What is Reddit's opinion of
VeraCrypt?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
BIOS passwords are often poorly implemented and easily defeated by simply pulling out the mobo battery to reset the CMOS.
Windows passwords are laughably easy to just delete or get around.
It's also likely that your password just isn't as strong as you think it is and he's guessing it.
If you really want to lock things down, I'd encrypt the drive with Veracrypt, follow their steps for System Encryption, and make sure the password you use is something strong and non-personal that he can't guess. There is no way around this password, so make sure you do not forgot it, as you'll have to type it in before windows loads. If you forget it, you can't access anything on your computr and will have to wipe it and reinstall windows.
I'd also highly recommend backing up any important data before encrypting the drive.
I think VeraCrypt is close to what you want. You can encrypt (password protect) entire drives or you can create a virtual encrypted disk within a file and mount it as a drive.
Not as easy as setting a password to a folder but still... works pretty well for me.
1) Install a second drive which is >= 4 TB
2) Download and install Veracrypt
3) Create & mount appropriate Veracrypt container(s) on 2nd drive
4) Copy all files from 1st drive into Veracrypt container(s) on 2nd drive
5) Dismount Veracrypt container(s) on 2nd drive
6) Ensure that you will not forget the password(s) to your Veracrypt container(s)
7) Give your friend the 2nd drive
I recommend making a wallet on https://myetherwallet.com, downloading the keystore file onto a usb encrypted with Veracrypt. It's like a cheap but somewhat secure version of a hard wallet.
I recommend only using open sourced software, that way you know there's no backdoors installed in it. Good open sourced encryption would be things like veracrypt. Veracrypt is good for encrypting USBs and files. Linux uses LUKS for full disk encryption, which is open sourced. Also I think linux updates their system more than windows. Back when I was still using windows, I would get like bi-monthly updates. It's not uncommon for me to get weekly sometimes twice weekly updates on my linux machine. They patch their system more frequently, and I check for updates everyday because you could miss one if you only check every so often.
You could use an app like VeraCrypt or TrueCrypt to create a password protected volume on a local drive or a flash drive. Then install a portable browser in that volume to use when you need it.
Change of subject.. Can't recommend this encryption software enough. VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. Oh.. and they accept Monero donations.
Basically, TrueCrypt was open source powerful encryption program that was extremely effective to the point where intelligence agencies we're unable to crack it, until one day the TrueCrypt project was discontinued and the website heavily endorsed using Microsoft's built in BitLocker encryption instead, knowing that large corporations such as Microsoft work hand and hand with intelligence agencies, this was before the adoption of warrant canaries, so we can only assume that this sudden endorsement of a much weaker program was a coded attempt by the developers to tell us that they had been compromised and were under some sort of gag order.
TrueCrypt was discontined and forked off into VeraCrypt.
non ho mai usato un disco attaccato alla porta usb del router ma di base dubiterei della stabilità.
detto questo puoi creare dei contenitori criptati con veracrypt (https://www.veracrypt.fr/en/Home.html) e metterci dentro tutto quello che vuoi.
I wrote a journal in the 6th grade. My stepsister found it three pages in and made fun of me. I stopped writing a journal.
Now I have a log (since three years ago). Basically a text file (org mode) next to my TODO list; it's secured in an encrypted partition (veracrypt). I only log what I did on the particular day: exercise, tasks at work, expenses, progress in books etc. This is useful for two reasons:
- I have poor memory and forget what I did last week, when someone asks. Thanks to the log, I can look it up.
- It helps with establishing habits. For example, I exercise every day, so that I can write it down, because future me would be disappointed with present (past) me, when reviewing the log. I sometimes make statistics to see progress (it's also helped me realize that I did actually meaningfully contribute at work, even though I didn't realize it).
I could use 3rd party services instead, but I've been disappointed with some (last.fm, endomondo becoming more commercialized), and there are privacy risks, when someone else is in control of the data (security breaches aside, the user is the actual product more often than not).
We use VeraCrypt on any laptops crossing boarders. Plausible deniability through hidden volumes. Suck it, Mr secret agent man.
Not that I'm ever carrying secret squirrel data (passwords in Keepass DBs sometimes), but I hide any pirated movies or shows on my laptop when flying internationally.
Phones? Meh. I just assume anything on my phone is accessible by anyone, and act accordingly.
Hasn't happened yet, but company policy is to scrap any device that gets taken away for examination. Who knows what cyber cooties it's been infected with.
> You should make sure you remember your email, master password, and your 2fa recovery code. Perhaps print them out and store them somewhere safe? Or keep them in an encrypted archive and make sure you have a copy offsite. > > I would also highly recommend backing up your vault occasionally, just in case. You can search this Reddit for how to do that (depends on your OS and device a bit).
