Not the file password, but my computer login password

@IceBreaker
link
fedilink
114d

Veracypt is asking for computer password because your keyring is not unlocked. Keyring is a security feature which keeps your ssh, GPG keys and keys from applications that use this feature, like Chromium safe.

Its not recommended to disable keyring as its a security feature

Open the Password and Keys application from the menu.
Right Click on Login -> Change Password
When it asks to change the password, don’t enter a new password and hit Continue instead. This will remove any password from the keyring

Source: https://itsfoss.com/ubuntu-keyring/

Veracypt is asking for computer password because your keyring is not unlocked.

On mobile I use eds lite and I don’t have to put in my phone password. Why?

@IceBreaker
link
fedilink
214d

Also keyring is not a part of Veracrypt but a part of linux itself. It’s a database containing your login information. It’s shipped so that to every software does not need to reinvent code to just save your login info.

@IceBreaker
link
fedilink
214d

It’s because Android is more secure and each apps file access is sandboxed while in Ubuntu any app can access any file. Veracypt may be storing a private key(created during first run) to encrypt config file. Try clicking on cancel when it asks computer password and you will find you will have limited access to your app data(the app may not even open).

It’s because Android is more secure and each apps file access is sandboxed while in Ubuntu any app can access any file

This sound superior. Do you know why the Ubuntu dev didn’t put this in too?

You can do that with MAC (mandatory access control) software like AppArmor, firejail, SELinux and even to an extent Flatseal/Flatpak and the (awful, awful) Snap.

The issue is that on a desktop PC it’s far harder to control what the user does with portals, so it leads to more issues with applications not used to being sandboxed.

So ‘the Ubuntu dev’, which is not a single person but a team of maintainers in that case, just didn’t sandbox every application not because it’s not possible, but because it’s too much work for maintainers causing trouble.

In fact, Canonical themselves try time and time again to make Snap a thing but it’s just an awful NIH (not invented here) concept, inferior to Flatpak, Snap and the kind of sandboxing AppArmor and SELinux provide.

If you want a more secure distribution with SELinux by default, there’s Fedora. You have been warned 😉

From what I understood, Interesting!

cryptsetup can actually work with VeraCrypt.

What exactly do you want to achieve?

https://wiki.archlinux.org/title/VeraCrypt

I use Vera to encrypt a few sensitive folders. I want to have those folders encrypted, but not have to type in 2 passwords to get to them.

Like when I use Firefox, that’s 0 passwords to open ff.

Why not use dm-crypt / cryptsetup instead? Do you need to use those folders on other systems aswell?

Keep in mind you also leak metadata when the root partition is not encrypted. With modern CPUs I’d always encrypt the whole root partition and only when you have performance issues you might want to think about having folders which are not encrypted. For example, I have my games folder which doesn’t have encryption because I don’t run these games as root so it doesn’t matter if they get tampered with.

cryptsetup

Judging from the name of this, I assume that it’s whole disc encryption. You know, that option when setting up the computer about whether I want to encrypt

No, you can easily LUKS/dm-crypt encrypt single partitions or containers.

It supports TrueCrypt (and VeraCrypt) containers: https://kenfavors.com/code/how-to-open-a-truecrypt-container-using-cryptsetup/

And it supports LUKS containers, even with sparse files: https://serverfault.com/questions/696554/creating-a-grow-on-demand-encrypted-volume-with-luks

There’s even a GUI for that: https://github.com/jas-per/luckyLUKS

I have my whole disk encrypted, and I specifically encrypted a few folders. Basically my opsec, when acquitances are using my computer, I don’t want them to access my porn folders certain folders.

Yes but why do you use Veracrypt instead of dm-crypt if you’re on Linux?

Very simple good gentlecoin, bc I’ve never heard of dm-crypt until just now xD

Not memeing here

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

  • 0 users online
  • 13 users / day
  • 33 users / week
  • 116 users / month
  • 400 users / 6 months
  • 5.37K subscribers
  • 1.37K Posts
  • 4.96K Comments
  • Modlog