VeraCrypt and the Data Cowboys
It's a dead reckoning
Encrypt your dicks
One of the most fundamental things you can do to protect yourself is to encrypt your files so that nobody but you can read them. That sounds about as sexy as transformation porn, so let me try again (note: it's not sexy, and stop trying to convince me!). Encrypting your data is one of these extraordinarily simple things you can do to make sure that neither theives, the feds, or your mom can get access to any of your files without your password, and it's so effective that no cryptographic, cryptography being the obfusciation of data, much like encryption, standards that have been broken on their own, and most times encryption is "cracked" it's either the underlying password that was broken, the software having an exploit, a backdoor being installed by a malicious party (such as with Microsoft and Skype), or the suspect was tortured until they gave up the password (lift those weights, kids!).
That wasn't sexy either, even with the torture bit. Have some ass. Is it a male ass or a female one? You can never know, with the ambiguous Froghand! But you will know it's furries. I guess that gives it away, doesn't it?
Now that you learned what encryption is, let's learn how to implement it on your entire hard disk! If you lose the password, you'll never get that data back, so remember to keep a backup! "But Froge", you say, because we're in a bad My Little Pony fanfiction where horses talk in the same way that people don't. "Isn't that a bit drastic for everypony to do? I mean, we barely learned what it is! Do you even know what it is? You're a shitty teacher, Froge!" Okay first of all, I don't like your horse tone. Secondly, it is okay my baby. I will teach you all that you need to know about the simple, silly concept, that just so happens to save lives.
Today we are using VeraCrypt, for Windows. Oh wait, you're not on Windows? Okay, let's see the options. If you're on Linux, you probably don't need my help, and if you're on a Mac, you can fuck off. Even if you're living in a bum foster home where your only Web access is through a Macbook, I can't help you. The cancer has already spread. Please find good parents. Help the bad ones get cancer. Spray air freshener in their food. Alright, Windows is a botnet, but it's used by a metric fuckton of people (approximately 1000 fucktons, or 1,000,000,000 fucks), and much like Walmart, it's here to stay, until Whole Foods makes a pact with ISIS and creates an anti-Walmart militia.
It actually is for all of those platforms (except for Whole Foods OS, I'm rioting), but I'll be focusing on the Windows one. Oh well. I'll just spitball it.
What IS the VeraCrypt?
Is the horse asking the question? You can't even use a computer you looking-ass feral quadruped motherfucker. Seriously, your hands are hooves! What business do you have here? They don't even conduct your natural bodily electricity. Scamper away. Be worthless. I don't want you horse whores around here!
The VeraCrypt is the successor of an older, very similar, though less secure encryption program called TrueCrypt, which was a famous program until its developers went tits up and sold the code to space banditos, never to be seen again. Stubborn whorses will suggest you stil use TrueCrypt, but this is a poor idea, as TrueCrypt is no longer being maintained and any security vulnerabilities will never be patched, and VeraCrypt fixes many of the security issues that TrueCrypt had, and providing better practices for data encryption for good measure.
Put simply, TrueCrypt worked, and it worked well. It was a piece of software that every paranoid nerd needed to use, and the small learning curve and hand-holding throughout the process made it easy for any old randy to keep their hard drive liberated from governments. With many of the vulnerabilities of TrueCrypt fixed, VeraCrypt took its place as the standard for disk encryption. What's astounding to me is that one of the reasons VeraCrypt was (supposedly!) stolen by space banditos was that Windows XP was at the end of its life and the developers said BitLocker was an okay choice. One, that's fucking stupid, because BitLocker is closed-source software made by a company that gives data to the NSA, and two, Windows XP was an insecure, overrated, and ugly operating system, and everybody who sucks its dick gets no respect from me.
