How is VeraCrypt working these days? Is it true that it takes 30 seconds (or 30 min) to mount drives?
If you are using it on a Pentium III, 64MB RAM computer, then yeah sure why not, maybe take you 3 hours to mount a drive. For me, it only takes a few seconds (less than 5 seconds) to mount a drive or container, on my i7-2700K, 8GB RAM computer. my point is, you have to be logical asking any questions here. So you need to specify what sort of hardware you are talking about, because speed always depends on hardware.
I didn't give any details because I never saw an encryption software take more than a second to decrypt/mount a drive, and I didn't know if the claims were true.
Well, you didn't see all that much, then. I have a 1GB container in which I run PortableApps Thunderbird. It takes six seconds to mount, the same since I first used Vera when it came out. i7-3770K, 8GB. The same on an old E8400, 4GB, takes maybe a skootch longer. It's my backup system and firing it up to time it is beyond the effort I want to expend on this topic. I just had to chime in as whatever claims you refer to (30 minutes? Seriously?) are ordure. VeraCrypt rocks. As did TrueCrypt.
In my case, 10 s to mount a 300 MB volume in Windows 7, 5-years old desktop, 4 GB. 14 s to mount a 400 MB volume in Windows 10, 2-years old laptop, 6 GB.
On my 16GB RAM i5 4210 laptop with Ubuntu: 4 secs (465GB partition). Same laptop and partition but using Windows7: 12 secs
My feeling is that these flaws are actually less important than the fundamental issue that, if your machine is attacked while running, then all the files in the Truecrypt container are accessible to any process once mounted. You don't need to escalate to get that information, and there are many other ways to escalate anyway. I want to move beyond the Truecrypt model and get something that is more partitioned and maybe two-factor/presence mediated.
I personally have been looking under the hood on VeraCrypt some. Don't claim to be qualified at this point to do anything much beyond build/compile the VC linux version pretty easily. I no longer study the windows specific code (no personal need) because my system disks are linux with LUKS. I find the linux version of VeraCrypt to be quite solid for non-system disk encryption. The patches for code glitches in TC's work were adequate as of VC 1.16. There is a monster improvement with the advent of PIM in hardening the headers on the volumes. It only takes a few minutes at most to convert your old TC volumes to VC as long as the TC version used to create them was version 2 (6.X releases +). The conversion is for non-system disks ONLY. The new volume headers are much harder and your custom set PIM takes them to the next level as far as an adversary would be concerned. Of course all things come at a cost. A high PIM and long password mean great security but it takes sometimes 15 seconds to open a volume. After being open though they work at lightning speed just like they used to on TC. I will gladly wait the 10-15 seconds for a volume to open in exchange for so much more security. You can lower your PIM and such if you just want speed and will live with less hardening.
I recently switch over to VeraCrypt. I have not converted any volumes yet. Current using the TrueCrypt compatibility mode to access my TrueCrypt volumes. Thinking now is the time to do the conversion.
I will just create a new container with VC, and copy my files from my TC container to my new VC container. Less risk in something going wrong with the conversion.
I made backups of my container files and also backed up the volume header for each, then did the conversion. Conversion didn't take long and was successful. I think that time it took to convert was much shorter than copying files from the TC to the VC container files. From the FAQ: I chose the "Set Header Key Derivation Algorithm" option. Be sure to check "TrueCrypt Mode", I forgot to do that on my first try on my smallest container. I does as @Palancar mentioned take a bit longer to open. I can live with that.
Use a good pass phrase, 20+ characters, better if more random, but using the diceware method is quite suitable -- 7, 8 or 9 random words from a set of 7776, plus adjustments if you like to make it even more safe. If the unlocking of the drive is too long, use the PIM feature -- set a value that is reasonable; with a good pass phrase, the PIM value might be good with under 10 as a value for PIM. VC 1.17 works very, very well for me. But definitely use a good pass phrase AND deliberately use a lower and more reasonable PIM value, especially for the system drive. Better still move away from Windows if you can and use LUKS on a Linux system, there are plenty of good Linux options (albeit many now with systemd failings, but that is another matter). Oh and if you have an old TC container and you use VC, well the "Use TC" checkbox is a bonus, it adds another security choice and doubles your security by itself -- do I use this option or not? As I understand, just having the TC driver installed on your system gives risk, if it is detected, it can leverage the file (truecrypt.sys) and escalate to admin user rights -- you should never run Windows using a user with admin rights as your daily driver; but even if you do it right and you still have truecrypt.sys driver file, then there is risk that it will be exploited. NB: Uninstalling TC still leaves the truecrypt.sys file in the c:\windows\system32\drivers directory or wherever your drivers directory is.
