WEBVTT

0
00:02.610 --> 00:09.450
In this lecture I'll show you how  to install and use VeraCrypt on Windows which is a free OpenSource 

1
00:09.450 --> 00:12.360
full disk encryption solution.

2
00:12.570 --> 00:20.740
VeraCrypt is multi-platform software that can be installed on Windows, Mac, Linux and even on FreeBSD. 

3
00:20.750 --> 00:30.200
VeraCrypt is still under active development with the latest encryption standards being supported.


4
00:30.210 --> 00:33.790
Let’s see what are VeraCrypt main features:


5
00:34.170 --> 00:42.040
It encrypts an entire partition or storage device such as a USB flash drive or a hard drive.

6
00:42.180 --> 00:46.950
It creates a virtual encrypted disk within a file and mounts it as a real disk.

7
00:46.950 --> 00:56.510
This is a file container and it provides plausible deniability in case an adversary

8
00:56.540 --> 00:59.220
forces you to reveal the password.

9
00:59.360 --> 01:06.710
It provides hidden volumes which is a type of steganography and hidden operating systems.

10
01:06.740 --> 01:08.880
Let's get started!

11
01:08.930 --> 01:16.380
The first step is to download and install VeraCrypt as you would any other Windows  application. It's

12
01:16.380 --> 01:20.920
recommended to check its digital signature before installing.

13
01:20.940 --> 01:28.090
Take a look at the gpg lecture where I've explained in detail how to verify a digital signature.

14
01:28.850 --> 01:30.830
And I'm downloading VeraCrypt.

15
01:33.860 --> 01:44.640
It's done. I'm clicking the EXE file and following the instructions of the wizard; for convenience I'll

16
01:44.640 --> 01:46.740
use all the default options.

17
01:55.300 --> 01:59.560
Ok. That's all. VeraCrypt has been successfully installed

18
02:05.580 --> 02:13.820
Let's start the application! There is a shortcut on the desktop; in this video I'll show you how to

19
02:13.820 --> 02:24.310
encrypt a USB disk. At this moment I'm inserting a USB disk and I'll click on Create volume. 

20
02:24.350 --> 02:32.930
VC Volume Creation Wizard pops up. VeraCrypt supports two different types of volumes: one is a

21
02:32.940 --> 02:40.250
virtual volume that looks and behaves like a regular file but VerCrypt can open it and access

22
02:40.250 --> 02:43.220
the files stored within it.

23
02:43.220 --> 02:50.530
Imagine an encrypted file that you mount and use like a drive letter in My computer.

24
02:50.630 --> 02:55.820
The other option encrypts an actual partition or a device.

25
02:55.820 --> 02:59.800
The process for an encrypted file container is very similar.

26
03:01.430 --> 03:08.810
I have selected the second option and then I'll click on Next. In the next step

27
03:08.840 --> 03:16.250
you need to choose whether to create a standard or hidden VeraCrypt volume. A hidden volume is the

28
03:16.250 --> 03:21.710
option of choice when you are afraid not to be forced to reveal the password.

29
03:21.710 --> 03:24.560
It implements the plausible deniability

30
03:24.560 --> 03:31.540
we've talked about in the introduction to full disk encryption. The principle is that a VeraCrypt

31
03:31.550 --> 03:38.750
hidden volume is created within another VerCrypt volume, in the free space of the volume. Even

32
03:38.750 --> 03:45.710
when the normal, the outer volume, is mounted it should be impossible to prove whether there is a hidden

33
03:45.710 --> 03:48.330
volume within it or not.

34
03:48.460 --> 03:56.150
That's because the free space on any VeraCrypt volume is always filled with random data when the

35
03:56.150 --> 04:02.870
volume is created and the no part of the hidden volume can be distinguished from the random data.

36
04:03.050 --> 04:13.580
In this tutorial I'll create a standard VeraCrypt volume which is the default.

37
04:13.660 --> 04:17.290
The next step is to choose the volume location.

38
04:17.290 --> 04:20.180
This is in fact the disk or the partition

39
04:20.230 --> 04:25.450
we are going to encrypt. And I’ll select the removable USB. disk.

40
04:25.660 --> 04:26.170
This one!

41
04:29.210 --> 04:35.630
And next; at this point I have to select the volume encryption mode.

42
04:35.750 --> 04:43.610
The first option will format and encrypt the volume and any data on the device or partition will be

43
04:43.610 --> 04:44.720
lost.

44
04:44.720 --> 04:52.270
The second option will try to encrypt the files on the device on the fly and you won't lose the data

45
04:52.420 --> 04:54.590
that's already on the device.

46
04:54.590 --> 04:56.120
This takes a longer time.

