Disk encryption and USB drive encryption(VeraCrypt)

[rickyrick]

Hi i have been using drive encryption my whole career and i have decided to contribute and write a tutorial.
Link to download veracrypt:VeraCrypt

Creating a encrypted file container that will be mounted and used as a drive.

Step 1.

Step 2.

On this step you get multiple options:
a)Creating an encrypted file that will later be mounted.
b)Encrypting an USB drive or other non system drive.(USB must be formated to NTSF system)
c)Encrypting a system partition or whole drive
We will create a encrypted file for this tutorial and i will briefly touch USB encryption.

Step 3:

In this step you get a option to create a hidden drive in case you are forced to disclose the encryption password.
This option creates double file containers with different passwords.

Step 4:

Select the path where the encrypted file will be created.

Step 5:

Select an encryption algorith and hash algorithm.
AES encryption is more than sufficient but you can select others(Twofish,Serpent),or combination of them(I use combination of all three).
As to hash algorithms i use SHA-512,but you can select any you want.

Step 6:

Here you specify the size of the file or in case of dynamic containers a maximum size(dynamic containers grow in size as it becomes filled).

Step 7:

This is the most important part of the process and the only weak point of the encryption.
Make a really strong,long,non dictionary password.

Step 8:

This part collects random data from your mouse pointer make random moves until you get in the green(the longer the better)
Click format and youre done.

Step 9:

Last step is mounting the encrypted file.
Choose a non occupied drive letter,right click.select file and mount.
Enter your password and wait for it to decrypt.

When done right click dismount on the veracrypt interface.(do this everytime to not corrupt the data).

Encrypting a USB drive

To encrypt a USB drive at step 2 select encrypt a non system partition/drive and follow the wizard.(make sure the drive is formated to NTSF file system)
When encrypted,usb drive cannot be opened through normal means(it just gives the option to format it).
To mount it on step 9 select a drive letter and click auto-mount devices.
You will be prompted to enter password and that is it.


Disclaimer:I didnt write anything that cant be found on the internet and i have collected images from there so i didnt invent hot water or anything.Hope someone finds this helpfull though as i have been using this kind of encryption forever.It is NSA/MILITARY grade encryption and cannot be cracked without quantum computers.The only weak point is youre password so make sure it cant be dictionary bruteforced.

 

[Tonys]

it didn't work out for me

 

[HEISENBERG]

At what stage did the difficulties arise?

 

[rickyrick]

What was the error and where did you get stuck so we can help and troubleshoot.

 

[Gerald Cotten]

Eventough @HEISENBERG already published a Post about Tails i still have problems to understand the logic behind the coexistance of Tails & VeraCrypt.

Any tipps & tricks on how to work with VeraCrypt on tails?

Background to this question is: Since tails is most likely booted from a USB Drive or any other form of movable drive i am not 100% on what parts i do need to encrypt to be able to still use tails.
Is it right that i am not able to encrypt the whole usb stick to be able to boot tails without any problems? Or do i only have to encrypt the persistant storage?

 

[rickyrick]

no need to encrypt tails usb.It is amnesiac system.Veracrypt is for encrypting other sensitive data.Tho you can encrypt virtual machines and use it like that.

 

[Gayfag]

If you have TAILS on a USB, and then encrypt the USB with VeraCrypt, then no computer/person in the world can read the contents of that USB, A.K.A. the computer you plug your USB into will not be able to find TAILS since it has been encrypted by VeraCrypt. To make a long story short: Don't do it that way.

Instead: Visit TAILS website and download it and follow their advice for how to create a USB-stick with TAILS. Last time I did it, then it was very easy and I think I used some software called Etcher (reminds one of Rufus).

When the installation is complete, then find a computer that is TURNED OFF, plug the USB into it, turn the computer on, boot it with TAILS. You will be presented with a clear desktop and if you are familiar with Linux then you will quickly adapt and learn yourself how to use the OS. However, if you are not familiar with Linux, then you should know that: This initial experience (boot --> enter OS) is only half of what TAILS has to offer!

I recommend you to take your mouse pointer and put it in the upper left corner. You should reach an application menu. Look through every category and see what applications they contain. You should see some cool stuff like KeePassXC which I never really researched but I think is a straight fork of KeePass, which is an incredible software, some must-have stuff.

But, in here you will also find another alternative, called "Persistent storage". If you open this, then you will start a wizard that will help you create your very own design of the TAILS operating system. You can encrypt the entire TAILS storage space, you can remember WiFi passwords and browser bookmarks, peoples PGP-keys and much, much more.

After you are done finishing up your "Persistent storage", then you have a USB-key that is very powerful. You can put it into any computer and it will boot TAILS, but everyone will be met by a clear desktop with 0 traces on it. You can even give it to the police (and give them the finger) and they can't find shit on the USB. "Persistent storage" forces you to enter a decryption password before you login, and if you enter the correct password (which you yourself choose) then you will enter the TAILS OS but with your unique and personal experience.

Ever since I found TAILS, I understood how competent it was and I immediately put it on a USB, performed the "initial setup" that I choose to call it, you know where I click on the "Persistent storage" and set it up the way I want it, then I put the USB on my keychain and I have it with me at all times. I have another USB in a hidden pocket in my favorite jacket, it also has my custom setup of TAILS. I also have a "main-USB" which is the only one I use for my very illegal activity. I'm not going to disclose anymore how my infrastructure looks like, but I hope I gave you some inspiration.

You should have 1 USB with TAILS, then hide this USB where nobody but you can find it. This is the USB you use for anything internet-related that you want to do but not be responsible for. Some examples is to order drugs from online-markets, look for hard candy and sending threats. My recommendation is also to have one other USB with TAILS, with a different password (never same password on multiple devices/accounts EVER, learn this NOW). This second USB can be laying around, as I said, in my case I keep it on my keychain. I don't mind if my mom, if my boss, if my wife, if my boss, if the police or if you find it. The absolute worst thing you can do is: Take it, plug it into a computer, see that the USB contains a clean TAILS <-- NOTHING MORE. And that is OK with me.

You should not fix your setup like mine just because I am writing this, I could be an FBI agent undercover, but give it a try for fun for educational purposes.

Also, to state the obvious: When you are using TAILS and consider yourself "fully anonymous", know that you are only as anonymous as you set yourself up to be. For example: Start a computer with TAILS, then open TOR, and then ONLY open BB Forum, or your favorite darknet site. Bookmark the sites or put them in a notepad which you save in persistent storage. Isolate your "TAILS-life" from your other life in every way possible. You don't talk about TAILS, you don't search for your IRL information from your TAILS-session, you don't fucking log into Facebook, you don't install Thunderbird and login to an already-existing e-mail account that was created using your details on the clearnet, etc. Use your brain. And I know that my comments may come across as a bit hostile, but remember what we are dealing with. If you get caught doing <whatever>, then you are going to walk in circles in your cell for the rest of your days, knowing that if you spent approximately 12 minutes to do your shit correctly, then you would still be anonymous, outside and flying free.