For the latter, I would recommend exporting the vault to an encrypted VeraCrypt container. You can then backup the container like a regular file (external disks, cloud storage, etc).
The closest things would be:
- https://en.wikipedia.org/wiki/ECryptfs
- https://en.wikipedia.org/wiki/EncFS
- https://www.veracrypt.fr/en/Home.html
The thing to remember is that these tools work together. If you mount an encrypted file system in a public area, then the encryption does you no good. So you would need to make sure that your DAC is set up to ensure that only the person or group with an interest in that data can see it.
Otherwise, you will want the encryption to be baked directly into the software working with the file.
If you're looking for something portable, that works with multiple OS's try VeraCrypt (a continuation of TrueCrypt). It doesn't do individual file encryption but will let you create an encrypted container to store files and folders in.
There are pretty cool encryption tools and methods available. https://www.veracrypt.fr/en/Home.html
However, if the border agents find you using one of these tools, you're immediately in the very suspicious category.
It really is. It was painless to setup and worked perfectly using Paperless Share. Documentation is also phenomenal and had a huge boon in the form of recommended workflow to help people getting started (me).
The only real gotcha I found was that it does not offer any security for the actual data you ingest. This is an issue with almost all the other selfhosted DMS solutions I found but its kinda a big one. It's one thing to be ingesting/OCR'ing receipts but once you start scanning tax documents and mortgage contracts there is a lot of sensitive data just sitting in plain text somewhere.
My current "workaround" for this is storing the entire app and data inside a Veracrypt partition...this doesn't do much for security while the partition is mounted but at least it becomes secure if the server is turned off or I unmount the partition. I wish there was more that could be done.
Its not about the setup, the hard thing is continously managing and securing it. This is no easy thing to do. Its probably better for you to use existing services. Use a secure trustworthy mail provider like posteo.de , maybe a mail relay like anonaddy.com in front of it for mail. For storage you can use one of the existing providers and just store an encrypted container in it by using something like veracrypt.fr ...
You may be interested in Veracrypt: https://www.veracrypt.fr/en/Home.html
Alternatively, build a dedicated machine for backups using something like FreeNAS that handles all the encryption for you. You can even have it automatically back up (encrypted) data to cloud storage so you don’t have to worry about floods, fires, etc destroying all your data.
As redditors have advised - Blame it on a virus, you noticed pop ups, computer slowing down, started noticing random files and folders being created.
Secondly, I advise installing Veracrypt - It's an encrypted container that has the option of setting up an hidden volume.
For example - If you are forced to open your shipping container, your secrets are exposed (normal Veracrypt volume).
However, you plan for the above, and you create a secret hidden area inside that shipping container that is physically impossible of exposing unless you want it exposed (hidden volume container).
So someone opens your shipping container and finds everyday items, nothing special...But you know there are little secrets hidden inside that oh-so-innocent volume.
Message me if you need more info.
Or come clean and have the adult conversation with your parents...Easier said that done.
I would suggest creating an encrypted disk with your operating system's tools and not relying on the drive itself to have any encryption worth anything. As an alternative to the operating system tools, you can try VeraCrypt.
You have some options for scanning receipts. I use a combination of the below:
- Google Drive's receipt scanner: The google Drive app for phones, comes with a "scan to Drive" shortcut or widget that lets you scan receipts with your camera directly to Google Drive. It automatically crops and bleaches the image to black-and-white, so it is only appropriate for actual receipts- but it lets you scan your receipts on the go, and then trash them.
- Bulk scanner- more expensive, but more versatile. Lets you quickly scan medical invoices or receipts, and you can choose where to store them. I scan them to local disk, and then dump them to an encrypted bucket maybe a few times per year. The encrypted file is synced to the cloud as a backup.
I believe Veracrypt (sort-of successor to Truecrypt) is able to encrypt a disk in-place, which offers the benefit of not needing to move the data before encrypting and ensuring that the plaintext is overwritten during the process. It also lets you use whatever filesystem you want and works on both Linux and Windows (maybe Mac not sure).
edit: It also allows for hidden volumes, meaning the fact that an encrypted volume exists on the drive can be hidden.
I don't think free cloud storage that respects your privacy exists. You could use VeraCrypt to create encrypted file containers, then upload them somewhere like Google Drive.
Yes, it is certainly possible. You need to consider the platforms you want to de-crypt on as well. If you're encrypting USB sticks, you most likely are after a cross-platform solution. I personally like to use Veracrypt.
Use a program called Veracrypt.
It can encrypt a flash drive, an entire hard drive, or just create an encrypted "container" file that you can move around like any other file, and add and remove contents from like a virtual flash drive. It doesn't even need installed and can run from a flash drive if you have to.
