American Partisan: Using Encryption with Veracrypt

This practical article from American Partisan discusses the use of the program Veracrypt to encrypt data in files and hard drives. While the lead of the title is “Clandestine Communications,” there are many reasons that you might want to use Veracrypt encryption in your day to day life. I have used it in a legal setting in order to encrypt an attorney’s sensitive trial files to take them between the office and the court room. You can use it to safely store a password file. At home, you can use it to securely store photocopies of your credit cards, social security cards, firearm serial numbers, birth certificates, passports, banking information, or any other information that you want to have available, but not just sitting where it can be stolen or hacked. For preppers, you can take that same encrypted file of your important information and put it on a USB drive and toss it in your bug out bag or a vehicle Go-bag so that if you have to leave home because of a fire you’ve got all of that vital information gathered already.

Clandestine Communications Part Four: File and Hard Drive Encryption with Veracrypt is a pretty simple overview of getting started with using Veracrypt software. Veracrypt is a free (free as in no cost), open-source (free as in liberty) software program. Because it is open source, the source programming code is freely available for viewing so that the software can be audited for security holes and backdoors. You can use Veracrypt to encrypt an entire drive, or you can create a volume which looks like a file to your computer which you can then mount as its own drive. There are also other more advanced features.

Today’s article is going to talk a little bit about how to use Veracrypt in order to encrypt both a file volume and a flash drive. Veracrypt can be downloaded from here.

Once you install the program, let’s take a look at what it looks like.

I recommend you spend some time in the Help menu – particularly in the ‘User’s guide” and “Beginner’s Tutorial”.

Veracrypt can encrypt your files in a few different ways. The first way is creating a volume. The volume is almost like a file itself – it can be copied, pasted, etc. It acts, in a way, like a super secure .zip file (without the file compression). The second way you can encrypt your files is by encrypting an entire hard drive or flash drive. This method in particular could be useful if you were using a dead drop system to pass a One Time Pad as you could buy a lot of inexpensive flash drives, encrypt them, and then use them in your drops.

Veracrypt also has a really cool future that I may touch on in a later article called Hidden Volumes. Basically, this creates a volume within a volume, and each volume has a separate password. This could be useful if you are forced to open the volume at gun point. The idea is that in the outer volume you have some sensitive looking documents but not the actual files you want to encrypt. If you were forced at gunpoint to open the volume, your actual files would be safe (since they use a different password). This may be something that many of you are interested in.

Volumes

To create a Volume, click on the “Create Volume” button in the lower left of Veracrypt. Here, a menu gives you some options. For now, we are going to stick with the default option of “Create an encrypted file container”. The second option is used for encrypting flash drives or external hard drives, and the third option is for encrypting the hard drive that runs your Operating System. Click Next.

Here, we have the option of creating a Standard Volume or a Hidden Volume. Since we are just starting out, make sure Standard Veracrypt volume is checked and hit Next. Now it is time to decide where we want the Volume to be. Click “Select File”. To make it easy, navigate to your desktop. In the “File Name” line, name your file. Click Save and then Next.

The next screen is where you can chose what type of encryption you want to use. I will leave it up to all of you to figure out which one is best (to be honest, I don’t really understand the differences so I am not going to give you a recommendation – if you do, throw it in the comments). Once you do, click Next.

The next screen is where you get to decide how big you want the file to be. For this example, I am going to go with 1 GB but you can choose whatever you want (think about what you are wanting to store in it and use that as a guide). Once you decide, click Next.

This screen is where you create your password. I have two rules for you to follow: 1) use numbers, letters, and symbols, and 2) use capital letters and, if you want, spaces. A great way to get a strong password is to use a password manager like KeePassXC. I actually don’t have one set up yet, so I will be doing a future article on how to do that as well. You can also use keyfiles, which is like selecting a few different files you already have to use them as the password. It is not my favorite way of doing it, but YMMV. Once you have your password entered, click Next.

