How Do I Encrypt My Computer/USB (Safely)?

in #security8 years ago (edited)

A simple question, but sadly often left unanswered or answered wrongly. To answer this we must define what safe is to YOU.
Is it protecting from petty thieves?
Governments?
Family?
Everything?

You best be saying everything, as if not you're leaving yourself open to attack.
VmgvHT6P.png
Lets just get straight down to business.
You aren't going to use anything from a big company, if you know anything about computer security you know Windows/Microsoft is a disaster for your privacy. They'll flip the second the government requests them too.
So you're going to want the obscure, the independent, the open source, correct?

That's where you have two options.
Something called TrueCrypt, an old friend, trusted, outdated, but still hard as a brick wall. Nobody is going to be destroying the illusion of safety for you, a petty lad who trades digital money and hates the fiat money system.
They're saving that for a big fish.
But if you pick this guy, DO NOT get the latest version. It's a Microsoft data-miner. Go get yourself the 7.1a version, the last version that was done independently.

Alternatively, you could go with the new guy, based off the old guy, Truecrypt, and far tougher but not as tested. To not get all technical, essentially nothing is getting through this, and it's just as light as Truecrypt, it's simply different.
Just get the latest version.

VeraCrypt_screenshot.png

It's the same for either program, but here's how you start. First, click the "Create volume" button, then you will see the picture above.
Do not use the first option. It's just garbage and it won't protect you fully, especially if you use Windows/Mac.
The second option is great for external drives and USB's, it's the exact same as FDE, just for the USB (has no boot menu).
The third option is what you use for your computer, Full-disk Encryption. Nothing will get into your precious data when you have these shields up.

Once you select one of those, you then need to decide on if you want it hidden or not. Essentially hidden makes you have a fake-copy that unlocks which has just dummy information you need to upload, non-hidden doesn't.
I'd advise non-hidden, as you probably will not want to trick a gunman demanding you to unlock it if somehow that happens. For all other cases, such as legally, remain silent and refuse to open it. If advised to do so, type some gibberish in slowly and get it wrong a few times then claim you haven't opened it for awhile.

You then select a file/flder or the disk you're going to be encrypting.
You should once continuing on pressing next, be here.

DO NOT simply press next if you want to be ultra-secure.
You're going to want the "AES-Twofish-Serpent" method. Why? It goes from weakest to hardest encryption, and essentially tripple-encrypts it for you. They'll have the break down all three to get to your data, which is essentially impossible.

The Hash algorithm really is not important, pick whichever you like or look into it if you want. It really doesn't make a difference.

Continue on and you should be asked for a password, for security I'd advise 40+ characters, no words, however unless you're RADICAL like me that may be overkill. Do at least 10-20 to protect from brute-forcing, although long gibberish is best (like your steemit password, but different).
You can add keyfiles, but again unless you're an supercriminal this is really over-kill unless you have a short password. This will require a second usb with hundreds of pictures or files on it, one or more being the ones you use. If you lose these your password no longer works. They have to be 100% identical to work.

Then simply press continue, do the wiggle with your mouse till the green bar fills up, then press the "format/encrypt" and it'll fix you right on up.
Then you're done!
Keep that password hidden well or memorized, backup the keyfiles and store one off-site if possible, and never leave your computer unlocked for long periods of time or preferably when you're not using it.

Lastly, an easily found/guessed password is an easily found jackpot; don't leave it in a notebook, taped to your computer, or anything silly.


-When Encrypting ensure that the USB/external has no data as it will be wiped; when the computer is being FDE no data will be wiped if chosen to not wipe, however it will take longer.

-When turning off your computer ideally never simply unplug it, this can leave security vulnerabilities (governments) for a few minutes, so if you're doing mad illegal things protect it with your life for around 2~ minutes, then cooperate with the police while remaining silent or refusing to give the password.


Unplanned, unscripted, unedited, no proof-reads; exactly how I'd tell you to encrypt your computer if you were next to me and asked right now.

A more picture-intensive official guide to Veracrypt can be found here: https://veracrypt.codeplex.com/wikipage?title=Beginner%27s%20Tutorial

For download of Veracrypt: https://www.veracrypt.fr/en/Home.html

Sort:  

I love VC for my Crypto. I keep my wallets in there and one long ass pw. I like your articles. Keep it up.

Thanks mate, and thanks for the offering~
I do the same; I use the FDE followed by a small individual encrypted folder for my wallets as well. Once I Get a hardware wallet it'd be unnecessary I'm sure, but till then it's better to be safe than lose 1000's of dollars.

This post received a 2.6% upvote from @randowhale thanks to @thatadvocate! For more information, click here!