You can use several different encryption algorithm's, or mix and match. Just don't forget the password...data is unrecoverable.
Obfuscation is not a great way to secure files.
If you have a thumb drive you should consider fully encrypting it with something like https://www.veracrypt.fr/en/Home.html, if you are on windows or Mac OS (most modern Linux distros have such tools built-in).
You will only be able to mount the drive and access its data if you know it's passphrase.
You can then also an image of that disk and then save it some where else as a backup.
If complete privacy is your goal, I would look at setting up encrypted shared drives instead. An approach like this would prevent even the administrator from evening viewing the files. Something like VeraCrypt The only risk is if you loose the key there is no recovery.
> Surely this would mean she'd be able to see all my personal photos without my permission, using Backblaze (even though I thought my photos were locked by my Windows password)
Yes, just like someone could use one admin account to take over access to another and its files (without your permission) or boot your computer into an alternate operating system (like Linux) and access the files that way, or physically remove the hard drive or other storage device and plug it into another computer to access the data there.
If you're worried about someone else accessing your files, relying on the use of different Windows accounts / passwords on the same machine isn't buying you much. This isn't really an issue with Backblaze per se, just the way local Windows accounts and NTFS filesystem permissions work.
If you're worried about someone you share a Windows PC with accessing your data, you need to think about storing it exclusively in a cloud account (Google Photos, iCloud, etc.) that only you have access to or finding a way to encrypt the data such that accessing it requires knowledge that only you possess (like a password / passphrase). This can be achieved with something like https://www.veracrypt.fr/en/Home.html
Have a public journal on paper and a private journal that's ENCRYPTED on your computer. Assume that your public journal will be read at some point. Don't even tell anyone about the private journal. VeraCrypt is your friend.
EDIT 1: You could also lock your journal in a portable safe and carry the key with you 24/7. The only problem is that you'll run out of space, so you'll have to burn the journals when you're done with them.
> Файлы на диске можно шифровать с помощью
https://www.veracrypt.fr/en/Home.html и никаких битлокеров
> Используйте мессенджеры, которые позволяют шифровать переписку
и не требуют телефона
> Fastmail
Юрисдикция Австралии, т.е. одна из худших в отношении к privacy
Instead of TrueCrypt, I suggest using VeraCrypt, which is based on it but fixes vulnerabilities (and is still being worked on AFAIK).
It supports mounting TrueCrypt volumes too so I don't see a reason not to get it instead.
Also has command line options like TrueCrypt.
Alright, I think I have some answers for you.
Looking at the fist link to busy.org in the torrent description, the author mentions VeraCrypt, a popular encryption tool that replaced TrueCrypt.
They made a few other posts on busy.org.
Skimming over their posts yields these passwords:
'Layer_2-container.axx' password:
> 8JYIy&BRIkLi<7mku]nJGRS9YXwXs#udwvCr]MTV02"8@J0c%9ZC/*t7'r&@W
'Preview_Documents.container' password:
> *CZ4=I{YZ456zGecgg9/cCz|zNP5bZ,nCvJqDZKrq@v?O5V$FezCNs26CD;e:%N^
It looks like they haven't received enough donations to release the remaining keys.
If you want full disk encryption for Windows 10 look at VeraCrypt. It’s the continuation of the TrueCrypt code base. TrueCrypt’s code was fully audited at one point, and while the same can’t be said for VeraCrypt code at least VeraCrypt came from a solid starting point and it’s OSS so the code could be audited.
Not entirely the same use case, but I just use Veracrypt.
Create like a ~100MB encrypted virtual disk. It mounts to the OS as another drive. It's essentially like having a small USB drive self contained in a single file that has strong levels of encryption. Then you can simply put whatever you wish inside of it. Make a few folders inside, and just copy the configs to some text files. Put in private keys for your certs, PSKs for tunnels, or whatever you wish.
If you have a corporate OneDrive, Box, Dropbox or whatever, you can then just sync the file up there. It's obviously not a very scaleable solution if you have a ton of people who need access to it. That being said, I have a bunch of technologies where I'm the only person who actually works on them at that level, so it's always worked for me in those use cases.
Consider encrypting your wallet with something like Veracrypt, if you trust the software. https://www.veracrypt.fr/en/Home.html
I personally am not very coding/cryptography savvy so cant speak about how safe Veracrypt is. Maybe someone can add to this?
Their new download page is at https://www.veracrypt.fr/en/Home.html
Also recommend this. You make an encrypted container that gets mounted as a local drive, then you can edit files within it normally. When you finish working on them, you can dismount it and all the files are safely encrypted.
You can also store your VeraCrypt container in Dropbox/similar.
