This is great news, but leaves the problem that TrueCrypt is no longer supported.
#HOW TO USE VERACRYPT USB SOFTWARE#
The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.’ ‘ Truecrypt appears to be a relatively well-designed piece of crypto software. This was completed at the beginning of April 2015, and although some problems were discovered, the report (as summarized in this blog post) found that, The withdrawal of TrueCrypt by its developers threw the auditing project into some disarray, but it was finally decided to continue onto Phase II and finish the audit.
#HOW TO USE VERACRYPT USB FULL#
At the time, a crowdfunded full audit of the software was being performed, Phase I of which had recently given it the all-clear. The security world was therefore extremely alarmed when the TrueCrypt developers withdrew their product under very suspicious circumstances (a situation which led to no small amount of general paranoia).
#HOW TO USE VERACRYPT USB ISO#
If the user prefers to create the bootabe USB key directly and store it instead of the backuping the ISO file, then the user is taking a big risk since a USB key can be overwritten.For a long time TrueCrypt was the go-to full disk encryption solution of choice for security professions (it was recommended by Edward Snowden, and successfully prevented the UK police from accessing files carried by Glen Grunewald’s partner, David Miranda). So, to clarify more: if you have no CD/DVD drive, you can skip the rescue disk check but you have to securely backup the ISO file so that you can create a bootable USB key from it in the future. Thus, I say that relying only on the USB key as the only rescue medium is a big risk for the user. Since a USB key can't be configured to be readonly, there is always a risk that the riscue disk data burned into it get corrupted. If the user relies only on a created USB key then he can find him self in big trouble if the USB key gets overwritten for any reason. The user should backup the ISO file of the rescue disk in a secure way so that he can creates the bootable USB key at any moment. There are many free tools on the internet that can create a bootable USB key from an ISO file (for example [UNetbootin)()). The user can always burn the ISO to a USB key and boot on the USB if he needs to recover.
I'll add in the future an option in the GUI that will be equivalent to the /noisocheck switch. So, for the machines with no CD/DVD drive, the rescue disk check can be turned off manually to be able to encrypt the system but it is the user responsibility to ensure that this ISO can be used in the future. It is the responsibility of the user to ensure that the ISO file of the rescue disk is correctly burned or backup-ed. VeraCrypt doesn't implement any burning functionality and it only calls Windows built-in ISO burner. You can always skip the check of the rescue disk being burned by running "VeraCrypt Format.exe" with the option /noisocheck or /n from an elevated command prompt (see ).Ĭoncerning your request, the issue with USB drives is that we can't configure them to be read-only and as such they can be corrupted or overwritten, which is dangerous for a medium that is supposed to provide rescue functionality in the future.