What do you think of Veracrypt ?
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
www.veracrypt.fr
external-link

VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.

I’d like to use BSD more, but what about encrypted backup disks ? I just found out that Veracrypt works on FreeBSD https://www.freshports.org/security/veracrypt/ For OpenBSD someone was working on a port but this seems to have gone stale. Veracrypt is based on the “notorious” Truecrypt. At first iirc Veracrypt was hosted on a Microsoft focused coding platform, now they seem to host it themselves. What do you think about VC ? Of course I could buy a new usb disk for my BSD installs and use native encryption that. But with Veracrypt I could use the disks on Linux and BSD. Then there is also EncFS which is apparently supported by OpenBSD and FreeBSD but I’ve read it doesn’t have a good name. https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software#Operating_systems Then there is the idea of using ZFS encryption. Looking forward to your thoughts and ideas.

Dessalines
admin
41Y

iirc its the best option for people on windows, but for linux, LUKs is standard on pretty much every distro now, and its really easy to do.

I just set up a 4 USB raid 0 array with luks. Not sure what I’m going to do with it, start a cryptocurrency tontine?

@ajz
creator
21Y

Regarding LUKS : I am using that, but afaik FreeBSD and OpenBSD do not support that. Perhaps the easiest option for me would be buying a new usb disk just for backups from the BSD installs.

@Zillion
31Y

I used TrueCrypt for years on both Windoze and Linux and migrated to VeraCrypt with no problems. I have also used LUKS, but I found it harder to set up and more brittle—it didn’t “just work” across updates (Gentoo) a few times. I have no idea about the relative security of VeraCrypt and LUKS. My problems with LUKS were > 5 years ago, so things have likely improved.

@blaaa
21Y

both openbsd and freebsd have native disk encryption, which is better supported as veracrypt.

on the BSD’s the philosophy is to use the base system for all you can and only use ports and packages when no base-equivalent exists.

see: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html and https://www.tumfatig.net/20190311/openbsd-laptop-with-full-disk-encryption/

@blaaa
21Y

on freebsd, the encryption is a layer between filesystem and disk as far as i understand. on openbsd, full disk encryption is implemented in the raid software system (‘softraid’). but you can’t use normal raid features (mirroring, striping) and encryption. for that you would need for instance veracrypt or so

@blaaa
21Y

also for the bsd’s i would suggest to ask on their mailinglists. They can tell you the correct solution to very problem.

A loosely moderated place to ask open ended questions

If your post is

  1. Open ended
  2. Not offensive

it’s welcome here!

  • 0 users online
  • 11 users / day
  • 63 users / week
  • 136 users / month
  • 487 users / 6 months
  • 1561 subscribers
  • 445 Posts
  • 5522 Comments
  • Modlog