Veracrypt is free and open source. You should never trust an encryption tool that isn't. It's a continuation of Truecrypt which was formerly the best solution for cross-platform encryption.
Going to disagree with this one. Making your computer totally inaccessible to Ndad is going to piss him off. He's not going to accept being totally denied control, and there's no way to truly prevent him. A better idea is to install a second OS, specifically for the purpose of having part of your machine that other people don't know is there, and can't get into. Please take a look at Vera:
https://www.veracrypt.fr/en/Home.html
Vera lets you take part of your existing disk and create a second disk on it. Windows doesn't automatically know it's there, doesn't show anything, doesn't ask for passwords. So on standard boot up you're looking at the same stuff you've always been looking at. Use Vera to attack the second drive section, and only then can you see the important stuff you've left there.
One biggish caveat with this is that you have to be absolutely careful not to let the sensitive stuff touch your regular drive. If it's in your regular browser history, it doesn't help much if you moved it and deleted it. browse incognito, save directly to the second drive, and don't use the second drive when there's even a chance of being noticed.
You can have a key file only access from any storage (HDD / Flash) with VeraCrypt. Use VeraCrypt to create a secure vault file. Inside you can keep your passwords and key files. It also has plausible deniability ability. Something fancy Ledger Nanos and the likes don't have.
It's also prudent to be using encryption on their systems (mac or pc), especially laptops since they are often in public areas or in cars. It won't prevent them from being stolen, of course, but at least the data can be protected.
If you must use Windows - you only really need Professional if any of the following are true:
- You want to use Bitlocker for disk encryption. There are alternatives to that anyway (like VeraCrypt - https://www.veracrypt.fr/en/Home.html)
- You need to remote desktop into your machine from another machine.
- You need to join a domain (really only applies in a business setting).
- You want access to the group policy tool.
- You want to be on the non-targeted semi-annual channel.
So unless you know what most of those mean - home is probably fine.
See https://www.microsoft.com/en-us/windows/compare for a high level compare.
I suggest using VeraCrypt instead of a RAR file. Create a 20 (or whatever) GB container that you can mount as a drive, add files to and dismount when you are finished. The container can be on a hard drive or portable drive, and the portable version of VeraCrypt can run from a portable drive as well.
Why do you want to loose your files? If you decide to use BitLocker make sure to backup the key!!!
If you want to encrypt partitions, consider using https://www.veracrypt.fr/en/Home.html
You'll probably want to use a third party program like VeraCrypt.
https://www.veracrypt.fr/en/Home.html
There is a client for all the OSes you are using. Once the container is made you can decrypt it in the VeraCrypt program on any of those machine by providing the password and it should mount as a volume.
Protip: Get Firefox as a portable app. It's free, and all the data is stored in the folder, away from your main browser, so you can browse to your heart's content.
If you download stuff, also get Veracrypt. It creates a file on your computer that, when opened with Veracrypt (and a password), shows up like an additional drive. You can store sensitive documents in there, including Firefox Portable.
I recommend that software to everyone, not just to hide stuff, but for other less seedy purposes too, like storing tax documents or christmas gift ideas or whatever.
That's good, keep doing it!
That's what I did for a long time, I had a veracrypt container where I put the CSV and JSON once a month. That container can be uploaded to dropbox and/or other clouds since it's encryption is awesome.
That way if the worst happens you can still download your vault from the cloud decrypt it with veracrypt and add it to another password manager of choice.
When your adversary is a government, you do want to think about what you're doing, and what you're willing to risk. How important are those rated-R Netflix movies?
First things first: If you able to, find out whether Tor usage, and/or VPN usage, is legal in Emirates. If you're not able to find anything definitive, I think you should assume they are *not* legal.
In that case, you want to use /r/tails. When you connect to wifi, Tails will open the connection assistant. Check the box to use a "bridge". This will hide the fact you are using Tor. You will then be free to browse any website you wish without fear that the ISP or local government knows what sites you are visiting.
However! Tor will not work for streaming services like Netflix. For those, a VPN is your only real option. Again, you should check ahead of time whether arbitrary VPNs are allowed. If so, you're fine. But if they have an "approved list" of VPN providers, you should assume the VPNs are surveilling on behalf of the local government.
For videos & movies, seriously consider buying/downloading a bunch of content, and bringing it with you. You can fit a lot on an external drive these days. Create a VeryCrypt hidden volume and put a bunch of your personal family/friends photos on there and maybe some random rated-G movies. At that point, even an IT person who plugs the drive in and looks at the contents isn't going to find anything. (A forensic specialist who is specifically looking for hidden stuff will find that you have a hidden volume, but it will still be encrypted)
Just use VeraCrypt to create an encrypted virtual harddrive. The built in folder encryption feature is fairly useless and can result in data loss when you change your Windows password for example.
