{{indexmenu_n>3}} ===== Volume Protection Level ===== Based on the recommendation you received from the DCC or on what you would like to have for your encryption level, you can follow the instructions in the sections below to set up your VeraCrypt volume. **IMPORTANT**: Please keep in mind when deciding on your Protection level that higher encryption does not always mean higher data safety. Depending on the encryption you choose, you might need to follow certain guidelines to secure your data. If you're uncertain, please contact the DCC ([[dcc@rug.nl|dcc@rug.nl]]). ==== Level 1 protection ==== === VeraCrypt Volume with single encryption (password) === This is the **lowest level of data protection** that you will get by using VeraCrypt. Please keep in mind that if you are using a **strong password** (as defined by VeraCrypt in the volume set up), this level of protection is **already extremely hard to crack** with brute force methods. **ADVANTAGES**:  * Hard to brute force. * Low probability of losing access to your data. **RISKS**:  * Your data is lost if you lose your password. ++++ Click to display step-by-step guide | - Open VeraCrypt and click on the //Create Volume// button (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_1.png?direct&650 | }} - Select the option //Create an encrypted file container// (red box), then click on //Next// (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_2.png?direct&650 | }} - Select //Standard VeraCrypt volume//, then click //Next// to move to the next window. {{ :dcc:itsol:veracrypt:new_lvl1_step_3.png?direct&650 | }} - Now you can choose the name of the volume you are about to create and the location where it will be stored. Click on //Select File// and navigate to where you want your volume to be stored. **WARNING: Please keep in mind that selecting an existing file will DELETE it and create a new file (your volume) with the same name!! (blue box)**. {{ :dcc:itsol:veracrypt:new_lvl1_step_4.png?direct&650 | }} - Make sure to select //VeraCrypt Volumes (*.hc)// in the option //Save as type//, then click //Save//. If you wish to hide the fact that the new file is a VeraCrypt volume, leave the //Save as type// option on //All Files (*.*)// and choose the file extension that you want. {{ :dcc:itsol:veracrypt:new_lvl1_step_5.png?direct&650 | }} - The path to your new volume should now appear in the box underlined in blue. Click //Next// to move to the next window. {{ :dcc:itsol:veracrypt:new_lvl1_step_6.png?direct&650 | }} - Now you will have to select what type of encryption you want to have for your volume. The default encryption type is AES which is sufficient for your purposes. Should you wish to know more about how the encryption scheme works, please consult the VeraCrypt manual. The same goes for the Hash Algorithm. Click //Next// if you do not wish to change anything here. {{ :dcc:itsol:veracrypt:new_lvl1_step_7.png?direct&650 | }} - You now have to decide how much space you require to store your data. Write the number in the upper red box (10 is an example here) and make sure that you have the correct unit (KB, MB, GB, TB). Pick a reasonable size that you know you won’t be able to fill when you have collected and analyzed your sample. Click //Next// to move to the next screen. {{ :dcc:itsol:veracrypt:new_lvl1_step_8.png?direct&650 | }} - You now need to choose the password for your volume. Read the instructions in the blue box and choose the password accordingly, then click //Next//. You do not need to tick //Use Keyfiles// or //Use PIM// for this level of encryption. {{ :dcc:itsol:veracrypt:new_lvl1_step_9.png?direct&650 | }} - Should you choose a password that is considered weak, VeraCrypt will prompt you to confirm that you wish to proceed. You can then go back by selecting //No// and choose a stronger password. {{ :dcc:itsol:veracrypt:new_lvl1_step_9b.png?direct&650 | }} - The next window will ask you to move the mouse inside it in a random pattern in order to make the encryption as hard as possible to crack. We advise you to fill the bar in the blue box fully before proceeding by clicking //Format//. {{ :dcc:itsol:veracrypt:new_lvl1_step_10.png?direct&650 | }} - VeraCrypt is now going to create the encrypted volume. Please consider that depending on the size you chose and your machine properties, this will take some time. Once again, select //No// when prompted by VeraCrypt to disable Windows Fast Startup. We will discuss later how to avoid