The next screen is very important. You are choosing both the filesystem you want and generating the random pool to make your encryption stronger. I generally tend to use an NTFS system because FAT filesystems don’t like files over 4 GB, but again do your research and choose the filesystem you want. Then, move your mouse as random as possible inside the window. You will see tons and tons of characters in the “Random Pool area. Do this for at least 60 seconds, but the longer the better. Once you are done, click Format.

Once the formatting is done, it is time to mount your file. Go back to the first window that appeared when you started Veracrypt. Now, click on Select File on the bottom right. Navigate to your file and select it, and then select Mount. Enter your password, and select OK. Once the file mounts, you can go into Windows Explorer. You will notice in your hard drive list under “Computer” on the left hand side, there will be a new hard drive. In my case, it is Local Disk (J:) as we can see the size is 0.99GB. You can now click on that and copy your files in! In order to dismount the volume, just select it again on the main screen of Veracrypt and click “Dismount”.

Flash Drive / External HDDs

To encrypt a flash drive, begin once again by clicking “Create Volume”. This time, select the middle option of “Encrypt a non-system partition/drive”. Click Next, and you see that once more we have the option of creating a Hidden or Standard volume. For this, I am creating a Standard Veracrypt Volume. Click Next.

Now, instead of creating a file, you are selecting the flash drive or hard drive you want to encrypt. Once you select your drive, click OK. You are given two options for the Volume Creation Mode. The first one is for when you have no files on the drive and want to encrypt it more quickly. If you choose this option AND you have files on the drive, they WILL be overwritten and lost. If you have files on the drive and you cannot or do not want to take them off, chose the second option, “Encrypt partition in place”. I have never used that second option because I am terrified something will go wrong and I will lose my files, but YMMV. Make your selection and click Next.

Just like creating the volume, select your encryption algorithm and click Next. Verify that the size on the screen is really close to the size of the drive you want to encrypt (in this case, my flash drive is 4 GB in theory and in the above picture we see it is 3.7 GB, which matches closely below which says 3.65 GB). If it is really off, go back and make sure you selected the right drive to encrypt – this is really important. Once you verify it is correct, click Next.

Once again, create your password (DIFFERENT FROM YOUR FIRST ONE – NEVER REPEAT) and click Next. The same rules from the Volume section apply to the password. Now choose your file type and click next (again, I personally use NTFS). Move your mouse around in the box again to random the Heading Pool and, once you are done with that, click Format.

In order to Mount the drive, you can select what letter drive you want to mount the volume in and either 1) Click “Auto-Mount Devices”, type in the password, and click OK, or 2) Click “Select Device” and choose the device on the screen. Then, access the drive just like the volume and copy your files in!

References

https://securityinabox.org/en/guide/veracrypt/windows/

https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html

https://www.veracrypt.fr/en/Plausible%20Deniability.html

EFF: Dangers to Privacy in EARN IT Act

The EARN IT Act introduced by Senator Lindsay Graham purports to be for the prevention of online child exploitation “and other purposes.” It’s those other purposes that we need to watch. The EFF, an organization fighting for your digital civil liberties, writes the article Congress Must Stop the Graham-Blumenthal Anti-Security Bill, expounding upon the many dangers lurking inside this bill.

There’s a new and serious threat to both free speech and security online. Under a draft bill that Bloomberg recently leaked, the Attorney General could unilaterally dictate how online platforms and services must operate. If those companies don’t follow the Attorney General’s rules, they could be on the hook for millions of dollars in civil damages and even state criminal penalties.

The bill, known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, grants sweeping powers to the Executive Branch. It opens the door for the government to require new measures to screen users’ speech and even backdoors to read your private communications—a stated goal of one of the bill’s authors.

Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT) have been quietly circulating a draft version of EARN IT. Congress must forcefully reject this dangerous bill before it is introduced.

