In my last post, I talked about cracking Microsoft Office password protected documents.  In the end of that post, I suggested storing the entire document in a password manager and I also mentioned VeraCrypt.  Truth be told, I was going to link to a post that I thought I'd written for this site but I was mistaken.  I'd actually written documentation for a client specifically about VeraCrypt and for obvious reasons, I'm unable to post that document.  

Understanding what a product like VeraCrypt can do for us enables us to choose the appropriate level of security for a given situation.  If you're storing sensitive data in files, VeraCrypt could be a potential avenue for adding protection for your sensitive data if password protecting your documents isn't enough.  

Before moving on, I'd also like to mention that security is inconvenient at times -- most times.  I would love to leave my doors unlocked at my home because it's inconvenient to dig the keys out of my pocket each time I want to open the door.  But that's not the world that we live in.  If you use this product correctly, you will open the vault when needed and you'll close the vault when you're done.  In other words, if you're consistently accessing this data throughout the day, you're going to open it when you come into the office and you're going to close it when you leave.  If you leave it open every minute of every day, it won't protect you much more than the file(s) living in the file system without protection.  That would essentially be the same as installing a deadbolt on your front door but never locking the lock.  

Moving on to the VeraCrypt installation--  

The download site:





In this post, we're installing the Windows version.  After we download it, we start the install:

We accept the terms and we select Next:

We select Install and Next:

These are the defaults, we select Next:

When the installation is complete, we select OK:

We select Finish:

You can choose to read the tutorial:

And when the application is finished installing, we find the Icon on our desktop:

When we launch the application, we are choosing to create an encrypted container:

We are choosing a Standard VeraCrypt Volume and selecting Next:

We are pointing to a document that has yet to be created.  You can choose any location and any type of file.

Basically, we are creating a container to hold documents.  Think of it as a protected thumb drive that could be megabytes, gigabytes, or even terabytes in size.  Now when we're considering a name and a file type, I would think of images or MP3s, which could be in the hundred-ish megabyte range, or videos which could be in the gigabyte-ish range.  

For example, if I were creating a 100MB file, I might name it:  "2019FamilyPhoto.jpg"

If I were were creating a 2GB file, I might call it:  "KidsBirthday.MP4"

Either of these could blend in if they were placed in the appropriate folders like Pictures or Videos.  A 2GB Word document might raise an eyebrow.  Something to think about.

In this example, I'm going to create a 100MB Word Document and I'm placing it in the root of the C: Drive:

At this point, we are selecting the type of encryption.  I'm not a crypto expert and I'm selecting this particular algorithm because its name sounds cool and it looks strong:

This is where we are selecting our size.  These containers cannot grow once they are created so choose your size with scaling in mind:

You need a strong password.  Again, speaking of inconvenient -- but we are defeating the purpose if we use a weak password:

I really don't understand why we have to go through this mouse moving exercise -- there must be a better way but that's not the case.  We have to move the mouse around and around until it hits green.  I keep going until we've maxed out the green bar:

FINALLY, we're done:

Unless you want to create another container, we're selecting Exit:

When we launch the application, we're selecting a drive letter.  Any drive letter will do.  We are then pointing to our file, we want to make sure we're not saving history, and then we're selecting Mount:

We are then prompted for our password, we enter our password:

It starts the decryption and mounting process:

When it's finished, we see our mounted drive in VeraCrypt:

When we open File Explorer, we see our newly mounted drive:

We can open our mounted vault like any other drive:

We move our secrets into the vault and when we're finished, we select Dismount All:

Viewing File Explorer once more, we see that our vault has been dismounted and our drive is no longer available to us until we mount the drive once more.

Full disclosure, I read an article that talked about encrypted containers living on encrypted volumes can weaken the encryption on the volume.  So what does that mean?  It means that if you have an encrypted drive using, for example, Bitlocker, using an encrypted container like VeraCrypt can weaken the Bitlocker encryption.  I have to be honest, I don't know if this is true or not.  What I do know is that a file containing sensitive data, even if password protected, can be fairly easy to crack.  I've written a few posts about hunting for Social Security Numbers, Credit Card Numbers, cracking PDFs, cracking ZIP files, and the search function on this site can point you to what else I've been hunting and cracking.  What I'm not cracking is VeraCrypt encrypted containers.  If someone is smart enough to break the encryption on Bitlocker because of an encrypted VeraCrypt container, we have bigger concerns.  What I'm proposing here is a basic added protection against prying eyes.