It's probably not a good idea to use Bitlocker unless you're and Enterprise customer attached to a Domain for precisely this reason. In a Domain, Bitlocker keys are backed up so an encrypted PC can be recovered.
I suggest VeraCrypt for personal use.
I backup once a month by exporting an unencrypted version of my vault to an encrypted VeraCrypt container. A VeraCrypt container is just a file, so you can back it up however you want. I store a copy on multiple cloud services, as well as on an external disk.
If you know you haven't done any changes to your vault, you don't need to backup.
I looked into it and while I can't test it (I have pro in the VM because home doesn't allow me to install it without an ms account, and of course they don't allow the users of the more expensive version to use the features from the less expensive one, so it's just straight up not available), it does sound like from a brief search that it might mess with Pop!_OS. If you really want to have it, you can try enabling it and then reinstalling Pop if it messed it up, starting from step 14 or by using the "refresh installation" button if it pops up. If you don't want to do this, you can create an encrypted volume on the Windows partition (so you can read it from both systems) using Veracrypt and put your sensitive files in it. It's not as convenient but it has more features like keyfiles and decoy volumes.
>I'm not really too comfortable with exporting unencrypted .json files to my desktop and then encrypting them there. Too many things could go wrong imo.So how about an in-house option that allows for creating an encrypted backup with a password of your choice?
>How do you tackle this issue and how do you back your .json's up?
I export an unencrypted one to a VeraCrypt container.
Another option that doesn't require whole-disk encryption is to use something like Veracrypt to create a virtual encrypted partition (just a plain file when unencrypted). This can be set to auto-mount via user script and a veracrypt docker container and then can be accessed by other containers. And since it's a plain file it can be stored on array/cache/unassigned wherever without issue.
I think this feature is only available in Windows 10 Pro and Enterprise.
But take a look at VeraCrypt: https://www.veracrypt.fr/en/Home.html
That's an OpenSource tool to encrypt drives or Data.
Veracrypt is what i use. It supports encrypted volumes (file containers) or devices (whole disk encryption for hard drives and flash drives). It is open source, forked from TrueCrypt 7.1, which had 3rd party security audits performed.
The backup portion itself is manual, but in terms of security and encryption, it's very solid. In the past I usually take a backup of my password vault either yearly or whenever I'm changing a lot of passwords, or specific important ones.
Maybe you dont have the right windows edition or your TPM Module is not working. I can recommend Veracrypt for this case. There you can encrypt your files into an container with password protection.
In general for win10 home, https://www.windowscentral.com/how-enable-device-encryption-windows-10-home?amp
https://www.veracrypt.fr/en/Home.html
Or buy and use a usb flash drive with hardware encryption.
..
Most users create the encrypted drive first, then copy files to it (encrypting during the copy).
Naturally, if the card is full of files, you'll have to move all the files to another drive, wipe amd encrypt the card, then copy files back. That's just life.
Maybe not exactly what you want but you can take a look at VeraCrypt: https://www.veracrypt.fr/en/Home.html
It basicly creates a virtual harddrive, which will just be a file on your disk, which is encrypted and password protected.
Maybe a Sandboxie (https://www.sandboxie.com/) instance running from within a VeraCrypt (https://www.veracrypt.fr/en/Home.html) container?
This way Sandboxie would isolate the client from the rest of the system (at least regarding registry and filesystem), while VeraCrypt would hide the isolated "subsystem" from anyone/anything else (except besaid one/thing knows the key).
Note: I didn't test this idea, but if set up correctly it should work.
P.S.: Maybe you could use the portable edition (if it's still around) of Sandboxie to have all the things in one place.
The question arises if the program is implementing a strong password-hashing function (source) which will make brute-force ineffective. See e.g. with VeraCrypt:
>VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
Somewhat also answers u/SuppaguyTM question...
I only do it when I've done something stupid or something amazing happens.
It's also really good to do when I'm in a bad situation as allows me to think better.
My biggest tip I would say to making a journal is to write it down as soon as you can. Either at the end of the day, or whenever you have gained access to your laptop again. That way you won't miss out any details of what happened.
​
Finally... If you're going to be writing really embarrassing things that happened or bad thoughts that would make people not like you or question your sanity, you should keep your journal files in a secure place.
For that reason, I use Veracrypt. A free and open source software that can be used to create encrypted folders or encrypt your USB so that you can securely place your journals with ease of mind.
Some phone manufactures like to move around sendings for their custom versions of Android, but typically is found under Settings> Security, and you should find an option labeled encrypt. I highly suggest you full back up your device just in case something goes wrong, and know that the process will take a while to finish, so make sure it is well charged or plugged in while you do it. I would suggest doing this before you go to bed for the night.