You know, I just realised every version of Windows except for 7 was shit in some way or another. Windows 8.1 was slow as all get out, Windows 10 is a botnet, XP was full of more holes than a firing squad victim, and Vista was reskinned XP with a bad interface and annoying permissions. Even 7 isn't doing so well, seeing as its going to be at the end of its lifespan eventually, meaning it will be harder and harder to get away from the Microsoft botnet. How long until Wine becomes as good as the real thing? How long until Windows is reverse-engineered and released as FLOSS?
If you're familiar with the encryption scheme in 7-Zip, you'll be okay to use VeraCrypt, and if you aren't, well that's a case for another article. But let's go over some basics so you don't end up pwned by the cops.
Use decent passwords
Are you perhaps using Master Password? If not, you can consider your passwords cracked as a hammer on a nail on a toenail under bare skin. Humans suck at remembering passwords. You know what, that's just shifting the blame. You suck at remembering passwords, and you suck at creating them. Good medicine tastes bitter, bitch. Don't be a bitch, and use Master Password to alleviate yourself of all your bitch sins. There is no bitch church, because we call them brothels, and brothels cannot help you with your passwords. Also see this article, which isn't SHILLING but let's be reasonable now.
This is good for a lot of things, but you should never use Master Password with anything important, like disk encryption and cell phone passwords. In this case, you need to come up with a secure, easy-to-remember password that you have committed to memory and can type in on any keyboard. Use a long quote or song lyric you like, add in some symbols that you can remember in places you can remember, and make sure its at least thirty characters long. That way, not even a computer can crack it. But be reasonable - if you copy and paste Kanye West without altering the lyrics, you're going to jail. Not for anything illegal, but for having pleb taste.
Update your software
Zero-days are exploits that have been unpatched for zero days and counting. The funny thing about this is that pretty much every zero-day runs on an older version of your software, for those who are too lazy to update them. Take for instance a critical security flaw in Tor Browser written by the FBI which revealed the personal information of some users. If the affected users had updated their version, they wouldn't have been marked. So with every piece of software you use, make sure its updated, especially the ones you encrypt your data with. And the zero-days which exist in the current versions? Pray you get lucky they don't affect you.
Be reasonable with your choices
Rule of thumb: if I recommended it, I had good faith it was a good product at the time. If I turn out to be wrong, I am sorry, and I will continue to recommend software that I think will benefit my users instead of bringing them harm.
Long story short, don't use the default encryption software for your operating system, don't use tools that take advertisements in them, avoid closed-source tools if possible, and make sure that they were updated recently and don't have any critical security flaws. In this case, 7-Zip and VeraCrypt are both good software for encryption, and I will write an article about general encryption later with OPSEC involved (operational security - how you act affects how secure you are), though for now I will work exclusively with VeraCrypt.
Don't talk to anybody
If anybody knows you have files of interest on your hard drive or what have you, that's one more leaky cunt who knows that you have shit you want to hide. The amount of people who should know what's on your computer should be one - you alone. Not me. Fuck me. Treat me like dirt, Daddy. I'm worthless to you. If I ever ask you what you got on your PC, tell me to fuck off, because I don't need to know. Especially don't tell me your passwords, your usernames, your social media accounts, or anything that can be used to dox you and crack your encryption.
This especially goes for cops. These thugs count on one thing - for you to panic and spill the beans. Most cops have absolutely no idea what evidence you have, especially if there is no evidence, and if you keep silent, ask for a lawyer (who will do the talking for you), and then shut up forever, then you can't be forced to give up your passwords, you won't give the cops anything to work with, and you'll go through the next few years innocent of any crimes you may or may not have committed. Unless you live in China. Fuck China. Give Taiwan the mainland (I think that's six countries I'm banned from now plz no ddos PRC haxx0rs).
Crash course is over. If you can remember these basic steps, you're already more educated than 90% of the population. It wasn't exactly a hard competition, but at least now you know how not to get raided by thugs at 6 AM.
