Product Overview of VeraCrypt
VeraCrypt is a free, open-source encryption software that specializes in on-the-fly encryption (OTFE), providing a robust and customizable solution for securing data on local devices.
What VeraCrypt Does
VeraCrypt allows users to create virtual encrypted disks that function like regular disks but are contained within files. It can also encrypt entire partitions or, in the case of Windows, the entire storage device, including the operating system, with pre-boot authentication. This ensures that all data, including file names, folder names, contents, free space, and metadata, is encrypted and protected.
Key Features
On-the-Fly Encryption
VeraCrypt encrypts and decrypts data in real-time, meaning that data is automatically encrypted before it is saved and decrypted after it is loaded, all without user intervention. This process occurs in RAM, ensuring that decrypted data is never stored on the hard disk.
Volume Creation
Users can create new encrypted volumes, which appear as separate disks on their system. These volumes can be used to store files and folders, and users can also encrypt existing partitions. The software supports the creation of hidden volumes within standard volumes, providing an additional layer of security against coercion.
Encryption Algorithms
VeraCrypt offers multiple encryption algorithms, including AES-256 (default), Camellia, Kuznyechik, Twofish, and Serpent. Users can combine these algorithms for enhanced security, such as using AES-Twofish-Serpent mode. The software also supports various cryptographic hash functions like BLAKE2s-256, SHA-256, SHA-512, Streebog, and Whirlpool.
Keyfiles
VeraCrypt allows the use of keyfiles, which are files whose content is combined with a password to enhance security. Keyfiles can be any type of file, and users can generate them using VeraCrypt’s built-in keyfile generator. These keyfiles can be stored on security tokens and smart cards for added protection.
Password and Key Derivation
The software uses PBKDF2 (PKCS #5 v2) with a 512-bit salt to generate header keys and secondary header keys. The number of iterations for this process is customizable but defaults to 200,000 to 500,000 iterations, depending on the hash function used. This makes password-guessing attacks significantly slower.
Hardware Acceleration
VeraCrypt supports hardware-accelerated AES encryption using Intel AES-NI instructions, which can significantly speed up the encryption and decryption process, especially on older machines.
Functionality
- Mounting and Using Volumes: Users can mount encrypted volumes and interact with them just like regular disks, using drag-and-drop operations to copy files to and from the encrypted volume.
- Pre-Boot Authentication: For full-disk encryption, VeraCrypt requires a password or keyfile to be entered before the operating system boots, ensuring that the entire system remains encrypted until authenticated.
- Customization: VeraCrypt offers extensive customization options, allowing users to choose encryption algorithms, hash functions, and the number of PBKDF2 iterations to tailor the security to their needs.
In summary, VeraCrypt is a powerful and flexible encryption tool that provides robust security features, on-the-fly encryption, and extensive customization options, making it an excellent choice for users looking to protect their data locally.