problems when using VeraCrypt while this feature is enabled. {{ :dcc:itsol:veracrypt:new_lvl1_step_11.png?direct&650 | }} - Once VeraCrypt is done with the volume creation, this message will appear. Click //Ok// to finish the installation. {{ :dcc:itsol:veracrypt:new_lvl1_step_12.png?direct&650 | }} - VeraCrypt will now ask you if you wish to create a new volume. If so, select //Next// (blue box) and repeat the procedure, otherwise select //Exit// (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_13.png?direct&650 | }} ​​​​ ++++ ==== Level 2 protection ==== === VeraCrypt Volume with cascade encryption (password) === This second level of protection is similar to Lvl 1, but **adds multiple encryption algorithms** to the volume. This makes it **even harder to use brute force methods** to gain access to the data. **Because multiple encryptions are used** to secure the data, setting up or mounting **Lvl 2 protection is slower than Lvl 1**. **ADVANTAGES**: * Harder to brute force than Lvl 1. * Low probability of losing access to your data. **RISKS**: * Your data is lost if you lose your password. ++++ Click to display step-by-step guide | - Open VeraCrypt and click on the //Create Volume// button (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_1.png?direct&650 | }} - Select the voice //Create an encrypted file container// (red box), then click on //Next// (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_2.png?direct&650 | }} - Select //Standard VeraCrypt volume// in the next window. Click //Next// to move to the next window. {{ :dcc:itsol:veracrypt:new_lvl1_step_3.png?direct&650 | }} - Now you can choose the name of the volume you are about to create and the location where it will be stored. Click on //Select File// and navigate to where you want your volume to be stored. **WARNING: Please keep in mind that selecting an existing file will DELETE it and create a new file (your volume) with the same name!! (blue box)**. {{ :dcc:itsol:veracrypt:new_lvl1_step_4.png?direct&650 | }} - Make sure to select //VeraCrypt Volumes (*.hc)// in the option //Save as type//, then click //Save//. If you wish to hide the fact that the new file is a VeraCrypt volume, leave the //Save as type// option as it is. {{ :dcc:itsol:veracrypt:new_lvl1_step_5.png?direct&650 | }} - The path to your new volume should now appear in the box underlined in blue. Click //Next// to move to the next window. {{ :dcc:itsol:veracrypt:new_lvl1_step_6.png?direct&650 | }} - Now you will have to select what type of encryption you want to have for your volume. To create a cascade encryption for your volume, select //AES(TwoFish(Serpent))// as underlined in blue. Should you wish to know more about how the encryption scheme works, please consult the VeraCrypt manual. The Hash Algorithm you want is also shown in the picture and underlined in blue. Click //Next// if you do not wish to change anything here. {{ :dcc:itsol:veracrypt:new_lvl2_step_7.png?direct&650 | }} - You now have to decide how much space you require to store your data. Write the number in the upper red box and make sure that you have the correct unit (KB, MB, GB, TB). Pick a reasonable size that you know you won’t be able to fill when you have collected and analyzed your sample. Click //Next// to move to the next screen. {{ :dcc:itsol:veracrypt:new_lvl1_step_8.png?direct&650 | }} - You now need to choose the password for your volume. Read the instructions in the blue box and choose the password accordingly, then click //Next//. You do not need to tick //Use Keyfiles// or //Use PIM// for this level of encryption. {{ :dcc:itsol:veracrypt:new_lvl1_step_9.png?direct&650 | }} - Should you choose a password that is considered weak, VeraCrypt will prompt you to confirm that you wish to proceed. You can then go back by selecting //No// and choose a stronger password. {{ :dcc:itsol:veracrypt:new_lvl1_step_9b.png?direct&650 | }} - The next window will ask you to move the mouse inside it in a random pattern in order to make the encryption as hard as possible to crack. We advise you to fill the bar in the blue box fully before proceeding by clicking //Format//. {{ :dcc:itsol:veracrypt:new_lvl1_step_10.png?direct&650 | }} - VeraCrypt is now going to create the encrypted volume. Please consider that depending on the size you chose and your machine properties, this will take some time. Once again, select //No// when prompted by VeraCrypt to disable Windows Fast Startup. We will