For windows there are many options available, one option that comes with some versions of windows (Pro and up) is BitLocker, but that may not be suggested if you don’t have a TPM in your computer or if you are an activist/demonstrator as the code is close sourced and owned by Microsoft.
A great option for windows is Veracrypt, which is a well reviewed code base and open sourced. It is not as trivial to setup as BitLocker, but it’s not that hard. You can find many guides online as well as on the Veracrypt website
It should be pretty straight forward, Veracrypt has good documentation
>To preserve privacy, these backups would obviously need to be encrypted on-device before being uploaded to the cloud. What’s the best way to do this?
As was stated by someone mentioning about VeraCrypt, it's pretty much secure and advanced compared to Cryptomator. What's great about VeraCrypt is as was described:
>VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
(https://www.veracrypt.fr/en/Home.html)
You can create encrypted containers with that of any size of your choosing and put them inside before uploading them.
>protect this from data leakage in case of theft?
The only way to do that is to encrypt the drive. Bitlocker is one option, Veracrypt would be another.
Here's a little reading as well as more recommendations:
Veracrypt. Open source.
https://www.veracrypt.fr/en/Home.html
Not sure if it can create a folder under an existing folder, the way I use it, it maps to a new drive letter, for me I select A: or B: in Windows 7 or 10.
Be prepared to spend some time to 'Read The Fine Manuals' and probably want to create a few test volumes.
When non-encrypted, you cannot see anything.
Don't know about MegaSync, but I have Syncthing read and write into a Veracrypt volume.
I also do the reverse; use SyncThing to share the entire encrypted volume on multiple computers; but you have to make sure only one computer writes to it at a time, or you get a 'sync-conflict'. You probably won't be doing this.
Use VeraCrypt instead as it has stronger encryption schemes than 7zip...
>VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
It would be simpler to use access control/crypto to make sure that nobody is using the computer.
My choice would be Veracrypt, but some versions of Windows also support full-disk encryption.
https://www.howtogeek.com/234826/how-to-enable-full-disk-encryption-on-windows-10/
If you're using full disk encryption, people can even steal your computer and take the hard disk out and they still can't read your files, assuming you've chosen a reasonable passphrase.
I use a VeraCrypt volume. Here is a HowTo for creating a VeraCrypt volume. Can be a file (for uploading to offsite or cloud) or a thumb drive.
Then anytime I want to backup my vault its just 3 steps:
- Mount (unlock) the volume
- Export .json straight to volume *
- Un-mount (lock) the volume.
* If you have any Organizations, make sure to do an export for each of those too.
Don’t use bitlocker, Microsoft can access your encryption key, use VeraCrypt its FOSS (free open source software)
Another thing you could do is just put the files you don’t want him to see in a password protected rar file.
Take the crypto into your own hands and install Veracrypt. You can snag it from here. I'd love to answer any basic questions you may have regarding VC and the encrypted system partition feature you are requesting.
https://www.veracrypt.fr/en/Home.html it wasn't to hard I just openned it and played around with the software till I got working what I wanted.. I didn't use and keyfiles. Just a password. Cause if you lose the keyfiles. Well there's all you data gone forever
>For those that do not support encryption, consider using a software like TrueCrypt.
Seriously? The last fully functional version of Truecrypt was released in early 2012. In addition, various vulnerabilities have been discovered in the meantime. Because the tool will not be developed further, these will never be fixed.
If one recommends such tools one should name projects like VeraCrypt which are actively developed.
so i assume you already have full disk encryption set up in system preferences ->security and privacy -> filevault
for encrypting individual files / groups of files, i would recommend veracrypt (a fork of the old truecrypt).
this is open source, free, and has been independently audited by a third party(last time was in 2016)
(this means that the third party looks for problems and lets them know so they can fix)
https://www.veracrypt.fr/en/Home.html
if you use a decent password, its basically unbreakable (dont forget your password)
(optional feature) keyfiles in veracrypt are a step further, they are like an extra really long password that you store on a usb, or hidden among your files, e.g. you could have 100 photos of your cat on your computer, and the contents of 2 of those photos are used as an extra password, no way for anyone to know which files, your password cant unlock it without those same files
Why not just use VeraCrypt instead as it is FOSS unlike BitLocker which is proprietary?
Also, only because you encrypt your hard drive doesn't mean that what you backup to e.g. sync that it automatically encrypted as well. Two different cases. You have to encrypt them before you synced them up if you want your files in the cloud to be encrypted, that is...
