Hard Drive Encryption and Steganography, looking to increase opsec

[KonstantinosM]

Is veracrypt a good tool? I'm looking for something legit to make it so that everything on my PC is a little more protected. I'm sure that I don't have a lot of unprotected crypto but I feel like another layer of security would drastically improve things.

Say that someone steals my computer or gains access. If it shuts down and everything is encrypted, it would stop the information leak that would cause, perhaps prevent some 2-factor, email + password reset or e-mail change sort of hacks into random accounts that I may have.

So I'm looking for tools that can keep my PC and potentially encrypted while in an off or locked state. Same for external HDDs.

Any recommendations?

The first thing I found googling was veracrypt. Is it any good?

[DdmrDdmr]

<…>

If you’re using Windows 10 pro or enterprise, you can use Bitlocker which comes with the system. You need to have a TMP (Trusted Platform Module) on your computer, but it seems you can bypass the TMP requirement applying a Group Policy change. The solution is Microsoft’s so there’s that (i.e. allegedly there are no backdoors, but once cannot be certain). You can encrypt removable drives (usbs,drives).  I personally use Bitlocker with on one of my laptops.

Note: I have not looked into veracrypt, so I can’t venture to speak on that particular solution.

[ABCbits]

VeraCrypt is best option, but if you're linux user, you can use built-in encryption option (LUKS or LUKS2)

If you’re using Windows 10 pro or enterprise, you can use Bitlocker which comes with the system.

I wouldn't trust BitLocker since AFAIK it's closed source and has been cracked few times previously.

[DdmrDdmr]

<…> I wouldn't trust BitLocker since AFAIK it's closed source and has been cracked few times previously.

Yes, seen a few claims, and dictionary based attack software solutions. Seems harder to do if the TMP is present (seen some hardware tricks too to try to bypass this), although ideally it should obviously be faultless.

Note: It’s a corporate standard where I’m at. Good enough I guess for prying thieves or stray laptops, but not 100% watertight according to info around the www.

[KonstantinosM]

I just want to say I started with Veracrypt. I'm loving it so far and I'll probably donate to them in the future.

I like how this tool, seems to want to teach you more about security as you use it.

Here's something that popped up that's really relevant to bitcoin:

"Wipe Mode"
"On some types of storage media, when data is overwritten with other data, it may be possible to recover the overwritten date using techniques such as magnetic force microscopy. This also applies to data that are overwritten with their encrypted form (which happens when veracrypt initially encrypts an unencrypted partition or drive).

According to some studies and governmental publications, recovery of overwritten data can be prevented (or made very difficult) by overwriting the data with pseudorandom and certain non-random data a certain number of times. Therefore, if you believe that an adversary might be able to use such techniques to recover the data you intend to encrypt, you may want to select one of the wipe modes (existing data will not be lost). Note that wiping will NOT be performed after the partition/drive is encrypted. When the partition/drive is fully encrypted, no unencrypted data is written to it. Any data being written to it is first encrypted on the fly in memory and only then is the (encrypted) data written to the disk"





Personally whenever I encrypted a file in the past I felt a little silly, knowing that someone could just use testdisk and find the unencrypted data there. This addresses this issue to a certain extent.

edit: typos

[Aveatrex]

snip

Veracrypt is pretty good from my own experience.Just please don't forget your password when you encrypt your hard drives like I did once (learned it the hard way I guess) it wasn't a hard drive but just a file and I lost some ETH during this dumb process but at least now I'm convinced that you truly cannot breach a legit encrypted file

[PrimeNumber7]

Say that someone steals my computer or gains access. If it shuts down and everything is encrypted, it would stop the information leak that would cause, perhaps prevent some 2-factor, email + password reset or e-mail change sort of hacks into random accounts that I may have.

I want to point out that if your computer is "on" (and unencrypted) when an adversary gains access to your computer, your adversary may be able to obtain the decryption keys that are being stored in RAM (memory). If an adversary gains access to your decryption keys, they can later bypass any full disk encryption you are using fairly trivially.

This means if your computer is "on" (and your hard drive is unencrypted), you will need to be warned long enough in advance for a) you to react to the warning to understand what is happening and start (and) b) either cutoff power or shutdown your computer (which may involve physically removing the battery if using a laptop) before an adversary will be in a position to physically separate you from your computer.