Let's get it on
Okay, you've installed Veracrypt, even though under most circumstances you should always download the portable version of software to prevent it from writing to the registry / in-the-clear filesystem. In this case, it's actually a good idea to install Veracrypt, as it's required to use full-disk encryption, and installing it means that you won't accidentally leave it on an encrypted partition unable to launch the program you need to decrypt the files (dummy!).
So having now had it, let's talk about how to encrypt a partition. I know that you should always use full-disk encryption to prevent anything from being accessible to an unwanted party, though a partition in addition to a fully-encrypted disk is useful for adding additional security to your files, as well as being a solution in the event you need to share a computer, you poor sod. It'll also teach you about the basics of VeraCrypt and OPSEC more than the other method, so let's do this first.
The partition, Luigi! The partition!
To partition your hard drive is to take some data from one area, and shove it into another. In Windows Explorer, this shows up as another drive which you can put all your files into. This does very little on its own, a bit like being another folder. It's only good for organisation until you take measures to protect the data on that partition. Fortunate then that we are going to find these measures right now.
You may use the control panel to search for "partition", and if you look under Administrative Tools, you will find what you need. I am being vague on purpose - I can hold your hand, but that does nothing for you. From this Disk Management GUI, shrink the data from the largest partition, and then create a new one using the free space you created. Choose a cool letter to use - but not anything that can identify you. One letter? That's enough for an assassination. The name you choose doesn't matter - it will be reset once VeraCrypt gets its hands on it. The amount of data you need depends on how much of a NEET you are. Do you have four terabytes of anime burning a hole in your hard disk? What a shame.
Now would be a good time to create a backup. Ideally you would take all the materials you want to keep and then compress them with 7-Zip, but seeing as you're reading this article, I guess you don't know how (unless you're here to have a conversation with me, you sweet little cute!). So just copy off all the things you want onto an external disk, a USB, or your cell phone, or what have you, and then copy all of your files into the partition you created. If you encrypt it and then forget your password, you lose all of your files in the partition! So keep a backup in a means you can remember.
All of that done, it is time to launch VeraCrypt. It really is simple once you learn about it, and this is what we are here to do. I will hold your hand for now, but just this once! It's important to have a tutor, sometimes.
Select on "create volume", and you will have a dialogue box. Read it, if you will, and you should come to some conclusions. Which one is most suitable for our current task? Spoilers up ahead: || it is the "Encrypt a non-system partition/drive" one, because this is what we are trying to do. So click on "next", allow the admin prompt to go through, and then select "standard VeraCrypt volume", because I don't understand the hidden stuff well enough myself.
Now what happens? Well, think: what did we just create? A partition, yes? So then with the only good option in front of us, "Select Device", select the partition with the same size and name as the one you just created! Also make sure "never save history" is checked, as this makes it harder for anybody to tell that what files you've accessed in that partition. If you have data on this partition, which you might if you decided to copy them early on, then you can select "Encrypt partition in place", which will make sure that none of your data is lost during the process. If it's empty, or you want to start fresh (which is always a good idea, forensically!), then you can select the other option. Keep in mind, you will never see this data again, so make a backup.
Now for the exciting options of encryption alogrithms? Which is safest? Well, I'm not a scientist myself (please don't show this to the judge), and without going into detail about the algoritms within, we cannot fairly determine which is the most secure. But keep in mind that all of these algorithms have yet to be broken, and that Serpent is more secure than the current AES algorithm, but was rejected for using up too much CPU power. None of this matters, though, as you have the option to use all of the algorithms! Use either "Serpent(TwoFish(AES))" or "AES(TwoFish(Serpent))". This means that a cracker has to deal with three different, as-of-yet unbroken algorithms to access your data. Most give up if they see even one - three future-proofs you for as long as current technology exists (damn those sneaky quantum computers), and makes it impossible for anybody to access your data unless you use an incredibly poor password, or reveal it.
