曾几何时,有一种称为TrueCrypt的(TrueCrypt)加密协议(encryption protocol)。据说它是完全坚不可摧的,因为FBI无法闯入。然后TrueCrypt 项目突然关闭(the TrueCrypt project was suddenly shut down),谣言四起(rumors started flying),说FBI终于破解了它的加密。
TrueCrypt 现在已被VeraCrypt取代,从外部看,它或多或少相同。但是,除非你的敌人是政府或在完全运作的死星(Death Star)上的邪恶皇帝,否则VeraCrypt足以让爱管闲事的父母、配偶和室友阅读你的私人业务(色情)。
在这篇由三部分组成的文章的第一部分中,我将向您展示如何使用VeraCrypt设置加密卷。在第二部分(part two)中,我将向您展示如何隐藏加密卷内(inside)
的隐藏部分以获得额外的超级安全性。在第三部分(part three)中,我将解释如何使用该程序加密您的整个操作系统(your entire operating
system)。
首次设置 VeraCrypt(Setting Up VeraCrypt For The Very First Time)
首先,前往Veracrypt 网站(the Veracrypt website)并选择您的操作系统(operating system)。我特别喜欢留在我的U 盘(USB stick)上的便携式Windows 版本(Windows version)。
现在像通常安装任何其他程序一样安装该程序。
打开它(Opening It Up)
当你打开程序时,这就是你所看到的。
第一步是点击“创建卷(Create Volume)”。现在弹出这个。
今天,我们从一号(number one)门出发。因此,单击“创建(Create)加密文件容器”,然后单击“下一步”。
隐藏卷选项(volume option)将在第二部分(part two)更深入地讨论。所以目前,选择“ Standard VeraCrypt volume ”,然后选择“Next”。
下一步是指定加密卷的位置及其名称。单击(Click)“选择文件”并导航到要放置它的文件夹。然后键入它的名称。如果需要,以后可以更改位置和名称。
下一个屏幕现在要求您选择加密算法。它将默认为AES,这非常好。如果它对于美国政府的最高机密(Top Secret)文件来说足够好,那么对于您的 Katy Perry 专辑来说就足够了。无需过多考虑这一点。
同样,不要碰散列算法(hash algorithm),除非你完全知道你在做什么。
您现在需要决定卷必须有多大。
您必须考虑两个因素。
- 加密卷将用于什么?例如,视频和音乐(Videos and music)将需要比纯粹的文件更大的音量。
- 您的计算机上有多少可用空间?VeraCrypt卷可以移动到可移动媒体上,例如USB 记忆(USB)棒和便携式硬盘驱动器。或者云存储。但是您需要提前了解是否有所需的存储空间(storage space),因为以后无法更改卷大小。
出于本文的目的,我选择了 1GB。但我的主要VeraCrypt 卷(VeraCrypt volume)是 150GB。
现在最重要的部分——密码。
在选择密码之前,您必须记住以下内容。为了安全起见, VeraCrypt(VeraCrypt)不会进行密码重置或密码提醒。因此,如果您忘记了密码,那么您实际上是在没有众所周知的桨的情况下在小溪上。
因此,虽然密码不应该像“12345”这样愚蠢的东西,但它也应该是你永远(always)记住的东西。
我暂时避免使用密钥文件和 PIM。它们有可能使您的音量更加安全,但您需要对它们的工作方式有充分的了解。我还在努力弄明白,所以我不会指望你突然成为这方面的专家。让我们暂时保持简单。
最后,是时候生成您的加密密钥了。
在VeraCrypt 窗口(VeraCrypt window)周围随机移动鼠标,
直到底部的红色条到达另一端并变为绿色。正如窗口所说,你移动它的时间越长,移动越随机,加密强度(encryption strength)就越好。
当底部的栏为绿色时,单击“格式化”,您的卷将被制作并放置在您指定的位置。
打开你的 VeraCrypt 卷(Opening Up Your VeraCrypt Volume)
现在您有了漂亮闪亮的新卷,是时候打开它并在其中隐藏一些文件了。
返回VeraCrypt主窗口,用鼠标突出显示一个驱动器号,单击“选择文件”,然后双击该卷。
切记(Remember)不要使用其他驱动器、便携式媒体或软件当前正在使用的任何驱动器号。显示音量时,单击“安装”。
我建议您保持“从不(Never)保存历史记录”的勾选。否则(Otherwise),VeraCrypt将记录您计算机上最近访问的所有卷位置。
现在输入您的密码。“ TrueCrypt模式”仅适用于拥有旧TrueCrypt卷的人,这些卷在软件被废弃时突然变得无用。但是,如果您从未使用过
TrueCrypt ,您可以忽略它。
成功输入密码后,转到
Windows 资源管理器(Windows Explorer)(或 Finder,如果您使用的是MacOS),您将看到卷“挂载”为驱动器。
或者,您可以双击VeraCrypt中的卷直接进入那里。
现在您只需将文件拖到卷中,它们就会显示出来。
要关闭卷并保护文件,请单击VeraCrypt 窗口(VeraCrypt window)上的“卸载” 。
这就是制作加密文件夹/卷的方法。您可以根据需要创建任意数量的这些 – VeraCrypt不施加任何限制。当然,您随身携带的卷越多,您必须记住的密码就越多。所以也许不要太(too)
疯狂。
下一次,我们将看看普通卷中的隐藏卷。请继续(Stay)关注。
Create an Encrypted Container To Hide All Your Secrets With VeraCrypt
Once upon a time, there was an encryption protocol called TrueCrypt. It wаs said to be totally impregnable with the FBI unable to break in. Then the TrueCrypt project was suddenly shut down and rumors started flying that the FBI had finally busted its encryption.
