Help with Encrypting External Hard Drive

I've just bought a WD Elements 5tb External Hard Drive and was looking for some help regarding adding some security.

Before, I probably would have run a full disk encryption using TrueCrypt but not really sure what to make of the program now.
I've also looked at encrypting the drive using the Apple and Linux drive encryption that both OS's offer, but wanted to ask the community for advice before I made any changes.

Can someone please advise.

I could be totally wrong but isn't VeraCrypt the open source continuation of TrueCrypt???

I'm not very knowledgeable about encryption and the various software solutions. That said I use VeraCrypt to protect a few relatively sensitive files and it seems fine.

I second VeraCrypt.

Use could use truecrpt to encrypt the drive and store truecrypt on a flash drive to decrypt it

@ir7xps @fadedmaster thanks, will have a look at veracrypt
@Dje4321 although I've used the program up until its recent demise, not sure I can fully trust it anymore

Any other recommendations for encryption?
Would you recommend veracrypt over traditional Linux or Apple full disk encryption?

I third VeraCrypt. Been using that between Windows and Linux on my desktop for my internal storage drive without an issue. I've also used Apple's disk encryption for external drives on my Mac, but haven't looked into how well it works across different OS's.

As people are throwing around veracrypt as an alternative to truecrypt without much explanation I thought I'd quickly add a few points.

Veracrypt is based off the vulnerable truecrypt of which it may have included vulnerabilities not disclosed when they stopped the project.

Veracrypt has fixed many known vulnerabilities and has improved security in parts.

The version of truecrypt that veracrypt is based off did go under a code audit. It did not however go under a full audit and so much of the code has not actually been audited by anyone.

Just keep that in mind.

Older versions of true crypt or Vera crypt is what I would recommend. If you had to use a TPM id recommend Bitlocker

Does anyone have any long term use of using Veracrypt? I've read some users complain of stability issues compared to Truecrypt.

I would NOT recommend that. Have a look at the release notes of VeraCrypt why would one use a version with known issues that have since been patched?

1 Like

Just use LUKS. It's linux only but it's secure and integrates very well into linux.

If only windows played nice with it lol.. We need to get sataya on that

Trust. Truecrypt has earned it, and the Veracrypt people seem well intentioned but they have yet to earn it. I suspect that will change going forward.

The issues aren't really that serious for TC 7.1a. The most serious bug potentially affects multi-user systems and is not related to any of the cryptography.

If you only use plan on using it on windows systems, reformat it as NTFS and then encrypt it using BitLocker. If you don't need plausible deniability, BitLocker has a mode where you can encrypt only existing data and any new data put onto the drive (instead of having to encrypt it all) making the encryption process take just a few minutes instead of 12+hrs.

This is not a good idea if you want full cross platform support however, in that situation Veracrypt or Truecrypt would be better options.

In regards to not trusting bitlocker due to the authors being MS: consider that the veracrypt project, which people are recommending here is hosted on CodePlex, which is also owned by MS.

I'm not sure what you mean. All the four vulnerabilities found by he audit were classified as 'cryptography', as in vulnerabilities in the mathematical protection of the data. Have a look at page 12 of the final audit.

The fourth vulnerability is concerning full-disk encryption, which is what OP was asking about, so it might be a good idea to steer clear of that route.

I'm not saying Truecrypt is not secure enough for keeping all but the best at bay, but I am no expert, I actually have no idea and neither do a lot of people. There are surely also problems with Veracrypt, as they have not been able to fix all the vulnerabilities, but they are actively in development, so I would trust them more than a project I know (and everybody else know) has problems.

Try not to do partial quotes if the surrounding text provides context relevant to the quote. Doing so in a malicious way is called "quote mining", and doing so inadvertently is called "lack of reading comprehension."

So anyway.

is referring to a single specific vulnerability discovered post-audit related to limited user rights escalation, not the audit-related stuff that was specifically focusing on the crypto.

I actually read the audit in it's entirety when it came out, both phases.

From page 12: "The consequences of a successful header forgery are unclear. Because the header contains many fields that drive program behavior, tampering with them may cause TrueCrypt to enter unexpected or invalid states." So basically that means TC 7.1a will say "invalid TC volume or invalid password" or w/e because it will probably fail to decrypt the volume. For FDE situations, this just means using the TC rescue disk because someone corrupted the header.

None of the vulnerabilities are significant enough to justify not using TC provided the system is not a multi-user system, so TC 7.1a is a solid choice if the OP wants to use it over VeraCrypt. That said, the usual comments about using unsupported software do still apply here.

Thank you for clearing that up.

Thanks for all the comments so far, I've read everyone's suggestion, however, I'm still lost.

I use a combination of Windows, Linux and OSX systems and I had used TrueCrypt in the past specifically for its ability to be used on multiple systems.

I agree with @Peanut253 in regards to TrueCrypt earning trust over several years and although I dont have any need for plausible deniability or anything of that sort, I would rather have my privacy and security.

I'm going to take some time to really look into the various other options available and the recommendations made, but I'd like to thank everyone for their input.