top of page

Using VeraCrypt to protect your USB based drives

There has been considerable research done and also various newspaper articles about people leaving laptops or drives in public locations that contain sensitive data. There are numerous ways to protect data and one of the easiest and reliable ways we have found is a program called VeraCrypt. This is a short guide to enable you to produce an encrypted drive to use, store and protect your data at rest.


We recommend you use a clean/new USB drive in the first instance and as an organisational aide we use a coloured USB stick to indicate a VeraCrypt drive or use a paint pen/permanent marker to mark it.


You obviously need VeraCrypt for this guide, the latest available is from https://veracrypt.codeplex.com/


Download and install the software as usual and start it afterwards. You will also need VeraCrypt on all machines you are using with this drive or media.


VeraCrypt runs on all major platforms Linux, Windows and Mac OS and transparently so, we here at SafeNSecure regularly use it between all three platforms.


Start Veracrypt

The main VeraCrypt window will load and look like the following.


You obviously need to make some decisions before you continue. This guide will encrypt the full USB drive, erasing/destroying all of the existing contents in the process.



Figure 1 – Veracrypt Main Window


WARNING Do not encrypt a drive that already has data on it. Copy the data off somewhere first and recopy back on after encrypting.


Click on the Tools menu then select Volume Creation Wizard.

A window will appear asking about the type of volume that you want to create.



Figure 2 – VeraCrypt Volume Creation Wizard


The choices are to create an encrypted container, encrypt a partition / drive or encrypt the system partition (the one running Windows). We are going to create a volume within a non-system device and check the second option in that screen. Click Next


The next window gives us the choice to create a standard or hidden VeraCrypt volume.


Figure 3 – Veracrypt Volume Type


Hidden volumes are created in standard volumes. Hidden volumes and allow a decoy volume to exist with a separate password. If under duress, you can supply the standard password and not the password for the hidden volume. We are creating a standard volume therefore Select it and Click Next

Now we are selecting the device that we want to encrypt, in our case the new USB drive. Click Select Device – This bring up a dialog to select your USB drive it will appear as drives D: E: F: etc on Windows, Linux/Ubuntu as a Device Mapping and Macintosh as the Name of your USB drive. Then having selected your USB device



Figure 4 – Veracrypt Volume/Drive location

Select Create encrypted volume and format it that is the quickest way. Note it will DESTROY any data on the drive



Figure 5 – Volume Creation Mode

Click Next this will take you to the encryption options scree



Figure 6 – Select Encryption Options


This encryption options screen details the encryption and hash algorithms that can be used. My selection was AES and SHA-512, which should be reasonably secure. You can run benchmarks in that window and get additional information about each algorithm. All algorithms are secure (unless someone proves otherwise, which has not happened yet).

Select your algorithm(s) and Click Next



Figure 7 – Volume Size


This screen shows us the volume size we are using. We are encrypting the entire thumb drive, so simply hit next.


The Volume Password is the most important part of the process. You access your files with it and if you happen to forget it your files are lost forever! So record it somewhere secure and accessible.


Figure 8 – Enter your volume password (complex) > 25 characters


Make sure you use a large password, something that is not a dictionary word and not a combination of them. A password should be at least made of 25 characters and be made of upper and lower case chars, numbers and special chars. The maximum amount of chars is 64. A keyfile can be created as well which then works in combination with the password. Store this password somewhere safe (envelope in a safe) should you forget it

The drive will be formatted in the end. You need to move your mouse randomly around the screen for some time to improve the quality of the encryption keys. You need to key doing this until the Format button is active then Click it



Figure 9 – Formatting the volume


The file system and cluster size can remain as is unless you need them to be different. Using Quick Format if there have not been any files on the USB drive previously. The process is finished after this step. You need to mount the drive now to be able to use it.


Mounting your encrypted USB drive

Select a drive letter currently not assigned and click on Select Device afterwards in the main menu. Now select the partition or drive that you have encrypted and click on OK



Figure 10 – Mounting your encrypted drive for use


Now click on Mount which opens up a password box where you have to enter the password that you have selected during setup. Click OK afterwards and work with the hard drive normally from there on if the password was correct it should appear as your selected drive on your machine. At the conclusion of use do not forget to Dismount All this will close the Veracrypt file down.


IMPORTANT NOTE If you place a VeraCrypt encrypted drive in a normal machine it appears as a drive that needs formatting…and it asks you to do so don’t format it… otherwise..you have just lost all the data!

19 views0 comments

Comments


bottom of page