Ceci est une ancienne révision du document !
It's been about a year since the untimely death of TrueCrypt encryption software. TrueCrypt was the undisputed king of on-the-fly encryption software for many years. Average users, hackers, spies, and even various governments, have used TrueCrypt and relied on it to maintain sensitive, classified information hidden and secure. So, it comes as no surprise that in May 2014, when the TrueCrypt Foundation announced that TrueCrypt had reached end of the line and would no longer be developed, supported or maintained, users in every corner of the planet began to scramble and look for alternative solutions to meet our encryption needs. We, here at Full Circle Magazine, have been doing our best to keep our readers informed as to diverse alternative solutions for encrypting our data. Back in FCM#87, Iain McKeand reviewed a handful of CLI applications that are available for Linux users. We now introduce VeraCrypt, an open-source re-incarnation of TrueCrypt. If you're like me and really miss a cross-platform encryption solution with a GUI, then VeraCrypt is exactly what you've been looking for. Although I use Ubuntu at home, I don't have the luxury of using Linux at work. In fact, I have to use both Mac OS X and Windows at work. This is why cross-platform is important for me. VeraCrypt is an open-source fork of TrueCrypt – developed and maintained by former TrueCrypt developers – which makes VeraCrypt basically the new, updated and improved version of TrueCrypt.
Using VeraCrypt Using VeraCrypt is almost exactly like using TrueCrypt. VeraCrypt's graphic user interface is nearly identical to the TrueCrypt GUI. To begin you must create a VeraCrypt container which is pretty straightforward and simple as long as you follow the instructions given with each new step. VeraCrypt holds your hand and guides you as you create your first container. Your first choice is whether you want a regular encrypted volume or a hidden volume. More on hidden volumes later. You must then select the location for your container. Having selected a location, you then select the type of encryption algorithm you want to use to encrypt your new volume. The choices you have available are AES, Serpent, Twofish, and an additional five permutations based on those original three choices. VeraCrypt gives you a simple explanation of each algorithm in the GUI, and, if you are so inclined, you can click on the “More Information” button which then opens up a web-browser with a more detailed explanation of the selected algorithm. For example, after opening a web-browser you can read about how AES has been approved and used by the U.S. National Security Agency (NSA); this is followed by a technological explanation of why it's been used and approved by the US NSA.
Having selected an encryption algorithm, it's now time to choose a size for your container. Now, we've arrived at perhaps THE MOST IMPORTANT step in creating a VeraCrypt container, selecting a password. The best encryption software in the world is useless if your password can be cracked in less than a minute, which is why creating a strong password is of paramount importance. However, your password is the ONLY thing that will decrypt your container once created; this means that if you happen to forget your password, then you can pretty much forget about ever accessing the information encrypted in your container. So, your password must be strong, but at the same time you can never lose it. What makes VeraCrypt so reliable is that there is nothing, not back-doors, nor VeraCrypt support, nor anything else, that will decrypt your container except for the password that you use when creating the container. Use a strong password but don't ever forget it; I cannot emphasize this enough. VeraCrypt suggests using between 20-64 characters as a password. Having selected a password, you must then format the container. If you will be using this container with multiple operating systems, you must format the container with a file-system that is compatible with the operating systems you plan on using. The FAT file-system is perhaps the best multi-platform file-system as it can be used with Linux, Windows and OS X, but it has its limitations. If you plan to use the container only with Linux, then Linux Ext4 is your best choice for formatting. At this point, you create and encrypt your container. Depending on the size of container, this process can be quick or it can take a very long time. While the container is being created, VeraCrypt may seem unresponsive, it may even seem like it crashed or it's frozen; this is perfectly normal. It's probably best that you move on and work on something else while this step is doing its magic. Have a cup of coffee, read a book, surf the net – VeraCrypt will let you know when it's finished. Having created your first container, you are ready to mount it and add files to it.
Mounting Volumes Having created a VeraCrypt volume, all you've got to do to access/add files is mount by decrypting it. This is a fairly simple procedure. All you've got to do is browse for the volume you intend to access by using the “Select Volume” button. When you've located it, then you click on the “Mount” button and you'll then be prompted to enter the corresponding password for the volume. When trying to open an old TrueCrypt container, you need to make sure to check off the box that says “TrueCrypt Mode” – otherwise the file will not open. If you don't check the box, VeraCrypt will not know that you're trying to open a TrueCrypt container – instead all it will tell you is that you have entered the wrong password.
Installing VeraCrypt Installing VeraCrypt is fairly easy. First thing you must do is go to the VeraCrypt Downloads page, look for the version that's appropriate for your OS, and download the installer. After downloading, you'll have to extract the files and then you can install VeraCrypt. If you need further help on installing it, you can watch this easy-to-follow VeraCrypt Installation video. There are also a few websites that have detailed instructions for how-to-install veracrypt, or you can simply follow these instructions: mkdir veracrypt cd veracrypt wget “sourceforge.net/projects/veracrypt/files/VeraCrypt 1.0e/veracrypt-1.0e-setup.tar.bz2” tar -xjvf “veracrypt-1.0e-setup.tar.bz2” rm veracrypt-1.0e-setup.tar.bz2 ./veracrypt-1.0e-setup-console-x64
A note on Hidden Volumes A hidden volume is useful if someone happens to find your encrypted VeraCrypt container, and, through extortion, torture, water-boarding, etc, you are forced to divulge your password. If you created a hidden volume, then there is absolutely no way anyone can know that the password you have revealed is not the password for your secretly double-hidden encrypted files but rather the password for your dummy encrypted container. In order to create a hidden volume, you must choose this option early on while creating a container, and the process will be twice as long because you will in fact be creating not one but two volumes, the large dummy container and the smaller hidden container inside the outer dummy volume.
Final Thoughts TrueCrypt is dead and one of the main reasons given for its demise was that the software contained unfixed security issues. There are other forks that have come out from the ashes of TrueCrypt besides VeraCrypt. The other notable mention is CipherShed which is still undergoing further testing; it is still in Beta, and has not yet been released as stable. After a long auditing process, VeraCrypt has come out on top, the security issues mentioned in the TrueCrypt audit have been addressed and VeraCrypt has been deemed an improvement over the now defunct TrueCrypt. VeraCrypt is based on the same source-code as TrueCrypt, it uses the same GUI, it has addressed the security concerns, it is on its seventh stable release, and it is currently being supported and maintained, thus making it the logical software of choice for anyone who has used TrueCrypt in the past. I've personally been using VeraCrypt for the last four months and during that time I've been able to create new encrypted volumes with the same ease as when I was using TrueCrypt. I've also been able to access my older volumes originally created with TrueCrypt. Knowing that VeraCrypt has been audited and patched to be more secure than TrueCrypt gives me peace of mind in knowing that my confidential files will remain confidential and yet easy to access as long as I remember the password for each volume. I strongly recommend it to anyone who may be concerned with privacy.