Veracrypt – Interesting Way To Encrypt Drive…. Maybe?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

B

barcleyb

Member
Dec 7, 2022
8
0
So, I performed a Diskpart > Clean All on a drive, the job finished OK, had to turn off PC and go out.

Came back and had forgotten I hadn’t initialised the drive or formatted it etc, Veracrypt allowed me to encrypt the drive (2TB) to its full capacity with an NTFS (assume other types would work to? – exFAT etc) volume, I mount the drive as usual and the system has no complaints, I can copy to, from and delete as any other drive.

If I query the disk in Computer Management > Disk Management, Danger Will Robinson - the first thing it wants to do is initialise the drive (GPT) even though it’s mounted by Veracrypt. If I cancel that then Disk Management just sees the disk as unallocated and un-initialised.

OK, so long as I don’t initialise the disk all is well. But this has got me wondering, is there a downside to encrypting and using a disk in this way – Obviously always remember not to initialise that disk, but that aside what else could go wrong that I’m not thinking of?

I have thought of a possible use, you could encrypt a USB/external drive in this manor and store data on it. If said drive became lost/out of your control and someone non techie was to find it, plug it in and take a look, all they would see is a blank disk that needs formatting – nothing to see here, right? Then hopefully format it, copy to it and overwrite the encrypted data none the wiser for what they’re overwriting, or perhaps toss it assuming its faulty.



Your thoughts please, have I missed something with any of this?
What, if any, are the down sides of using a disk in this way?
Would another OS handle a drive formatted in this way differently and perhaps reveal its secret when plugged in?
 
Yeah, that's pretty much how it's supposed to work. Your encrypted data is only accessible when it 'goes through' Veracrypt. Similarly, when you encrypt the system drive a Veracrypt driver has to load before booting so that the BIOS/UEFI and then Windows can read the disk. At least that's the way it worked in Truecrypt, I haven't encrypted a system drive with Veracrypt yet.

IIRC, initializing the disk in Windows changes the area of the disk that Veracrypt first checks on to see if it has encrypted the disk.
 
Last edited:
So, I guess my “surprise” comes from the fact that I have only ever setup a drive as “normal”, i.e. clean it, initialise it, create partition, format it then encrypt it and had always assumed that that was the way it should be done. Doing it this other way skips having to format the drive first, Veracrypt formats the drive as it encrypts it, a kind of 2 for 1 if you will.



One downside I have found is, windows can’t see the drive to optimise it, presumably the drives own internal hardware would deal with TRIM if the drive were an SSD? Otherwise if it were a HDD I guess there’s no way with in Windows to defrag it and you’d need to use 3rd party software?

Are my assumptions correct?
 
Hey, I didn't know that was in there.
Apparently in "Settings -> Performance/Driver Configuration" there's an option for enabling/disabling (default is disabled) the TRIM command on Windows for non system encrypted drives.
Also, there's an option in "System -> Settings" for an encrypted system drive.

Cool, I'll have to change that.
 
I had no idea that was there 🤣

That setting definitely allows Windows (10) to see the other drives, but at a cost!

Screenshot 2025-03-27 203834.jpg


Any one any idea what data may leak?

Better go RTM……
 
You must log in or register to reply here.

Similar threads

B
Backup Software for Cloud storage encryption
Replies
6
Views
460
Software
leilabd
leilabd
D
Creating a Thumb drive checking machine
Replies
4
Views
407
Software
dImpetus
D
miquelfire
LastPass finally encrypts URLs in vaults
Replies
4
Views
615
Software
miquelfire
miquelfire
f1assistance
Dumb and dumber...the race to the bottom won!
Replies
1
Views
227
Software
f1assistance
f1assistance
jerryyyyy
  • Question
Good (Safe) Software to Format Large SD Card to FAT32
Replies
7
Views
6K
Software
SeanBZA
S
Top Bottom
Back