VeraCrypt & The Demo that will BLOW YOUR MIND!
Вставка
- Опубліковано 3 лис 2021
- In the sequel to last weeks Bitlocker hack. This time I look at VeraCrypt and some of it's unique capabilities. Abilities that will take your breath away. A perfect tool to not only keep your data secure but also ensure your secrets remain secret. As always any questions, or comments feel free to submit them below.
Visit my site at www.Andymalone.org - Наука та технологія
Gotcha beat:
- Store part of your VeraCrypt password in a password manager
- Store the other part of your VeraCrypt password in memory.
- Store one keyfile in your password manager
- Store the other keyfile on your hard drive.
Having no experience with this, I really appreciate your video! And your passion about this. Fun stuff!
Thank you so much and I’m delighted to hear that you found it useful.
i didnt skip a bit. nice narration + explanation. no boring
Awesome, thank you!
thank you good sir! I looked for 30 minutes for a decent explanation of how to hide the volume AND how to FIND it. I appreciate it very much.
You’re welcome and thank you 👍😀
Thank you for this. I'm new to encryption so l learned a lot here. I really appreciate that you answer questions in the comments--so many don't and it's very frustrating when a viewer has questions.
You’re very welcome and thanks for your kind comment. Did you see my three-part series on cryptography on my channel? I think you’ll find it very useful. Have a great day and thanks for dropping by.
@@T-marie-N Hehe no worries. Just be careful :-)
Great video, thanks, straight to the point and well explained.
Delighted you enjoyed it😊
Nice video. It's definitely worth going over the PIM feature - this makes brute force attacks practically impossible as well as being a 2nd factor along with your password. Brilliant design
Thank you for sharing this informative tutorial. One step closer to being able to hide my really good stuff.
Great video, thanks! Well explained
Great video !! Thanks Andy :)
thanks for this stuff, very well explanations
Excellent, I use it to encrypt all my external volumes.
That's a great idea!
If you create a hidden volume, then that hidden volume's survival is at the mercy of the outer volume.
Explanation follows. But first understand that the hidden volume's size must be less than the outer volume's size, because the hidden volume is contained within the outer volume.
Now, if your outer volume is 500 MB, and your hidden volume is 450 MB, then you have only 50 MB of safe, usable space to use in your outer volume.
However, your outer volume will allow you to use all 500 MB of space. Otherwise, it would reveal that you have a hidden volume.
So, in our example, where your outer volume is 500 MB and your hidden volume is 450 MB, then if you use 51 MB in your outer volume, you will overwrite something in your hidden volume.
So once you create a hidden volume, you should avoid using your outer volume (specifically, avoid writing to your outer volume).
And in case you did not connect the dots when our host set a password (or pass phrase) for the outer volume and for the hidden volume...
...be sure that the two volumes use different passwords.
When you tell VeraCrypt to mount your volume, it will not ask you which one. Again, doing so would reveal that you have a hidden volume.
So if you put in the outer volume's password, then VeraCrypt will mount the outer volume.
If you put in the hidden volume's password, then VeraCrypt will mount the hidden volume.
Lastly, if you use a weak password, then no matter how good the encryption is (and VeraCrypt's encryption is as good as it gets), then you are defeating the purpose of using encryption.
To be sure that no one can brute force your password, use at least 12 character (and even that is a bit risky, if a well funded attacker (like a 3-letter government agency) tries to break your password. And if your password is in the dictionary, or you simply added a symbol or a number somewhere, that will not really protect you. And as computers increase in speed, so will the need for the length of your password to contain more characters.
I recommend using two or three words (one being uncommon) to make up a phrase, and add at least two special characters somewhere, for a total of at least 16 characters.
And the three words should not go together in spoken language. For example, "sch%ool bottle pl$asMa" would be a very strong pass phrase, 99.99999999% impossible to crack by any organization, and is easy to remember.
What about comparing file sizes? If the mp4 is 500 GB and you open the outer volume, can someone tell a hidden volume exists based on the used space or something like that?
Amazing video and very helpful info
You’re very welcome and thanks for reaching out
Thank you for this video 😍
You’re welcome 😊
Hello Andy,
Greetings from Costa Rica and this is just hilarios presentation !!!!
Thank you and please keep making really valuable content like this.
Thanks, will do!
Really cool stuff! You talked about inserting VM into the folder, do you like put there the disk or the VM installer and all including?
Why not its just a volume. Create the volume, put a VM inside and then extend the onion further by installing VeraCrypt and keep going :-)
Thank you for the guide
No problem!
Hi i'm a neewbie to this but found your video very helpful. Does encrypting an SSD shorten its lifespan? And is there any point in wiping a portable SSD before installing Veracrypt or will encrypting the drive make it impossible to recover files that have been deleted off it in the past?