EARN IT Is an Attack on Speech

EARN IT undermines Section 230, the most important law protecting free speech online. Section 230 enforces the common-sense principle that if you say something illegal online, you should be the one held responsible, not the website or platform where you said it (with some important exceptions)…

EARN IT is a direct threat to constitutional protections for free speech and expression. To pass constitutional muster, a law that regulates the content of speech must be as narrowly tailored as possible so as not to chill legitimate, lawful speech. Rather than being narrowly tailored, EARN IT is absurdly broad: under EARN IT, the Commission would effectively have the power to change and broaden the law however it saw fit, as long as it could claim that its recommendations somehow aided in the prevention of child exploitation. Those laws could change and expand unpredictably, especially after changes in the presidential administration…

Throughout his term as Attorney General, William Barr has frequently and vocally demanded “lawful access” to encrypted communications, ignoring the bedrock technical consensus that it is impossible to build a backdoor that is only available to law enforcement. Barr is far from the first administration official to make impossible demands of encryption providers: he joins a long history of government officials from both parties demanding that encryption providers compromise their users’ security.

We know how Barr is going to use his power on the “best practices” panel: to break encryption. He’s said, over and over, that he thinks the “best practice” is to always give law enforcement extraordinary access. So it’s easy to predict that Barr would use EARN IT to demand that providers of end-to-end encrypted communication give law enforcement officers a way to access users’ encrypted messages. This could take the form of straight-up mandated backdoors, or subtler but no less dangerous “solutions” such as client-side scanning. These demands would put encryption providers like WhatsApp and Signal in an awful conundrum: either face the possibility of losing everything in a single lawsuit or knowingly undermine their own users’ security, making all of us more vulnerable to criminals…

Weakening Section 230 makes it much more difficult for a startup to compete with the likes of Facebook or Google. Giving platforms a legal requirement to screen or filter users’ posts makes it extremely difficult for a platform without the resources of the big five tech companies to grow its user base (and of course, if a startup can’t grow its user base, it can’t get the investment necessary to compete)…

Click here to read the entire article at EFF

 

Liberty Blitzkrieg: AG Barr Wants to Kill Privacy and Security

Michael Krieger of Liberty Blitzkrieg has written a post about US Attorney General William Barr who has come out very much against the use of encryption by anyone but the government in recent weeks. The government wants full access to everything that you do and say wherever you are doing it, no matter how personal or private. As usual, it must be done “to save the children.”

William Barr Wants to Kill Privacy and Security…’For the Children’

U.S. Attorney General William Barr, along with co-conspirators in the UK and Australia, recently wrote a letter to Mark Zuckerberg requesting he not move forward with a plan to implement end-to-end encryption across Facebook’s messaging services. A draft of the letter was published earlier this month by Buzzfeed, and it’s worth examining in some detail.

What immediately strikes you is the letter’s emphasis on “protecting the children,” a talking point universally used by authoritarians throughout history to justify both a reduction of public liberty and a transfer of increased power to the state. Though this tactic is transparent and well understood by those paying attention, it’s nevertheless disturbing to observe Barr’s disingenuous and shameless use of it (the words ‘child’ and ‘children’ appear 17 times in the course of this brief letter).

Here’s just one example from the letter:

Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.

Barr and the U.S. government feign deep concern regarding the ability of bad people to “identify and groom our children,” yet this is the same guy and government who allowed Jeffrey Epstein to be suicided in a Department of Justice prison just a few months ago. It’s the same guy and government who can’t find or doesn’t want to find Ghislaine Maxwell. And it’s same guy and government that can’t be bothered to raid Epstein’s New Mexico ranch despite known instances of child abuse there…

Click here to read the entire article at Liberty Blitzkrieg.

Natural News: NSA Archiving Encrypted Communications to Decrypt Later

Encryption works. But as computing power increases the time requires to brute force crack your encryption keys decreases. This article from Natural News notes that the NSA is archiving all eencrypted emails and transactions in the hopes that increases in computing power, including quantum computing, will allow them to be decrypted in the next few years. Note that it mentions 256-bit AES and RSA keys. Upgrade your encryption to elliptic encryption if your apps support it. If your apps don’t support it, look for ones that do.

