VeraCrypt

VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted VeraCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted VeraCrypt volume. Similarly, files that are being written or copied to the VeraCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for VeraCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let’s suppose that there is an .avi video file stored on a VeraCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the VeraCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

Note that VeraCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile). For a quick start guide, please see the chapter Beginner’s Tutorial.

VeraCrypt 是一款免费开源跨平台的实时磁盘文件加密工具,它是基于知名的开源加密工具 TrueCrypt 项目衍生而来。由于之前 TrueCrypt 已在官网上宣布其自身不安全并已停止开发了,因此现在比较活跃、而且同样是开源跨平台的 VeraCrypt 顺理成章成为大家公认的最佳文件加密工具新选择之一。

VeraCrypt 加密软件

VeraCrypt 加密软件支持 Windows、Mac 和 Linux 系统,并通过 AES、Serpent、Twofish 等高强度加密算法进行实时的加密和解密。VeraCrypt 可以帮你创建一个虚拟的加密磁盘分区来让你保存重要的文件 (文件型加密卷),这个虚拟磁盘会以一个文件的形式保存在你的电脑上,使用时只需通过 VeraCrypt 挂载成一个盘符即可进行使用。

VeraCrypt 中文版VeraCrypt 自带简体中文,点击菜单 Settings->Language 选择简体中文即可

当然,VeraCrypt 也支持直接对物理分区甚至整个物理硬盘进行加密 (加密系统分区/加密整个硬盘),而且也能「支持对移动硬盘、U盘加密」。VeraCrypt 的功能和使用上跟 TrueCrypt 基本一样,但总体更加出色,有过 TC 使用经验的朋友应该能很快上手。

给网盘文件加密!为自己的隐私数据加把锁

一般没特殊需求的情况下,我会建议大家使用「文件型加密卷」,因为使用上会比较灵活一些,所有的加密文件都会储存在一个文件里面,备份起来也方便。而且,对于需要将重要文件通过互联网 (网盘、云存储) 同步的朋友,你只需要把这个加密卷文件丢到 Dropbox、OneDrive、Google Drive 或是国内的百度网盘、360网盘上,甚至是把这个文件直接丢在公司的公共电脑上,都完全不必担心数据被窥探或泄露!因为 VeraCrypt 所使用的加密算法在目前技术上基本没有可行的破解方法。

VeraCrypt 加密

在国内普遍没有节操的网盘跟互联网服务的大环境下,善用 VearCrypt 来保护自己的重要数据还是很有必要的。不仅可以避免被各种审查,也防范了因网站密码泄露后被别人登入获取。

隐藏加密卷功能 –  设置两个密码来保护数据安全的“妙计”!

VeraCrypt 还有一个很有特色且非常实用的功能——「似是而非的否认」(英文为 Plausible deniability,这翻译实在太拗口了),这到底是个啥?

话说,如今的加密技术已经相当的牛B了,像 AES 算法就连美国军方也没办法破解。但如果你纵观历史,或者在各种电影里你会发现,在数据安全面前,其实最薄弱的环节往往不是加密技术,而是「人」本身!例如攻击者可以直接威胁你家人、或对你严刑逼供来迫使你交出密码,这时候,VeraCrypt 的「似是而非的否认」功能就能救你一命了!

VeraCrypt 隐藏卷

简单来说,这个功能可以让你为加密卷设置「两个密码」,一个密码可以解开普通的加密卷,另一个密码则是能解开一个隐藏在内层的「隐藏卷」。我们可以把并不重要的文件 (或者假的诱饵) 放在外层普通加密卷里,而真正重要的文件全部放在「隐藏卷」里,当被迫交出密码时,你只需将外层普通加密卷的密码告诉对方,这样他们只能解开外层普通加密卷的文件,实际上内层「隐藏卷」的重要资料还是安全的,对方也并不知道还有「隐藏卷」的存在,利用“弃车保帅”的妙计来蒙混过关。这就是 VeraCrypt 的“似是而非的否认”的功能,其实我认为把它称为「隐藏卷功能」更加易于理解。据说这功能对于防止老婆突击检查有奇效!

总结:

总的来说,VeraCrypt 的加密功能非常强大且安全,可以跨平台在 Win、Mac、Linux 系统上使用,加上支持虚拟磁盘、几乎无需等待的实时加密解密在使用上也很方便。

得益于开源,VeraCrypt 还有「第三方开发的」iOS、Android 客户端可供使用。免费、跨平台、开源这些特性相比 BitLocker 或者大部分加密工具都有优势。目前该项目依然活跃更新,如果你有文件加密的需求,那么 VeraCrypt 应该是值得你优先考虑的工具之一。

发表评论