No it doesn’t shorten the lifespan. And yes it’s fine to go ahead and install. You may want to consider self encrypting drives that actually come built into the hardware these days. They’re pretty good. Thanks again and all the best👍😊
I know how to create a hidden volume within a volume. However I cannot find any way to create a "volume within a volume within a volume". If I try to create a hidden volume within a hidden volume Veracrypt doesn't allow it.
Excellent presentation, Sir.
Does it mean, that I can upload the mp4 to Google Drive on my HDD , have it sync with cloud (to back it up) and any changes done to it locally will sync no problem? Considering it does not re-encrypt i.e. change the whole 1GB file but just a portion of it, which I modified ? So the syncing is not 1GB every time little change is done to it ?
Yes but read documentation first
wow very interesting thanks for demo
Thanks for watching!
You are a genius, man!
Aw thanks. I try my best 😊
Hello. I have another question.
If I create a 10GB Hidden volume, how to set the size for that hidden volume?
Should I put like 2GB for the Outer volume and then 8GB for the Hidden volume OR vice versa?
I'm confused with this.
Thanks
My friend seriously the best advice I can give you is to read the support pages on the Veracrypt website. This is how I learn and I’m sure you will learn as well👍😊
I've read from faq page, that:
"In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by VeraCrypt is 16 bytes (i.e., 128 bits). The mode of operation used by VeraCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected."
Is that mean if I full encrypt partition, and then someday bad sector occur in that partition, I still can open/mount the partition and backup uncorrupted files inside it?
I ask this because there's a lot of opinion in forums that if bad sector occur, than we cant open it at all, and all data lost. But the others say that we still can open and save uncorrupted files as long we have header backup.
So which one is true? I confused.
Thanks for your question. As I am an enthusiast of cryptography I would not be qualified to provide you with a 100% technical answer here. However, I do know that modern algorithms have defences against corruption built in. Unlike early versions of the data encryption standard. A very good friend of mine called Gideon Samid is an excellent source of knowledge in this area. He has a great UA-cam channel as well. You may want to reach out to him. He is a professor of cryptography. Anyway I’m delighted that you found my channel and I appreciate the question.
@@AndyMaloneMVP Great, thanks for the information
@@d-fault6268 You’re very welcome
Both Veracrypt and Bitlocker use AES in XTS mode, which is suitable for encrypting whole disks and particitions, and won't corrupt a full volume because of a few corrupted sectors .
Veracrypt offers other choices of ciphers, not only AES, I don't know if the same applies to these.
Thank you! What if my computer needs to be wiped clean/reset to factory settings? Will I lose my VeraCrypt files if it’s deleted? When I take my laptop to be serviced, they always ask if anything is on it that I don’t want to lose in case it has to be reset. Is there a way to avoid losing the VeraCrypt files?
Encryption cannot protect you from deletion. I highly recommend that you back up your data before servicing your laptop.
can you give me your opinion on veracrypt vs cryptomator
and for whole disk what do you think about bitlocker, veracrypt, and mac's filevault? I know that's a lot but it would be very helpful to people new to encryption. what's strongest that has aes 256bit
Thanks for your question, I’ll be honest I’m not familiar with cryptonator so I wouldn’t like to give an opinion. Apples file vault is a tried and tested technology and works very well. Also Microsoft a bit locker has been going through a number of changes recently, especially with the windows 11 so if you need an encryption technology for domestic use, and this is great. Other than that you probably want to look for a more professional solution. The best of luck and thanks again
at 4:43 you say that: "standard encryption tools" can break it. Does that include long passwords? I struggle with remembering my passwords and don't really want to onion up. but I also don't want the cops going through my data. I was really hoping I could just do an encrypted drive or partition and call it good.
Modern GPUs can break simple passwords in less than 1 second. If you must use a password. Use a pass phrase like I love the Orville. This will help, however most forensic tools would eventually crack this in time.
I formatted and partitioned my new WD external hard drive to work for both Mac and PC, and I'm wondering what the proper process is to encrypt it with Veracrypt? I also wanted to know how to set it up so I can access the drive on any device whether it has the Veracrypt software downloaded on the computer of not. Is that possible? Or is the only way to unlock the drive via pre-downloaded software on the computer?
I will say to you what I say to everyone. Use caution when using encryption software. Remember your password, key in order to access your data later. And always have a back up just in case. All the best, Andy
what do you mean when you say a standard volume most forensic tools would be able to capture that and break it at 4:40 ? do you mean bruteforce? i thought that if you had a good password you cant break encryption?