TrueCrypt has now been replaced by VeraCrypt which, from the outside, looks more or less identical. But unless your enemy is a government or an evil emperor on a fully operational Death Star, VeraCrypt is more than sufficient to keep nosy parents, spouses, and roommates from reading your private business (porn).
In this first part of a three-part article, I will be
showing you how to set up an encrypted volume with VeraCrypt. In part two, I
will show you how to hide a hidden section inside
the encrypted volume for extra super-special security. In part three, I will explain
how to encrypt your entire operating
system with the program.
Setting Up VeraCrypt For The Very First Time
First, head on over to the Veracrypt website and choose your operating system. I particularly like the portable Windows version which stays on my USB stick.
Now install the program as you usually would with any
other program.
Opening It Up
When you open up the program, this is what you will
see.
The first step is to click “Create Volume”. This now
pops up.
Today, we’re going with door number one. So click on
“Create an encrypted file container” and then “Next”.
The hidden volume option will be discussed in more
depth in part two. So for the moment, choose “Standard VeraCrypt volume” and
then “Next”.
The next step is to specify the location of the
encrypted volume and the name of it. Click on “Select File” and navigate to the
folder where you want to put it. Then type the name of it. Both the location
and the name can be changed later if need be.
The next screen now asks you to choose your encryption
algorithm. It will default to AES, which is perfectly fine. If it’s good enough
for the US Government’s Top Secret files, then it’s good enough for your Katy
Perry albums. No need to overthink this one.
Equally, don’t touch the hash algorithm, unless you
absolutely know what you’re doing.
You now need to decide how big the volume has to be.
You have to take two considerations into account.
- What will the encrypted
volume be used for? Videos and music for example will need a larger volume than
just purely files.
- How much free space do you
have on your computer? VeraCrypt volumes can be moved onto removable media such
as USB sticks and portable hard-drives. Or cloud storage. But you need to find
out in advance if you have the storage space needed, as changing the volume
size later is not possible.
For the purposes of this article, I went with 1GB. But
my main VeraCrypt volume is 150GB.
Now the most important part of all – the password.
Before choosing a password, you have to remember the
following. VeraCrypt does not, for the sake of security, do password resets or
password reminders. So if you forget your password, you are quite literally up
the creek without the proverbial paddle.
So although the password should not be something
stupid like “12345”, it should also be something you will always remember.
I would avoid keyfiles and PIM’s for the moment. They
have the potential to make your volume much more secure but you need to have a
solid understanding of how they work. I am still trying to figure it out so I
am not going to expect you to suddenly become an expert in it. Let’s keep it
simple for now.
Last of all, it’s time to generate your encryption
keys.
Move your mouse randomly around the VeraCrypt window
until the red bar at the bottom gets to the other end and turns green. As the
window says, the longer you move it and the more random the moves, the better
the encryption strength.
When the bar at the bottom is green, click “Format”
and your volume will be made and placed in the location you specified.
Opening Up Your VeraCrypt Volume
Now that you have your nice shiny new volume, it’s
time to open it up and hide some files in there.
Go back to the VeraCrypt main window, highlight a
drive letter with your mouse, click “Select File”, and double-click the volume.
Remember not to use any drive letters currently being used by other drives,
portable media or software. When the volume is showing, click “Mount”.
I would advise you to keep “Never save history”
ticked. Otherwise, VeraCrypt will keep a record of all the volume locations on
your computer that were recently accessed.
Now enter your password. “TrueCrypt Mode” is only for
people who had old TrueCrypt volumes which were suddenly rendered useless when
the software was abandoned. But you can ignore that if you have never used
TrueCrypt.
Once the password has been successfully entered, go to
Windows Explorer (or Finder if you are using MacOS) and you will see the volume
“mounted” as a drive.
Or you can double-click on the volume in VeraCrypt to
be taken directly there.
Now you can just drag files into the volume and they
will show up.
To close the volume and secure the files, click
“Dismount” on the VeraCrypt window.
And that is how to make an encrypted folder/volume.
You can create as many of these as you want – VeraCrypt does not impose any
limits. Of course, the more volumes you have on the go, the more passwords you
have to remember. So maybe don’t go too
crazy.
Next time, we’ll look at hidden volumes within normal
volumes. Stay tuned for that.