The hash algorithm does not matter so much - use either SHA-512 or Whirlpool. Don't use SHA-256 though, as that's a direct downgrade from SHA-512! Ah, but now is the password screen. Remember what I told you? Make sure that you can remember it, that it's more than thirty characters long, and that nobody else has access to it, so make it unique! Make sure you remember it, so type it in as many times as you possibly can. In addition, you can select options like "Use PIM" (not PIN) and "Use keyfiles".
A PIM is like a PIN, but different, because having a low PIM means that your partition is less secure than it would be had it used the default. Having a high PIM means that your encrypted volume will take longer than normal to encrypt, and at very high levels will take longer than you would like it to encrypt. Don't get irrational and end up locking yourself out due to boredom. Five digits is okay, because that already increases the time you need to brute force a password to be (94^64)*(10^5) (worst-case scenario), which is already a shit-ton (equivalent to 1,000,000 shits) without the 100,000 modifier, but you get an extra five zeroes onto the final number of passwords a computer has to go through, so fuck the police, right? Make sure you never write this down. Remember it, too!
The keyfile can be considered a form of two-factor authentication, where you can only access the volume if you have the file. The unfortunate thing is that, when it comes down to it, most form of two-factor authentication equates to another password. In this case, it just happens to be a password with 1,024 digits, so good luck guessing that! And that's only for one - adding multiple, as with many simple forms of computer security, makes such a system impossible for current computers to guess. The downside is that such keyfiles are very easy to lose, and if they're modified in any way, you can't access your encrypted files. Your password and PIM will be strong enough, so only use a keyfile (or several) if you're certain that every single one will never be modified or lost, which is a tall order, so consider this carefully. I suppose it would be useful in the event you're forced to reveal your password for whatever reason, though if a cop ever finds you out, you lost the security game.
Now comes the fun, final part of the course: moving your mouse around a lot! VeraCrypt claims this adds randomness to the final algorithm used to encrypt your data, but according to its manual, it collects all of this data during the entire time you set up the other steps, including your mouse and keyboard (not that it does anything with this data beyond add it to the randomness). This final step is a bit of a placebo, but in case you were worried about the theoretical possibilty of a keylogger tracing your steps to find the keys, freak out as much as you can within the window to get rid of those fears.
Then let VeraCrypt do its magic, and you're done! Painless surgery, like physiotherapy.
To mount, but not hump
Your file is encrypted, and I hope you remembered your password, because if you didn't. Whoosh! There it goes - all your important stuff disappeared, like piss in the pool. But before we get to that, let's figure out how to access your files. If you click on it in the explorer, you will be asked to format it. Now if you know anything computers, this is a horrible idea. It will delete everything you have on the partition, ruin the encryption scheme, and force you to go back and redo all of these steps to get the partition working again. So what do you do?
Go into VeraCrypt and press "Select Device", and then choose the partition you have your files on. It should be easy to find - just look at the filesizes and names, and if it looks familiar, select it. Then you select a drive letter, press "Create Volume", and then you'll be asked for your password and PIM and keyfiles. Fill in the proper information, and pray you got it right, because if you never get it right, you'll never get your files. But if you did, it will finish the process soon enough.
And then once it is finished, your drive is just like any other. You can access the files while its mounted and have it act like any other partition. The only difference is that it will be a little bit slower if you perform some write-intensive tasks, such as compressing large files, because it needs to encrypt that data to your drive to make sure its secure.
Now that you've finished mounting, it's prudent to go into the VeraCrypt preferences, found under the "settings" tab, and change some of the checkboxes to make your system a little more safe from prying eyes - though if anybody ever gets a hold of your system, you already lost the security game. Some options to check are the "auto-dismount" features, giving you the option to forcibly dismount your files and re-encrypt them under some conditions, to check that the password cache is never used, and that it is wiped on the off chance that it is, and to choose whether or not that VeraCrypt launches with your computer. Enabling such a thing would be convenient, though not enabling it allows you to hide the fact that you're using VeraCrypt from snoops on your computer, such as other users (what a shameful life).
