Isolating encrypted and unecnrypted Windows installations and protecting the boot loader

I want to use my PC both for gaming and for stuff like keeping cryptocurrency wallets, online banking, etc. I need to install games as admin but of course I don’t want them to be able to access my wallets data in any way even if they have … Continue reading Isolating encrypted and unecnrypted Windows installations and protecting the boot loader

If I hibernate my Linux distro (which has an encrypted partition) and store it in a unencrypted swap partition, can an attacker access all my data?

Is it possible? How? Should I encrypt my swap partition? If I don’t encrypt it, basically I make encryption in the main partition useless.

Continue reading If I hibernate my Linux distro (which has an encrypted partition) and store it in a unencrypted swap partition, can an attacker access all my data?

Do I retain plausible deniability if using "quick format" in veracrypt on new SSD?

I bought a new 2 TB SSD (NVMe). I want to turn it entirely into a veracrypt volume, nearly all of the drive being for a hidden volume. First, I told it to do a “quick format”, which was done instantly. Because in https://sourceforge.net/p/veracrypt/discussion/general/thread/38c20fbe/ someone wrote

I would still avoid using Quick Format option on new drives/partitions because the “data” patterns will be different between a new drive and the VeraCrypt encrypted “data” patterns. The documentation explains the scenarios that may matter to you.

now, I unchecked “quick format”. This will take 11 hours just for the outer volume and probably another 11 hours for the inner volume.

I read in https://www.veracrypt.fr/en/Creating%20New%20Volumes.html

If unchecked, each sector of the new volume will be formatted. This means that the new volume will be entirely filled with random data. Quick format is much faster but may be less secure because until the whole volume has been filled with files, it may be possible to tell how much data it contains (if the space was not filled with random data beforehand). If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices, except on Windows where it is also available when creating file containers.

which sounds like it would be okay to use “quick format”. Afterall, I guess that a new SSD has random data on it. However, as the above post said, maybe differently random data. I guess via measuring the entropy, if I piece the accepted answer of https://superuser.com/questions/1569622/what-is-quick-formatting-in-veracrypt together correctly for my case.

However, Can someone access my veracrypt quick formatted container’s files more easily than if I’d performed a full format? seems to confirm that “quick format” is okay, but I am not sure if I am reading this correctly. However,

The answers in https://www.reddit.com/r/VeraCrypt/comments/12esgyh/quick_format_and_security/ say on the one hand

It is trivial to accertain what part is filled and what is “factory empty” portion of your device if you do not full format it with random data.

on the other hand

Running Quick Format on an empty drive before formatting the VeraCrypt volume results in VeraCrypt randomizing the drive, anyway.

I also read

Question

So, do I need to format both the outer and the inner (hidden) volume without using “quick format” in order to have plausible deniability?

Continue reading Do I retain plausible deniability if using "quick format" in veracrypt on new SSD?

Choosing Encryption Strategies for Secure Long-Term Storage of Sensitive Data

When considering external drives for secure long-term storage of sensitive data, what are the pros and cons of using the same password for encrypting all files versus using random passwords for each file (or junk of files), and how does th… Continue reading Choosing Encryption Strategies for Secure Long-Term Storage of Sensitive Data