VeraCrypt Won't Encrypt my Entire System?

Discussion in 'encryption problems' started by Brosephine, Mar 14, 2016.

  1. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    When I try to encrypt an entire drive using VeraCrypt I get an error message stating:
    "Your system drive has a GUID partition table (GPT). Currently, only drives with a MBR partition table are supprted."

    Is this correctable on my end or should I start looking for alternative encryption software?

    Thanks!
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Maybe this tells you to be careful :)

    You'd need to reinstall the system, forcing old-school MBR instead of modern GPT.

    But to be safer, buy a cheap used computer, and learn Linux and LUKS.
     
  3. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    What do you mean exactly? :p Careful in what way? lol

    Yes, Linux is the best bet I'm sure. Why would VeraCrypt make their tool work for older computers rather than newer?
     
  4. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Encryption is a brand new thing for me and my knowledge is lacking on it. It just seems like a good idea. To what extent do you recommend encrypting things? If the whole drive is encrypted it is useless to anyone who may have hacked their way in correct? Like a last line of defense.
     
  5. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Just as important is defense against physical access to your machine or HDD !
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Wow, I thought Vera supported GPT. Maybe it's not such an improvement over TrueCrypt.

    Yes, specially because they support GPT disks.


    That depends.

    Disk encryption only makes security/privacy offline.

    File encryption is good, as well as e-Mail encryption.

    However, if your computer is compromised than your encryption won't matter. The cracker might as well have a keylogger that grabs all your passphrases.

    Encryption is only one layer of privacy and security, and there are thousands of layers to consider.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I do recommend it. But it's so easy to lose everything.
     
  9. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Yes to that !

    I still like the old-fashioned strategy of keeping HDDs containing system images / clones in a small safe :)
     
  10. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Yeah I had that feeling since practically every thread about encryption on here is about retrieving data that was lost in the process!

    Fortunately, I am able to create encrypted file containers which should be good enough for me. I had a misconception that encrypting my machine would make it more secure online as well as off. Since that's not the case I don't think I'll take the risk!

    Any suggestions on how to make PrivaZer work when there are encrypted VeraCrypt containers being stored on the drive being scanned/cleaned? It won't complete a cleaning anymore.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    That's why I recommend practicing on a spare computer. And I've had much better luck with LUKS in Linux than full-disk TrueCrypt in Windows. Maybe it's just me.
     
  12. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    @mirimir could i easily install a Linux VM on my machine right now?
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Sure you could. And you can also use LUKS in a VM.
     
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592

    I would have to conclude with relative certainty there is ONE large confirming difference tipping the scales to linux for encryption. But in experienced hands there are some amazing encryption attributes not available to linux users, so it goes both ways.

    Windows has a proclivity to attempt to fix anything its sees as broken or foreign to the operating system. Linux has no such tendency. e.g.- insert an encrypted external drive in a windows machine and it immediately wants to format the drive or worse simply because it perceives its "broken". If you don't pay attention to the warning you may quickly end up with your 2TB external full of life's treasures being formatted with all data lost. That is Windows through and through. Insert a Windows install disk and simply want to refresh or install a new OS on the C drive (systems disk)? Think again. If you have ANY encrypted partitions outside of the system disk, too bad, their headers are blasted away and you lose stuff. That is unless you are a Pro with the needed backup files at the ready. Most don't and so the "sad songs" fill our encryption forum day after day.

    After over 10 years with windows and TC I can report never losing any data to the junk windows did to me. However; ask me how often I had to use backup headers and partition tables for recovery and that is another story. Windows is very predictable actually, so countering its moves is easy if you do so ahead of time. Backing up things not even talked about in the users manual is essential.

    Let me state here that if you have any external hard drive fully encrypted with either TC or VC there is one thing not mentioned in the manual that will save your bacon ---- flat out! Backup the MBR on the external because it contains the partition table that software uses to manipulate the drive during use. Guys its only 512 bytes but if it gets corrupted by your friend Windows you could lose the contents. I can backup an MBR in 2 seconds and storing 512 bytes is not much of a challenge. I just know I don't want to re-encrypt 2 TB with both decoy and hidden volumes to be created from scratch. Once was enough, don't you agree?
     
  15. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    I can honestly say that I have pressed "skip" every single time I have ever been prompted/recommended to back something up! :confused: I know I'm probably not alone on that, but am not proud of it. I'm ready to put those days behind me though!

    Is there a recommended program you use to back up? I'm sure the process is different depending on what you're backing up (ie: whole system, encrypted folders, specific disk)...
     
  16. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    If you have a modern UEFI system with secure boot/GPT, your only bet is Linux LUKS or Windows Bitlocker for whole OS disk encryption. Forget about TC/VC. They are best for encryption containers, not for OS drives anymore.
     