A Brute force attack attempts to break passwords by trying every combination of letters and numbers. Most western based crypto algorithms have a recovery key (key escrow) Password based crypto is generally quite weak and can be easily broken.
@@AndyMaloneMVP so why is a standard volume easy to break?
Take a look at the veracrypt support pages. Key escrow is built into most modern crypto systems. Plenty of reading on the web around this topic. Do some research 😊
Hello Dear Sir,
I've really enjoyed your tutorial!
I have a couple of questions.
1) Is it compulsory to take backup of the .mp4 volume?
If the mp4 volume is deleted, will I loose access to the encrypted data?
2) I would be able to access my encrypted data on any device, Only if I use this exact volume right?
So I have to download Veracrypt. Then mount my .mp4 or whatever volume. IS this correct?
3) When I choose the disk space, it will allocate the disk space from my computer Hard drives right?
So will it automatically choose from disk C in windows? Can I change this option to another disk?
Thanks in advance.
Thanks for the comments. Q1 The MP4 volume is just an example. You can give the file any name you like. Good practice to always make backups. 2, Vera crypt would need to be installed on every machine that you want to access the volume. 3, Correct. 4, No
@@AndyMaloneMVP Thank you for the replies.
thank you
You're welcome
Amazing video. Way over my head but I love the concepts you presented. Video and audio were perfect compared to police interrogation videos 😂😂😂 It's actually pretty decent regardless.
hehe that's funny :-D
Is susceptible to the same BitLocker attack where the recovery key is stored in Ram
Is what susceptible?
@@AndyMaloneMVP I was just wondering if it's vulnerable to the same Ram attack as BitLocker is. Because I read an article by Elcomsoft article entitled Breaking VeraCrypt Obtaining and Extracting On-The-Fly Encryption Keys
What happens to locked files if .mp4 file or volume gets deleted? Great vid love it.
You loose it. Encryption does not protect you against deletion unfortunately.
@@AndyMaloneMVP guess i ll have hide it after encrypting. Thank u fr ur quick reply. 😊
Yes
Hello there :) I really like your video thank u so much for teaching us. Is it still best option for usb drive , i was using Sandisk secure access before. What is the best software for usb drive in 2023 in your opinion?
Honestly, if you can use hardware based, encryption often comes with many USB devices now. That’s the best option 👍
@@AndyMaloneMVP Thank you for replies, have a nice day
Way above my head. But what a pleasure to listen without having to try and drown out the music. do you do a simple version for people with simple minds IE., me😀
What are kind compliment, thanks so much. 👍
I feel like an idiot. I always believed that a drive, or SD card that was encrypted using Disk Utility on my Mac was secure. I had no idea that a forensic expert could break into and have access to my material. So am I correct in my understanding that encryption only works outside of a government expert? Thank you very much.
Hello,
I don't remember which exact cloud service I've used to back up my veracrypt container (probably Sync) but the file ended up getting corrupted once the cloud service synchronized it. Any idea why that happened? Regards.
No sorry
@@AndyMaloneMVP Thanks anyway, have a nice weekend.
Hi I have a full drive with data. If I use Vera Crypt can I encrypt it - after the fact?
I believe so
OMG my MIND got BLOWED! ;)
I hope not too badly😂🤣
can you make a video on windows10 on a usb hidden partition
I'd love to but I'm a mac guy sorry.
Andy, at 4:40 you made the claim that "forensic tools can break it". What did you mean by this exactly? Can you provide evidence (eg, a video link) or another source to prove this?
I make no claims and no guarantees. However, Passware forensic is a well known tool that can break single layer encryption. Details via there website.support.passware.com/hc/en-us/articles/115002145727-How-to-decrypt-Full-Disk-Encryption
@@AndyMaloneMVP Thank you for the timely response. It appears these are not flaws in Veracrypt, but other attacks entirely
is there a performance penalty to doing this
No
An FBI whistleblower recently admitted to uploading illegal content into Keith Raniere's computer to make it easier to convict him for life. Is it possible to prevent this situation through encryption?
I haven’t heard about that, that sounds very unethical to me, and I’m surprised the judge convicted somebody based on the evidence. Encryption would help, but may not necessarily fix everything as law-enforcement have a forensic tools that could potentially access your data.
considering how corrupt the fbi and the level of sickness Raniere was up to it wouldnt be surprising if the FBI themselves did that to help him. Dont forget how the deep state tried to use that NXIVM sex cult and that stormy daniels whore that had their brand on her hip to attack President Trump.
Outer Volume: 500 mb Inner volume 400 mb. What happens if you put 200mb data to the outer volume= Would it override the inner volume?