discuss later how to avoid problems when using VeraCrypt while this feature is enabled. {{ :dcc:itsol:veracrypt:new_lvl1_step_11.png?direct&650 | }} - Once VeraCrypt is done with the volume creation, this message will appear. Click //Ok// to finish the installation. {{ :dcc:itsol:veracrypt:new_lvl1_step_12.png?direct&650 | }} - VeraCrypt will now ask you if you wish to create a new volume. If so, select //Next// (blue box) and repeat the procedure, otherwise select //Exit// (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_13.png?direct&650 | }} ​​​​​​​​​​​​​​ ++++ ==== Level 3 protection ==== === VeraCrypt Volume with cascade/single encryption (password + keyfile) === This third level of protection **adds a keyfile or multiple keyfiles** to the cascade encryption of Lvl 2 to make it even harder for brute force attacks to crack the encryption. With Lvl 3 protection, the volume can be **mounted only if you can provide the location of the keyfile** along with the correct password. The keyfile can be copied and/or moved to a different location, but cannot be modified in any way, otherwise VeraCrypt will be unable to mount the volume. **ADVANTAGES**: * Hard to brute force (like Lvl 2). * Low-to-Medium probability of losing access to your data. * The volume is impossible to open without the keyfile(s). **RISKS**: * Your data is lost if you lose your password. * Your data is lost if you lose your keyfile(s). * Your data is lost if you modify your keyfile(s). **IMPORTANT**: To reduce the risk of data loss, please consider having a **copy or backup of your keyfile(s) available somewhere safe**. ++++ Click to display step-by-step guide | - Open VeraCrypt and click on the //Create Volume// button (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_1.png?direct&650 | }} - Select the voice //Create an encrypted file container// (red box), then click on //Next// (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_2.png?direct&650 | }} - Select //Standard VeraCrypt volume// in the next window. Click //Next// to move to the next window. {{ :dcc:itsol:veracrypt:new_lvl1_step_3.png?direct&650 | }} - Now you can choose the name of the volume you are about to create and the location where it will be stored. Click on //Select File// and navigate to where you want your volume to be stored. **WARNING: Please keep in mind that selecting an existing file will DELETE it and create a new file (your volume) with the same name!! (blue box)**. {{ :dcc:itsol:veracrypt:new_lvl1_step_4.png?direct&650 | }} - Make sure to select //VeraCrypt Volumes (*.hc)// in the option //Save as type//, then click //Save//. If you wish to hide the fact that the new file is a VeraCrypt volume, leave the //Save as type// option as it is. {{ :dcc:itsol:veracrypt:new_lvl1_step_5.png?direct&650 | }} - The path to your new volume should now appear in the box underlined in blue. Click //Next// to move to the next window. {{ :dcc:itsol:veracrypt:new_lvl1_step_6.png?direct&650 | }} - Now you will have to select what type of encryption you want to have for your volume. To create a cascade encryption for your volume, select //AES(TwoFish(Serpent))// as underlined in blue. Should you wish to know more about how the encryption scheme works, please consult the VeraCrypt manual. The //Hash Algorithm// you want is also shown in the picture and underlined in blue. Click //Next// if you do not wish to change anything here. **NOTE**: Since you chose to go a step further than the Lvl 2 protection, this manual is going to assume that you would like to add the keyfiles on top of the cascade encryption provided at Lvl 2. The guide will show how to do so from here on forth. Should you want to use Keyfiles with a single encryption, that is also possible by selecting //AES// in the Encryption Algorithm section instead of //AES(TwoFish(Serpent))//. The advantage of single encryption over cascade encryption is that encrypting and decrypting is significantly faster for the single encryption. {{ :dcc:itsol:veracrypt:new_lvl2_step_7.png?direct&650 | }} - You now have to decide how much space you require to store your data. Write the number in the upper red box and make sure that you have the correct unit (KB, MB, GB, TB). Pick a reasonable size that you know you won’t be able to fill when you have collected and analyzed your sample. Click //Next// to move to the next screen. {{ :dcc:itsol:veracrypt:new_lvl1_step_8.png?direct&650 | }} - Before you choose the password