For future refrence if you want to encrypt something use VeraCrypt to create an encrypted virtual harddrive that you can mount/dismount when needed instead of using word encryption which isn't secure and can cause issues like the ones you're experiencing now.
Do you have the same version of Microsoft Office installed as you did on Windows 7?
Personal Sensitive files I encrypt first with Veracrypt. I create as an example a 1 to 4gb veracrypt drive. And create all the necessary folders,etc.. to copy files to. Then mount when I want to add or review contents. Then dismount veracrypt drive and upload the veracrypt container to the cloud. Can use passwords or keyfiles for decrypting. I keep the keyfile on my system as a non-descrip file copied across multiple locations. Local as well as external drives.
Veracrypt is open source and free. Can create multiple encrypted files,folders or actual drives which can be mounted.
I'd highly recommend you at least invest in a cheap GPU to allow yourself to use GPU passthrough. It's definitely worthy of an investment, even if you can't do it immediately. You can get one capable of driving even a 4K display for as low as 120$ on Amazon (RX 570).
That aside, Veracrypt is the best option. It's cross-platform and is the successor to TrueCrypt, supporting the original TrueCrypt mode, if you're into that quality assurance or more features beyond that.
For the record, Bitlocker's implementation is safe, at least in terms of AES encryption. There's no 'backdoor' there. You can even access it on Linux using dislocker, which I've used before, further confirming it's the exact same AES encryption you'd expect. I'd definitely use Bitlocker if and only if, the Windows install I use never has and will never go online.
The problem that arises is you cannot be certain MS doesn't keep a copy of the encryption key (which they certainly do if you have a MS account linked to the install) or if the encryption key was generated to be truly random. Flawed random number generators, or backdoored even, in the case of the Dual Elliptic Curve Digital Random Bit Generator is also possible.
Another fine option you can do if you're on Linux, running a Windows VM is to forego Veracrypt/Bitlocker and create a LUKS encrypted volume and store a virtual windows drive there. That way you don't rely on any potentially flawed encryption methods.
Well that might be because TrueCrypt has known security vulnerabilities and even the creators say "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" right at the top of the website.
You should be using VeraCrypt instead which is a patched version of TrueCrypt. Actually, on that note, you probably shouldn't be posting things like that on Reddit in the first place.
Oh, and if you do stay with him, recommend he install some free encryption software. "Hidden" folders are so 1990's! lol
Windows is also closed source, and yet...
If you're looking for oft-recommended, open source, and cross platform encryption software, see: https://www.veracrypt.fr/en/Home.html
You could download a portable version of Firefox from PortableApps and place it within an encrypted VeraCrypt container.
I do this on my flash drive that I carry around on my keychain. Works great.
It may be kind of off topic, but if you need portable and encrypted storage, have you tried using a standard USB key with a VeraCrypt volume on it?
Seems like you can add VeraCrypt to Tails too.
> If you’re using another method to encrypt the drive like you said then it mitigates it just like FileVault
No. FileVault is an “on the fly” encryption tool, which is what mitigates the issue.
If you use a file-system level encryption (as opposed to pre-boot like FileVault), you have the option to decrypt the whole drive when the system is started, or you can have multiple keys to decrypt individual volume/levels
In this case, my company uses the latter form of encryption for most of the equipment (mainly at the lower level). The IT director, when he first deployed the equipments in my company, he had some systems be decrypted in full when you enter the key. Others equipment don’t have this “feature” and instead have several keys for different directories that you want to decrypt or have no security at all aside from the standard Mac features that a personal user will get. Everything depends on who gets the computer and what they will do with it. A lobby secretary will not get the same level of protection as the CEO, for example.
> You even said yourself other encryption tools work just as well.
Yes, because your original comments make it seem lime if your IT team doesn’t use FileVault then it is setup for failure when you can use similar tools like VeraCrypt (this one is an on the fly encryption like FileVault). I, however, never said I use the same encryption methods.
You've gotten great advice so far.
For your files, I would suggest you learn about VeraCrypt, search YouTube on how to use it. You can use VeraCrypt to encrypt your most important data with a password you only know. If you forget the password there is no reset so make sure don't forget it or use a password manager.
Right, with NVMe... you won't even notice anything ;-) You can activate or enable maybe at BIOS settings, i.e. the encryption thing. Unless you want another software encryption e.g. VeraCrypt.