When you need to close your files, simply unmount the partition or turn off your computer. But never exit VeraCrypt before your files are unmounted - this means your files won't unmount when your computer is off, and if somebody gains access to your user account, they'll be in the clear to take! You must make sure that VeraCrypt is always running in the background, so that it dismounts your files whenever it's given the chance to. The alternative can be a great disaster to your infalliable fortress of encryption, so make sure you don't turn it off.
For full-disk encryption, it's the same process - except that VeraCrypt suggests choosing a single encryption standard as opposed to a cascade, in case something bad happens, which makes it less likely that you'll need to pull out a recovery disc. It is then fortunate that VeraCrypt requires you to make a disc to insert into the PC, along with your password, to recover any issues that may go wrong, though this would be a pain for anybody without a CD drive, as creating a USB disk instead of an actual disc is a complicated procedure, and not worth the effort. What a shame that VeraCrypt has not decided to future-proof, instead relying on the same medium we distributed Limp Biskit on.
What do we store?
You should store all your files, programs, music, games, what have you on your encrypted partition, as this prevents anybody except you from accessing them. All programs run fine on an encrypted volume, unless you're doing something which makes the hard drive and processor cry, which is something like compressing every season of South Park on the same partition.
So with all of your programs, you should consider re-installing them to the location of your encrypted partition (create a separate folder!), and then updating all of their preferences to be germane to the partition. For instance, setting your web browsing to route downloads to your partition, or setting your converstion program to send videos to it. It's either that, or leaving a great deal of data vulnerable on your computer, waiting for some random asshole to come and get it. Pain is temporary - liberty is forever.
Of course, with full-disk encryption, this is already done for you. Consider it idiot-proofing, but idiot-proofing which actually benefits you. Having multiple redundant layers of security is very, very good for you, as like an onion, you have to peel every single layer to get to the vulnerable core. The analogy is why the Tor project can be called "The Onion Router", as it's sending your traffic through multiple layers of encryption, making it extraordinarily hard for an attacker to reach the underlying content. The cascade feature in VeraCrypt is a bit like this onion model, and so is storing encrypted files inside an encrypted partition with three different algorithms. So good luck cracking it!
What don't you want to store? Well, perhaps a backup of all your files that you make every few days. But then you must make sure this is also encrypted securely, using something like 7-Zip, so that nobody can snoop your files from the unencrypted portion of your hard drive. If you lose your password (bad form, very bad form), then at least you have that to fall back on. And if you lose the password to that, well, something horrible went wrong along the way. It's okay - we all make mistakes, and we all have bad luck. It just so happens your bad luck existed at the wrong time. In the eyes of chaos, it matters not when it happens, and even if you lose your entire hard drive, it doesn't care. So please don't feel bad for being a victim of things you couldn't ever control.
Or you could make a backup on a hidden USB drive. Fuck you, chaos!
Encryption is Snowden approved and protects everything you may want to store. It is one of the easiest things to implement, and the benefits you gain from it are massive, especially when compared to the availability of programs willing to encrypt your files (making sure only to use trustworthy ones though, ones which aren't closed-source, and ones which are recommended on privacy advocate sites like prism-break.org). It's one of the only defenses against thugs, as when a forensics team sees encryption, they mostly break down into tears. It's that good.
The takeaway? Encrypt your files, dummy! It's free, it's easy, and it's one of the only ways to stay secure without going full stone-age and nuking the Web from your life. And if you don't, for whatever reason, then I cannot help you, as failing to meet me halfway as I try to make you a better person shows me that you are not ready to become a better person.
Remeber: encrypt everything, always have a backup, and make sure you never forget your passwords!
Browse it all cleartext from Froghand.
Today's page was updated on June 22, 2016!
Unencrypted data is only safe from raccoons.