for your volume, select //Use keyfiles// (red underlined) and click //Keyfiles…// (red box) as shown in the image. {{ :dcc:itsol:veracrypt:new_lvl3_step_9.png?direct&650 | }} - VeraCrypt will now open the keyfiles window. Here you can select an existing file to use as a keyfile or let VeraCrypt generate a keyfile. We suggest you let VeraCrypt generate a keyfile out of convenience. Read and remember the warning in the blue box! There’s a brief explanation of what a keyfile can be in the yellow box. Click the button in the red box to generate your new random keyfile. {{ :dcc:itsol:veracrypt:new_lvl3_step_10.png?direct&550 | }} - The //Mixing PRF// (red underlined) can be left as the default choice, but remember to move your mouse randomly until the entire lower bar is filled (blue underlined). You can also set the file size to random (yellow box, not necessary but recommended) and provide a base name for your keyfile in the blue box. When ready, click the red box to be prompted to indicate where you would like to store your keyfile. {{ :dcc:itsol:veracrypt:new_lvl3_step_11.png?direct&550 | }} - Navigate to where you would like to store your keyfile, then select //Ok//. **Warning: DO NOT store your keyfile in the same directory as the VeraCrypt volume**. It should be somewhere else to make it hard to find. Using a USB-stick is also an option, but keep in mind that if you lose it, you won’t be able to mount the encrypted volume anymore. Another important point is to **NOT NAME** your keyfile with the word ‘keyfile’ or the name of the VeraCrypt volume it opens. Also be sure to add an extension like ‘.txt’ to make it even more ambiguous. {{ :dcc:itsol:veracrypt:new_lvl3_step_12.png?direct&550 | }} - If VeraCrypt managed to create the keyfile without error, it will display //“Keyfiles have been successfully created”//. Click //Ok//, then //Close// in the top right corner to continue your creation of the VeraCrypt volume. {{ :dcc:itsol:veracrypt:new_lvl3_step_13.png?direct&550 | }} - Now that the random keyfile is generated, you need to add it to the list of keyfiles. Click //Add Files// (red box) to open the next window. {{ :dcc:itsol:veracrypt:new_lvl3_step_14.png?direct&550 | }} - Navigate to where you stored your keyfile and select it. After having done so, the path of the keyfile should be displayed as underlined in red in the picture. If you want, you can add multiple keyfiles to a volume. When you are done selecting the keyfile(s), click the //Ok// button to go back to the volume creation with the new keyfile(s) assigned. **N.B.: A keyfile can both be moved or copied to another location. DO NOT MODIFY THE KEYFILE! Modifying it will prevent VeraCrypt from mounting your volume!** {{ :dcc:itsol:veracrypt:new_lvl3_step_15.png?direct&550 | }} - You now need to choose the password for your volume. Keep //Use keyfiles// selected, read the instructions in the blue box and choose the password accordingly, then click //Next// at the bottom of the window. {{ :dcc:itsol:veracrypt:new_lvl3_step_16.png?direct&650 | }} - Should you choose a password that is considered weak, VeraCrypt will prompt you to confirm that you wish to proceed. You can then go back by selecting //No// and choose a stronger password. {{ :dcc:itsol:veracrypt:new_lvl1_step_9b.png?direct&650 | }} - The next window will ask you to move the mouse inside it in a random pattern in order to make the encryption as hard as possible to crack. We advise you to fill the bar in the blue box fully before proceeding by clicking //Format//. {{ :dcc:itsol:veracrypt:new_lvl1_step_10.png?direct&650 | }} - VeraCrypt is now going to create the encrypted volume. Please consider that depending on the size you chose and your machine properties, this will take some time. Once again, select //No// when prompted by VeraCrypt to disable Windows Fast Startup. We will discuss later how to avoid problems when using VeraCrypt while this feature is enabled. {{ :dcc:itsol:veracrypt:new_lvl1_step_11.png?direct&650 | }} - Once VeraCrypt is done with the volume creation, this message will appear. Click //Ok// to finish the installation. {{ :dcc:itsol:veracrypt:new_lvl1_step_12.png?direct&650 | }} - VeraCrypt will now ask you if you wish to create a new volume. If so, select //Next// (blue box) and repeat the procedure, otherwise select //Exit// (red box). {{ :dcc:itsol:veracrypt:new_lvl1_step_13.png?direct&650 | }} ++++ [[dcc:itsol:veracrypt:use | → Move to the next step]]