VPN - NordVPN/ExpressVPN/Torguard
NordVPN: 3年plan冇再平 質素中上
ExpressVPN: 貴啲但係質素最好 有code 買1年送多3個月
Torguard: 質素低的但係最平 同最有彈性 (3個月/半年 plan) 有50% off code for 所有plan
VERACRYPT
密碼鎖hard disk 攞左你隻hard disk都無人可以解鎖到 有需要自己睇點做 https://www.veracrypt.fr/en/Home.html
Lock sim
大家應該都知點做
年卡上網
用年卡上網 無實名記錄 比較安全
Encrypt the device. Use VeraCrypt and use the hidden container feature. Two passwords are used, one decrypts the normal container and one decrypts the hidden container. Fill the normal container, that uses the 1st password, with innocuous things like personal documents/photos/videos. Fill the hidden container with pirated material.
If for some reason you are required to decrypt the device to enter the country, provide only the 1st password. There is no evidence that the 2nd password exists. The entire space of the normal+hidden container is written with random bytes, and the hidden container appears as blank space within the normal container. Be careful not to write more data to the normal container than you've specified should be allocated to it, because you will overwrite the data in the hidden container. There is an option under Mount Options to mount the normal partition and also provide the 2nd password for the hidden container, so that you can safely write to the normal partition while setting it up as a decoy. If you copy too much data to the normal container (called the "outer" container in VeraCrypt) you'll get this message: https://i.imgur.com/9DeGumB.png - and you need to dismount and do a chkdsk on the outer volume to fix it.
If you encrypt the hard disk of the entire laptop, you would need to move all your files temporarily because creating a laptop with a normal and hidden operating system would likely require formatting the entire device.
Use rather VeraCrypt because with that you'll also be safe from brute-force attacks as it's described from their site:
>VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
> Decrypt the file and then compare the archive with the original. I use sha1sum for that.
It's better to use SHA-2 (i.e. SHA-512) than SHA-1.
>The SHA1 hash function is now completely unsafe
>Researchers have achieved the first practical SHA-1 collision, generating two PDF files with the same signature
(Read more here: source)
It's better to check encrypted file's or container's checksum than what you described. In this way, you'll know that the encrypted file have not been tampered with, though if you are afraid that if the encrypted files have been decrypted (e.g. by brute-force) and the files therein been tampered with, then you should do checksum on both the encrypted files and the files inside.
Also, rather than encrypting files individually why not use VeraCrypt where you store your files in an encrypted container? With that, you'll also be safe from brute-force attacks as it's described from their site:
>VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
- Имеет.
- Есть.
Но доверия к встроенному в железо шифрованию нет.
Вот доверенное средство https://www.veracrypt.fr/en/Home.html
Видеоурок Теплицы: как зашифровать системный диск с помощью VeraCrypt
>Can OwnCube's system admins see and access my files?
If the client and the OwnCube software server doesn't have end-to-end encryption solution, then the server admins will have the possibility to see what they have on their own servers. Hence why NextCloud is promising as it offers end-to-end encrypted solution. Otherwise, use VeraCrypt to encrypt your stuff before you upload them.
>Regarding NextCloud, would I simply have to connect to my server via the client (username/password or SSL key) and be able to access my files?
Yes.
>can NextCloud act as an all-in-one cloud solution?
That seems to be so as they have many applications that you can add.
Often the operating system supports it.
For example on a Mac:
https://support.apple.com/guide/disk-utility/encrypt-and-protect-a-disk-with-a-password-dskutl35612/mac
On Windows 10:
https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption
Free software:
https://www.veracrypt.fr/en/Home.html
https://www.veracrypt.fr/en/Home.html
This was Truecrypt. It was forked and re-verified to be secure.
Very powerful, and free. But it will take more than 3 clicks to setup. You sound like you won't have any issues though.
If you encrypt the drive then someone who steals the machine will not have access to the files. There are several options, but Veracrypt is well-regarded. It's the successor to TrueCrypt.
You can rather use VeraCrypt instead of Bitlocker. Say if it's already encrypted with e.g. VeraCrypt and you want to back-up what's in it, you have to back them up after opening the encrypted hdd.
Just encrypt and hide the files in a hidden container file that appears to be a random file with veracrypt
Veracrypt allows you to make encrypted containers look like random files that don't look suspicious
Veracrypt Website: https://www.veracrypt.fr/en/Home.html
I would start scrubbing that computer now. Some tools that may help:
A password manager - This can either be local (Keepass) or cloud based (Lastpass). You then keep the passwords you want to share in this and only need to share one login for your digital presence.
7-Zip - This can create password protected zip folders and files. This would be for content that you don't want to share. Don't put this password in the password manager.
(More Advanced) Encrypted Drive - Get a USB stick or external hard drive. Download Veracrypt. Use Veracrypt to encrypt the entire device and then move anything you don't want to pass on there.
Google Photos - Assuming that your pictures and photos are personal (e.g. not pirated movies), you can upload an unlimited number of them to Google Photos. Google will compress them a bit, but they still look fine. Any documents you want to share can go into Google Drive.