VeraCrypt on Linux?

etcetera

Active Member
Joined
Mar 10, 2024
Messages
167
Reaction score
37
Credits
1,970
Veracrypt offers several layers of encryption:

You can either encrypt:
1) Bootloader
2) main partition
3) a container (basically an additional, non-root partition)
4) a file

any feedback on any of the above?
Also how does VC compare to the built-in Linux encryption, for example Ubuntu's implementation?
 


I prefer LUKS to encrypt disk but I don't know if veracrypt is more advantageous.
To encrypt directories I use "Vaults" in KDE desktop which uses cryfs by default to encrypt directory.

Benefit of those are that they're integrated with my system, while veracrypt is entirely separate software.
 
VC is a proven technology, they have been around. Used for a decade on Win* platform.
They don't do encrypted bootloader for UEFI systems however. For that I use bitlocker.

All of my hardware is encrypted main partition-wise.
 
If you just want to encrypt things, I see no reason to deviate from the default cryptsetup. You can of course. Do you have any reason against cryptsetup?

If you want plausible deniability encryption (which vera offers) I'd rather do that with cryptsetup, as having tools installed that are not installed by default don't help with plausible deniability. From what I know this is a common reason to install veracrypt in many forums and blogposts, but all of them miss this detail. I've written a blogpost about proper plausible deniability encryption recently, here is more info in regard to that topic.
 
By the way: encryption of your disk is for when you loose your laptop, or somebody breaks into your office.


If the workstation is already runnings its pretty useless, as the files are decrypted.


If you encrypt things on your workstation, like files, that you rarely use, and somebody steals your laptop while its on, then this might help. If somebody has physical access to your laptop while its on and you are away for 5 min its game
over, because they can install a keylogger / some r00tkit which will just monitor you typing the password.


Long story short you most likely only want regular root disk encryption, like what cryptsetup offers.


Also encryption can bite your bottom if you mess it up. If you can not decrypt your workstations disk, the data is lost.

Unless you know exactly what you are doing, and why you are deviating from the default, go with the default.
 

Staff online

Members online


Top