That said, the NSA also has a vested interest in making people believe that using encryption is useless. So this could also be a smoke screen. Cover your bases and use the best encryption practicable. The government has no business reading your correspondence without a valid warrant.

The NSA is archiving all encrypted emails and transactions, knowing they will be able to decrypt most digital files in about 3 years, thanks to quantum computing

All encrypted emails, files and hard drives that currently rely on 256-bit encryption (such as AES or RSA) may be retroactively broken by the NSA in the next three years, thanks to rapid advances in quantum computing recently announced by Google scientists.

The NSA is currently archiving all encrypted communications and storing the digital files on offline storage servers in its “Bumblehive” domestic spying facility in Utah. Currently these digital files cannot be broken because classical computing presents a strongly asymmetrical complexity problem that makes breaking encrypted files prohibitively time consuming and expensive. Files encrypted with 2^n bits currently present computational complexity that requires 2^n computer power to break. In other words, encrypting files is easy (linear), but breaking encryption is incredibly difficult (logarithmic).

But rapid advances in quantum computing transform the breaking of encryption from a logarithmic mathematical problem to a linear problem, collapsing the complexity to 2 * n instead of 2 ^ n…

Organic Prepper: Gov’t Still Wants to Backdoor Encryption

Daisy Luther at the Organic Prepper has written an article summarizing some of the recent press and government meetings discussing the government’s desire to be able to reverse encryption on communication devices, web pages, etc. – The Govt. Wants to OUTLAW Encrypted Messaging in iMessage, WhatsApp, Signal, Wickr, Telegram, Etc. If you’re tuned into the modern fight over privacy, they probably isn’t news to you. The government always wants more control over your data, communication and information. They say they need it to keep you safe.  Luckily there are still entities with some pull who are arguing that putting in encryption backdoors will harm the United States, but they’re fighting on the basis of economic harm. No one cares about your privacy. No one in government, anyway.

If you ever use the encrypted messaging options on programs like iMessage, WhatsApp, Signal, Wickr, Telegram, or any other service, your time to discuss things privately over the phone may be running out. The US government doesn’t like for anything to get in the way of their ability to spy on investigate even the most mundane of conversations.

Instead of seeing privacy as a right, they see it as suspicious. Your devices are already being searched at quadruple the previous rate in airports. And the attack on free speech is now going as far as our private messages to our friends and family.

Because the only reason we’d want privacy is that we’re criminals

This was the topic of a National Security meeting last week.

The encryption challenge, which the government calls “going dark,” was the focus of a National Security Council meeting Wednesday morning that included the No. 2 officials from several key agencies, according to three people familiar with the matter.

Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it, these people told POLITICO. Tech companies like Apple, Google and Facebook have increasingly built end-to-end encryption into their products and software in recent years — billing it as a privacy and security feature but frustrating authorities investigating terrorism, drug trafficking and child pornography. (source)

So, which government agencies are hot to make encrypted messages illegal?

The DOJ and the FBI argue that catching criminals and terrorists should be the top priority, even if watered-down encryption creates hacking risks. The Commerce and State Departments disagree, pointing to the economic, security and diplomatic consequences of mandating encryption “backdoors.”

DHS is internally divided. The Cybersecurity and Infrastructure Security Agency knows the importance of encrypting sensitive data, especially in critical infrastructure operations, but ICE and the Secret Service regularly run into encryption roadblocks during their investigations. (source)

It looks like the simpler answer is the few who understand there are reasonable, non-criminal uses.

There are plenty of legitimate reasons we might want to encrypt our conversations.

Of course, we know there are dozens of reasons we might want to use the encryption function on our favorite messaging apps. For example, when I was recently traveling in Europe, I needed to give my daughter credit card information to pay a bill for me. I used the encryption function on Telegram to send it because who wants that out there floating around?

Indeed, there are many legitimate reasons to use end-to-end encryption…

Click here to read the entire article at the Organic Prepper.