47
04:56.610 --> 05:00.920
However if the device is empty you choose the first option.

48
05:04.570 --> 05:11.920
In the next window you can choose the symmetric algorithm used for encryption and the hash algorithm

49
05:12.160 --> 05:17.470
required in the process of encrypting the disk; if you want

50
05:17.520 --> 05:23.540
you can compare the speed of each algorithm; if there is no reason to make a change

51
05:23.560 --> 05:35.250
leave all options to their default advanced encryption standard. AES and sha512 are extremely secure

52
05:35.460 --> 05:45.370
algorithms.The volume size, the entire disk and next. In this window

53
05:45.460 --> 05:48.610
I'll set the volume encryption password.

54
05:48.610 --> 05:55.960
It's important to choose a strong password which is are in them combination of lower and uppercase letters

55
05:56.260 --> 06:04.320
digits and spacial characters; use at least 14 or 16 characters for a good password.

56
06:04.330 --> 06:13.820
Another option is to use a key file which can be any file; but if you want to use a key file instead

57
06:13.820 --> 06:14.830
of a password

58
06:14.870 --> 06:25.560
my advice is to allow VeraCrypt to generate a random one, here, in this window, using the key file generator.

59
06:25.570 --> 06:28.240
In this tutorial I'll use a password

60
06:35.940 --> 06:37.530
and I'll click on Next.

61
06:40.700 --> 06:47.240
If you think you'll store files that are larger than 4 gigabytes click this option.

62
06:47.330 --> 06:49.520
If not, leave it to the default

63
06:52.190 --> 06:55.810
In this window will choose how to format the drive.

64
06:57.360 --> 07:01.160
I selected the filesystem as being fat, 

65
07:01.420 --> 07:03.810
fat is good for compatibility,

66
07:05.360 --> 07:10.810
and I'll select quick format because I don't want to wait too long.

67
07:10.810 --> 07:18.780
Note that the quick format option comes with a small risk, which is in most cases acceptable.

68
07:20.760 --> 07:22.640
And I'm clicking on format.

69
07:26.090 --> 07:32.030
This warning says that the disc will be erased and all data are lost.

70
07:32.030 --> 07:36.610
So make a backup if you have any valuable data on the disc.

71
07:42.810 --> 07:44.490
This warning says that

72
07:44.490 --> 07:48.110
the disk will not be accessed with the same drive leter

73
07:48.180 --> 07:57.060
from now on. If for example the disc was accessed in My computer using drive letter D it won't be accessed

74
07:57.060 --> 07:57.600
anymore

75
07:57.600 --> 07:59.340
using the original drive letter.

76
08:02.710 --> 08:07.420
okay! That's all! The disc was formatted and encrypted.

77
08:07.420 --> 08:10.220
Now let's mount and use the disk.

78
08:11.360 --> 08:16.080
I'll click on select device and then select the disk.

79
08:16.130 --> 08:17.980
In this case it's D.

80
08:18.530 --> 08:23.390
I'm selecting the drive and then a new letter for the encrypted volume.

81
08:25.600 --> 08:29.060
As I said I cannot use the same drive letter.

82
08:29.170 --> 08:37.780
You can choose anything you want and I'll select a A and mounted and it's prompting for  the encryption

83
08:37.780 --> 08:38.380
password.

84
08:45.670 --> 08:48.110
After entering the correct password

85
08:48.190 --> 08:53.440
the encryption disk is available in my computer as drive letter A.

86
08:56.440 --> 09:05.790
This is the encrypted disk.

87
09:05.800 --> 09:13.150
Keep in mind that this is transparent encryption which offers data at rest protection; data on disk is

88
09:13.150 --> 09:17.380
protected through encryption only when the disk is not mounted.

89
09:18.270 --> 09:26.840
At this moment when the disk is unlocked and mounted there is no protection; also note that when you

90
09:26.840 --> 09:35.330
insert that disk the Windows operating system will not recognize it and want to formatted. Let's see

91
09:35.330 --> 09:37.000
what it's all about.

92
09:37.040 --> 09:45.430
I am dismounting the disk, exit and I'm inserting the USB disk again.

93
09:49.990 --> 09:53.490
Notice how Windows wants to format the disk.

94
09:54.690 --> 10:00.890
I'm clicking on cancel, okay and cancel.

95
10:00.920 --> 10:02.860
I'm opening VeryCrypt,

96
10:02.990 --> 10:04.560
select the device,

97
10:07.000 --> 10:09.580
mount and enter the password.

98
10:22.520 --> 10:30.370
The disk was unlocked and I can use it transparently.

99
10:30.480 --> 10:32.400
This is the encrypted disk.