Thread: encrypt folder, recommendations?
View Single Post
  #14  
Old April 22nd 18, 02:37 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default encrypt folder, recommendations?
mel wrote:

TC will NOT work with UEFI bios. I learned that the hard way by
blowing my Windows 7 Ultimate machine by trying it. Luckily I had
everything backed up with the Windows 7 backup utility plus a repair
disk. I regained everything through foresight.

To be accurate, Truecrypt won't work when used for whole-disk encryption
on a UEFI computer. It still does work when creating .tc containers
holding the encrypted files.

Why didn't I use Redmond's BitLocker? You're kidding, right?

Again, whole-disk encryption. The OP only wanted to protect the
contents of a folder, not the whole disk.

As I recall, the vulnerability in Bitlocker wasn't in the program but in
the TPM chip in the computer. So I did a search to check.

https://www.softcat.com/news/tpm-vul...tion-impacted/
https://support.microsoft.com/en-us/...ability-in-tpm

Everything I've read so far says VeraCrypt does not work with UEFI. I
could be wrong.

Yep, you're wrong. It's Truecrypt that won't work with UEFI but only if
you use TrueCrypt for whole-disk encryption.

But VeraCrypt is much too new to be trusted.

It started with the TrueCrypt code (because it was open source). The
audits found some weaknesses or deficiencies. As I recall Veracrypt
only addressed some of them, like 6 out of 22. One was to support UEFI.

How long was it before TrueCrypt got any auditing? 11 years. How many
open source programs ever get audited? Being open source means they are
open to inspection but they rarely get inspected by an independent 3rd
party plus you have to assume the compiled executable used the open
source code that could be reviewed. Veracrypt got audited 3 years after
they adapted TC; see:

https://www.zdnet.com/article/veracr...ritical-flaws/
"VeraCrypt 1.8 and its bootloaders contained a total of eight critical
vulnerabilities, three medium flaws and 15 additional bugs of low
importance."
"The majority of these problems have been fixed in VeraCrypt 1.19"
"The remaining problems present have all come from the days of
TrueCrypt, and fixing them at the moment could cause issues with
backward compatibility."

Unlike the TC authors who remained anonymous and were slow to make
changes and disappeared after the first audit and weren't around after
abandoning TC (and made it read-only) before the 2nd audit, Veracrypt is
a lot more responsive to fixing their product. IDRIX inherited the
problems found in TC.

Go with a TC volume. Full disk encryption is much better, but it's a
pain in the butt to keep your drive backed up. That's for more
knowledgeable users.

Unless you are programming new software that needs to be protected, why
do you need whole-disk encryption for programs that aren't yours and
that anyone can get?

Just my opinion after years of using TC on my older Windows machines.

The problem with TC, BestCrypt, VeraCrypt, and other tools creating
container files with encrypted data is that they possess static
protection. While the files are inside, they are very secure. When you
mount the container and open any files therein is when you lose security
due to buffers in memory, pagefile, and other artifacts in opening and
accessing the contents of files. In situ, the files are safe. In use,
they aren't so secure anymore. That's probably why some users go to
using whole-disk encryption; however, memory gets reallocated, pagefile
can be wiped on shutdown, and so on to placate the paranoids of which
most don't have anything they really need to secrete from a gov't but
perhaps from a business competitor.
Ads