No they are treated a separate volumes
@@AndyMaloneMVP I think you gave this person bad advice. The VeraCrypt manuals clearly say and warn you that unless you use safe mode (which is when VeraCrypt detects the "safe" writing area after you put BOTH passwords and only allows writing to it), putting too much data inside the outer volume WILL overwrite and corrupt data inside the hidden volume, because the whole point of it is to be indistinguishable from random useless noise, VeraCrypt can't know if the outer volume is 100% safe to write to or it has hidden data within the 400 out of 500 MB and it must not overwrite it. Thankfully VeraCrypt has a lot of warnings to minimise such human error.
@@supernovaw39 thanks so much for the feedback I really appreciate it. This is the reason why I don’t offer personal technical support and clearly recommend that you contact the vendor. This was simply meant to be a demo which was done done in a demo environment.
@@supernovaw39 thanks so much for the feedback I really appreciate it. This is the reason why I don’t offer personal technical support and clearly recommend that you contact the vendor. This was simply meant to be a demo which was done done in a demo environment.
i know the password i used, but it keep giving me error messages, anyway to fix this?
No I’d check the support pages and forums😊
Great video! Although struck me as funny that an esteemed Microsoft professional uses a Mac (and not Linux pc which is obviously better)
Can you do A video on how to use a Yubikey 5 NFC with veracrypt I gues you have to use the PKCS #11 Libary
I’d love to, but I’m a Mac user and no longer use these products.
@@AndyMaloneMVP I can find plenty of videos on veracrypt and on yubikey but not one to use them together. What do you use for encryption
How do you get past the S mode in Windows???
You don’t sorry
seriously?@@AndyMaloneMVP
Can you get the same objective with Android?
I don’t know
Can we try? I've seen a few videos however you are the only one who goes step by step and really explains it well. Please
@@philrose7716 I appreciate the request, I really do. I’m really a Microsoft 365 guy, and to be honest, this video was recorded quite some time ago. I’m not really an android person as you can probably tell. I use mostly Apple. But thanks for the request and again my apologies for not being able to assist. I hope you’re enjoying the rest of my content though 👍
is VeraCrypt free to use?
Yes
I'm sorry I have to ask, why do you have Edge on a mac? you willingly installed microsoft edge? that's a first 😅
Why are you sorry🤪 It’s a dam good browser
excellent video. im surprise this only has less than 3,000 views?
To be fair I’ve only been doing this for about a year in earnest. So I’m just trying to build up my channel, but I really appreciate your comments and your visit.😊👍
I mean they could beat you to a pulp to get the inner volume password....I guess you can put in stuff that is meant to be just secret enough to make them think that they hit the true secrets
That's exactly the idea! It should all be deception: imagine the outer volume full of files (for example thousands of mp3 songs) and the inner volume disguised as one of them. Good luck figuring that out!
You create a 500bm external volume, and a 450 mb internal volume, so when you log into the external volume it shows only 50 vb of free space, but when all volumes are closed, the file shows the full 500 mb, this is very suspicious for those who want to know more about you).
And actually this is the problem of all encryption programs, they (files) cannot be hidden in your OS and can be found in every part of it. So why do developers create this illusion of information security? Why can't they create an operating system where there is no chance of tracking hidden files within each OS...? is the big question, but I think we know the real answer.....
I was kinda excited to see something veracrypt can do that will blow my mind. But what you showed is something I figured out when I was 13 or 14 😅
Clearly you’re a genius then 😉
@@AndyMaloneMVP not at all. but cryptography is fun
Broken? 🤭
I would honestly say that if you are serious about security, you need to stop using windows!
Not necessarily. The fact is that Windows is by far the most popular operating system out there for desktop computers. Over the years it has gone through significant security improvements and upgrades. To a point where it is now pretty secure. Witness is now generally come through social engineering, or weak applications. But if you secure the workstation in a secure way, and if you follow a solid defence in depth approach, things are pretty good.
@@AndyMaloneMVP windows is closed source and considering it's manufacturers history of spying, you should not trust it as far as you can throw it. Also, because it is the most commonly used OS, you can be sure that government agencies have direct access to it. Plus, you've got all of those easily implemented, data logging "viruses" on every corner.
Granted, no one is going to really care about Grandma's encrypted recipes, but if you are serious about security, choose a different platform!
No known forensic tool opens a VeraCrypt volume. And if you use non-AES, you're a mug.
Plausible deniability
Ok
@@AndyMaloneMVP I think he means that you have plausible deniability as an added layer of protection when you use a hidden volume.
@@saddestchord7622 I think you’re right
Russian algorithm?🥴🫣 Communists are around you😂
Algorithm.
Sorry one word comments mean little too me. Are you asking a question or making a statement.
@@AndyMaloneMVP All Three.