is the time to learn how to make this encryption giant even stronger.
How to make VeraCrypt invulnerable?
So, first, let's take a look at how law enforcement agencies can access your encrypted data.
As a rule, the most popular way to get the information you need is to take the entire external storage device.
In the investigation, your computer will be seized, but it will not get into the laboratory to the forensic expert. It's the discs that interest the police most of all.
This scenario motivated the developers of crypto containers to think about methods of confronting law enforcement agencies and other individuals who want to steal data. It is known that frontal attacks on crypto containers are ineffective.
Some of their varieties are entirely invalid.
So, how will a criminal expert act when he receives the extracted discs with your confidential information? Typically, it will try to parse the hibernation and swap files first. Suppose you have neglected the security settings of the crypto container.
In that case, the encryption keys will be extracted from these files, and the encrypted volumes will be decrypted without lengthy attacks. However, in some cases, this attack will not work.
A criminal expert will not be able to extract information from a disk if these conditions are met:
- The boot disk is encrypted. In this case, both the paging file and the hibernation file will be encrypted as well
- The computer was shut down as usual (via the Shutdown command) or was taken out in a state of hybrid sleep or hibernation
In other words, if the encrypted volume was mounted at the time of the seizure and the police pulled the plug from the outlet, then the encryption key will most likely remain in the hibernation file.
But if the computer was turned off with the Shutdown command, then the presence or absence of the key will depend on the settings of the crypto container.
I will talk about ensuring the proper level of protection for a crypto container a little later.
- When the computer was withdrawn, the encrypted volume was not mounted.
If the encryption keys cannot be retrieved, the expert will look for them in the cloud or corporate network (for volumes encrypted with standard BitLocker tools). Only after that will a head-on attack − brute-force passwords − be used.
However, implementing a brute force hack will need high technical characteristics of the computer and an unlimited supply of time, which the police have in short supply.
The encryption algorithm
VeraCrypt offers the user five algorithms to choose from (AES, Serpent, Twofish, Camellia, and Kuznyechik) and ten options for their sequential use.
But few people pay attention to the choice of the encryption algorithm. It seems to users that if you choose a chain of two, or even better, three algorithms, it will be 100% protected from special services tabs and the algorithms' vulnerabilities.
However, I do not advise looking for a black cat in a dark room and still rationally approaching the algorithm's choice.
To date, there is only one cryptographically secure algorithm (from those listed in VeraCrypt) − this is AES. Over the decades of widespread use and massive research, this algorithm has not been cracked.
But what does the choice of algorithm affect, you ask? Everything is straightforward − only for the speed of access to encrypted data.
AES encryption uses instructions built into modern processors (from cheap ARMv8 cores to older Intel and AMD processors) to hardware-accelerated encryption. Other algorithms can also use these commands, but...
Everyone uses AES, and only units use other algorithms, so their optimization leaves much to be desired.
For example, the most optimized encryption algorithm Camellia is one and a half times slower than AES in encryption speed; Twofish − is three times; Serpent − is four times; Kuznyechik is four and a half times slower.
What can we say about combined algorithms − they work many times slower without providing additional security.
Okay, we have decided on the choice of the encryption algorithm − it's only AES. But, what else can you do to increase the security of your encrypted data?
Hash functions and number of iterations
For added data security, you need to create a unique PIM code. What is it?
So, PIM (Personal Iterations Multiplier) is a specific set of characters that directly affects the number of iterations that will be used to convert your password into an encryption key.
VeraCrypt calculates the number of iterations (number of transformations) using the formula 15,000 + (PIM * 1000). For SHA-512 and Whirlpool hash functions, the default PIM value is 485, which gives us exactly 500,000 iterations.
The fact is that the computing power, including those of those who will hack your crypto container, is constantly growing.
Despite the sad statistics, our affairs are still not so bad. With VeraCrypt, you can quickly improve your security by increasing the number of iterations.
I must say that an increase in the number of iterations (via a custom PIM value) will slightly reduce the usability (when mounting a crypto container, you will have to enter the PIM number in addition to the password) and, unfortunately, the mount speed will slow down somewhat.
But you should be inspired by the fact that even the slightest change in PIM means a severe headache for anyone who decides to guess the password for encrypted data.
How much will the PIM change affect the mount speed of the crypto container? Let's experiment.
I will test mount times on three PIM metrics − 500, 600, and 1200.
Now let's change the PIM value to 600 and see how much the mount speed changes.
And finally, in the end ─ I use the PIM equal to 1200.
For clarity, I will show you the characteristics of my laptop:
A laptop with similar characteristics will cope with mounting an encrypted file in a few minutes.
The longest mounting with a PIM of 1200 lasted about two minutes − as you can see, it's not difficult to wait. If the specifications of your device are even higher, then mounting will be even faster.
Using a PIM protects your data from hacking and creates many problems for anyone trying to guess a password. It's a pleasure to watch the futile attempts of hackers to gain access to your files, isn't it?
Conclusion
Yes, modern realities oblige us to be on the alert at all times because you cannot predict at what point hackers will decide to hack our data. However, with such a pace of life, you can go crazy, which is unnecessary for us.
There is no need to worry about the safety of confidential information if you use VeraCrypt ─ a universal solution for data encryption.
Thanks to my advice, I hope you can make VeraCrypt almost invulnerable to hackers and law enforcement agencies. Remember that no one has the right to invade your privacy!
Write, did you succeed in following my recommendations and ensuring the protection of VeraCrypt? I will wait for your comments!
Comments
What are your thoughts about using a shorter password in combination with a keyfile vs a long password without keyfile.
Your email address will not be published. Required fields are marked