  17. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Thanks for the info. I'm just going the VeraCrypt container route. Since you say they are best, I'm curious how secure are VC containers? What level of adversary could decrypt it?
     
  18. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    Jetico and SecurStar are third party FDE providers that also claim to be able to handle UEFI FDE though I haven't yet tested either so I can't say for sure if they work as advertised. As for VeraCrypt, I was impressed by the new number of iterations. [even before TC bailed on the scene]

    In theory it's one of the strongest (it also happens to be among the most time/cpu consuming for mount times as a result) since it uses such a high number of rounds in order to mitigate newer attacks that make use of GPUs and such. In addition it's attempted to correct the problems found via the crowd sourced audit of TrueCrypt. I'm sure a government level adversary could eventually decrypt even a VeraCrypt container/system were they willing to spend the resources required but for anything else you'd likely be pretty safe.

    All that being said, anyone with sufficient paranoia might still be concerned with the timetable of the transition and the difficulty of following the more recent changes with VeraCrypt since that original point where 'just' the iterations were altered. A lot has changed and so and at this point (unless a new audit was done) it's still a leap of faith. The source code is there, but how many of us can understand it?
     
  19. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Depending on the strength of your password. If you use long enough (min 14 characters of a combination of letters, numbers and special symbols), truly random password, currently no one could decrypt your VC container, even the N3A, lol
     
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Too much to discuss in one post. Your proclivity to "skip" puts you with the majority of users. The backups to which I mostly refer in this encryption forum are those which are so simple to do. VC provides the tool to backup headers and its critical, but still most follow you with the "skip" thing. 1. Start here.

    Next, on your externals (which are VC encrypted) you NEED to backup the device MBR. A whopping 512 bytes but it contains the partition table you need if windows or Murphy get their hands on the drive platter. A dd MBR backup takes seconds and of course is small and easy to store. 2. This is step two

    Once you get these two accomplished for every device you have device/partition encrypted, then we can continue on the rest of the plan. At that point, while still very easy, your specific needs concerning space and threat level will come into play.
     
  21. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Well at this point I'm unable to do a full disk/drive encryption on my machine so am creating encryption containers instead. Are step 1 & 2 the same for this?
    Oh wow I didn't know it could be so secure. As you know, VC gives several options of algorithm strength to choose from.

    Encryption Algorithm:
    • AES
    • Serpent
    • Twofish
    • AES(Twofish)
    • AES(Twosfish)(serpent)
    • Serpent(Twofish)(AES)
    • Twofish (Serpent)
    Hash Algorithm
    • SHA-512
    • Whirlpool
    • SHA-256
    I'm currently reading up on these so I can better understand the difference between them and know which is best for me. To be honest though, it's some complex reading and I'm still unclear on which to go with.
     
  22. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    I'm beginning to understand and utilize file/folder encryption, but not email encryption. Is that something VeraCrypt can do or is there another program needed? Does encrypting email also only protect it off line, or are there some online security/privacy benefits from it too?
     
  23. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    As far as I'm aware VeraCrypt can only do disk encryption. And the standard for Mail encryption is either GPG or PGP.

    See how you can encrypt your e-Mails on linux (very similar process for Windows, though): https://www.wilderssecurity.com/threads/how-to-encrypt-your-e-mails.380242/

    Both, but don't rely on Mail encryption for offline privacy as it might only protect them from regular people. Without disk encryption an attacker can insert backdoors into your OS and then remotely install a keylogger, later grabbing all your passwords.
     
  24. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    VC does disk and container, but my computer is only compatible for container encryption with them.
    Oh through email they can do that? I'm not sure where to begin to encrypt my email. Do I do it through my email service provider?
     
  25. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    I'd be freaking out :p

    No. If you don't have FDE in place, anyone can use a LiveCD to replace important system files and compromise your OS. Once they have a backdoor placed, they can remotely do anything they want, and that includes installing a keylogger to grab anything you type, and that includes your e-Mail and GPG passwords.
    In fact, they can replace important OS files and install a keylogger right away, no need for a backdoor (though a backdoor is far more interesting heheheh).

    No, you can't trust them. Google, Microsoft, Yahoo, AOL, all of them read your e-Mail. You must use a tool like GPG to safely encrypt your e-Mails, and then you can send them through the most common e-Mail providers.

    And don't fool yourself. Just because you use, say, riseup for e-mail communication, doesn't mean your e-Mails are safe. If you send an e-Mail to a gmail destination than it will be read as well if it's not encrypted.

    Read the thread I linked too see what you can do :)
     
    Last edited: Mar 18, 2016
Loading...