Can I play games and listen to music from an encrypted hard drive (encrypted with Veracrypt)?

[qubit]

Because Bitlocker is not only less than secure, it has known backdoors deliberately engineered into the way it works. Using bitlocker is about as secure as a wet paper bag to the right people.

No it isn't. When the US DoD and SEC forbid it's use on any and all government computers, you know you shouldn't be using it.

Well, I've never heard of back doors in it, but I wouldn't be surprised.

But seriously, I do know enterprises that use it, not small outfits, hence my comment.

 

[lexluthermiester]

Well, I've never heard of back doors in it, but I wouldn't be surprised.

They're there. I'm not having a tinhat moment. The US and other governments have asked(and required) microsoft engineer backdoors into the OS for law-enforcement reasons. For anyone who knows what they're doing, bitlocker is an easy thing to get passed, much like Windows Defender.

But seriously, I do know enterprises that use it

Incompetent fools.

 

[R-T-B]

Bitlockers main problem is it can't save you from the government because it saves a copy of your private key in the cloud.

Technically if you trust your government this should not matter, but it does kind of rub me the wrong way.

 

[lexluthermiester]

Bitlockers main problem is it can't save you from the government because it saves a copy of your private key in the cloud.

Technically if you trust your government this should not matter, but it does kind of rub me the wrong way.

And that is not the only way to crack it open.

 

[claes]

When the US DoD and SEC forbid it's use on any and all government computers, you know you shouldn't be using it.

Source?

 

[R-T-B]

And that is not the only way to crack it open.

They make a recovery kit for law enforcement, but as far as I know it still depends on having the recovery key from the cloud. Of course a court order can get that no issue.

 

[lexluthermiester]

They make a recovery kit for law enforcement, but as far as I know it still depends on having the recovery key from the cloud. Of course a court order can get that no issue.

That's the official method. There are other, faster, methods to enable data access that microsoft doesn't officially talk about.

Getting back on topic, Veracrypt has no known or theorized exploits or weaknesses. Truecrypt only had one, known as the "Evil Maid" attack. That attack requires undetected physical access to the subject system/drive. Otherwise Truecrypt is still safe for general personal use, even without continuing support. Veracrypt likewise is safe for anything a person or company wishes to protect.

 

[R-T-B]

Getting back on topic, Veracrypt has no known or theorized exploits or weaknesses. Truecrypt only had one, known as the "Evil Maid" attack.

That attack is basically installing a fake bootloader that harvests your passphrase btw. Secure boot and such came about to defeat such things (with a side effect of making linux's life harder, which MS loved too no doubt).

 

[lexluthermiester]

That attack is basically installing a fake bootloader that harvests your passphrase btw.

Correct. I've actually seen it done. Kinda freaky really.

Secure boot and such came about to defeat such things (with a side effect of making linux's life harder, which MS loved too no doubt).

The problem with SecureBoot is that it can make Truecrypt and VeraCrypt more difficult to use in certain situations.

 

[claes]

Source?

I wasn’t really expecting a response but the dod not only uses but mandates bitlocker on all windows machines

Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.

Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems.

www.stigviewer.com

GitHub - nsacyber/BitLocker-Guidance: Configuration guidance for implementing BitLocker. #nsacyber

Configuration guidance for implementing BitLocker. #nsacyber - nsacyber/BitLocker-Guidance

github.com

Request Rejected

https://d0.awsstatic.com/whitepapers/compliance/AWS_DOD_CSM_Reference_Architecture.pdf

The SEC doesn’t actually have guidelines beyond encrypting data at rest (part of my skepticism), but bitlocker is compliant with their FIPS standard. Deloitte and Varonis and the like still certify for it fwiw

https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2934.pdf

I’m no security expert or anything just don’t like disinfo, have a good one

 

[tpa-pr]

I'd like to offer a differing perspective: is there any reason to use Bitlocker/Veracrypt at all? Are you storing sensitive information on your secondary drive in a device that could potentially be physically accessed by a malicious party (eg: a laptop)? If you're worrying about surveillance by law enforcement/intelligence, are you a big enough "target" to even warrant their attention?

If you're asking about doing this with the reason being "I want to", that's perfectly fine. But if it's because of the above reasons you might want to sit down and work out your attack surface area and if it's worth the additional complexity (and potential breakage followed by stress) to your current way of working.

To give an example: I have a laptop I cart around with me at all times, which contains my personal data, that has Bitlocker enabled. But on my gaming rig at home, which has the same data? It's a gigantic, overly heavy computer tower, in a room which is spitting distance away from my bedroom, with difficult to remove drives, in an apartment which is inside a gated complex. The chances of someone getting access to it and exfiltrating anything on it (with or without my knowledge) are slim to none. The chances of anyone even bothering to try ARE none. So I don't worry about Bitlocker.

(I ask these questions because I went through a period of intense paranoia a few years ago which led to a lot of precautions including the above. A friend asked me the same questions and helped me shift my perspective. I am a lot calmer person now!)

 

[Eddie58]

Make sure you disable the page file if you use VeraCrypt as it has a bug that causes random system freezes.

 

[johnspack]

Veracrypt is fine. I've been using it for years since it was Truecrypt. Yes you can mount a volume and use it like an hdd or ssd and play music ect from it.
You can use it to keep the kiddies in the house from r rated movies ect. Whatever.

 

[Mussels]

I wasn’t really expecting a response but the dod not only uses but mandates bitlocker on all windows machines

Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.

Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems.

www.stigviewer.com

GitHub - nsacyber/BitLocker-Guidance: Configuration guidance for implementing BitLocker. #nsacyber

Configuration guidance for implementing BitLocker. #nsacyber - nsacyber/BitLocker-Guidance

github.com

Request Rejected

https://d0.awsstatic.com/whitepapers/compliance/AWS_DOD_CSM_Reference_Architecture.pdf

The SEC doesn’t actually have guidelines beyond encrypting data at rest (part of my skepticism), but bitlocker is compliant with their FIPS standard. Deloitte and Varonis and the like still certify for it fwiw

https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2934.pdf

I’m no security expert or anything just don’t like disinfo, have a good one

To a trusting person, the government mandates it because it's secure enough for their basic needs
To a paranoid person, the government mandates it because that guarantees they, and only they can snoop at any time they want.


You'll never convince a paranoid person the first option is correct, it's not who they are.

 

[claes]

I don’t even believe in IT security, was just pointing out the facts I know full well that I’m being spied on and am unconvinced I can do anything about it

(and yeah, the cia allegedly backdoored bitlocker awhile ago)

 

[Ferrum Master]

I 7zip with AES256 the sensitive data portions and call it a day. No hassle. Good luck cracking that.

 

[Eddie58]

I 7zip with AES256 the sensitive data portions and call it a day. No hassle. Good luck cracking that.

Do you extract it every time you want to modify something and then archive it again afterwards? If so, you probably have an unencrypted copy on your drive that data recovery software could access. Doesn't sound very practical either, better off using an encrypted volume with VeraCrypt.

 

[Ferrum Master]

Do you extract it every time you want to modify something and then archive it again afterwards? If so, you probably have an unencrypted copy on your drive that data recovery software could access. Doesn't sound very practical either, better off using an encrypted volume with VeraCrypt.

I do not need to touch my sensitive data often. Games and audio files are a weird thing to encrypt in the first place imho as it is a legal copy of your owned item from a cloud, that has the same in millions copies.

We are talking about real sensitive data like documents and passwords, tokens, certificates, drug bills, weapons deals, Cremlin chat, but thats unencrypted usualy via plain random email.

If used on nvme drive and accesing it, it becomes unrecovarable in few minutes due to trim and garbage collection. Agressive SLC emulation techniques make it even faster in seconds. You can recover a shut unpowered drive with unencrypted data, if you clean after your edits, good luck reading nand, wasted effort. Data is wiped fast.

The best part you can keep your password compressed 7zips in the cloud or any other storage media for backup and share it for your partners in crime ie post it via pigeon mail in attached sdcard on the birds leg.

If your veracrypted drive dies you are on your own and all data is lost. So what we need? Sensitive data without backup?

We have to split people who really do and need to hide their data and those who do in the case of what if. None gives perfect result actually.
Actually doing archieves like that is a approved goverment and company practice. @R-T-B could explain it even better.

 

[Eddie58]

If used on nvme drive and accesing it, it becomes unrecovarable in few minutes due to trim and garbage collection. Agressive SLC emulation techniques make it even faster in seconds. You can recover a shut unpowered drive with unencrypted data, if you clean after your edits, good luck reading nand, wasted effort. Data is wiped fast.

With SSDs you can never really be sure the data is wiped, even if you use a secure erase program wear leveling may have re-mapped the block.

The best part you can keep your password compressed 7zips in the cloud or any other storage media for backup and share it for your partners in crime ie post it via pigeon mail in attached sdcard on the birds leg.

You can store encrypted VeraCrypt file containers in the cloud too.

If your veracrypted drive dies you are on your own and all data is lost. So what we need? Sensitive data without backup?

If your drive dies what difference does it make if it's encrypted or not? You simply restore from backups in both cases.

 

[Mussels]

With SSDs you can never really be sure the data is wiped,

With SSD's spreading hte data over multiple chips it'd be like removing drives from a RAID array - the odds of recovering that data intact are very very slim if it's been continued to be used after the data was deleted

 

[Ferrum Master]

With SSD's spreading hte data over multiple chips it'd be like removing drives from a RAID array - the odds of recovering that data intact are very very slim if it's been continued to be used after the data was deleted

What he said also. I am an electronics tech and I do recoveries from NAND's, not only that. I've seen all most of Cellebrite government data spoofing gear also, don't ask why.

We have to pinpoint from whom we are hiding from also. If it is government then good luck, if a private organization, then you are good with veracrypt.

First thing not to do is using Windows. My five cents. You are trusting an undocumented kernel blob with unknown modules, I don't even want to indulge myself further of how pointless is really trusting anyone in this business and how some are even allowed to operate.

 

[Mussels]

If it is government then good luck

If the government REALLY wants something, they've got infinite money to throw at the problem

Just about anyone else relies on the sheer luck of accidentally getting access to valuable goodies, hence malware relying on automated emails and such to spread to see what idjit clicks the link


If we're talking the encryption keys to your bitcoins, absolutely lets find ways to make a few backups in various locations that are extremely encrypted - but games and music? They aren't worth the hardware resources.

 

[Ferrum Master]

If the government REALLY wants something, they've got infinite money to throw at the problem

There is a much more simple thing around here... court order to comply.

 

[Mussels]

There is a much more simple thing around here... court order to comply.

I'm not too aware of hard drives representing themselves in court and de-crypting themselves at the witness stand - so many possible situations where you wouldnt know the owner of a drive

 

[Ferrum Master]

I'm not too aware of hard drives representing themselves in court and de-crypting themselves at the witness stand - so many possible situations where you wouldnt know the owner of a drive

Well if the device gets confiscated after search or police raid they end up somewhere you know.