Changing Password only, without re-encrypting

Topics: Technical Issues
Jan 31, 2015 at 9:24 PM
Edited Jan 31, 2015 at 9:27 PM
I'm wondering, to save myself the time of re-encrypting drives:
Since VeraCrypt is compatible with TrueCrypt encrypted volumes according to the front page, If I wanted the added security benefits of VeraCrypt vers TrueCrypt, can I just re-create a new password on my TrueCrypt drives using the "VeraCrypt password creation method"? Or do I need to re-encrypt the entire drive under VeraCrypt?

Is is correct to assume all the NEW benefits of VeraCrypt over Truecrypt with regard to brute force attacks pertain specifically to the headers? So there would be no need to re-encrypt a truecrypt drive if you wanted to use VeraCrypt? In other words, just change the header on your drives?
Jan 31, 2015 at 10:31 PM
You are correct: you just need to change the password to convert a TrueCrypt volume to a VeraCrypt and thus benefit from the stronger key derivation. This is explained in the documentation. No re-encryption is needed.

By using VeraCrypt, you are not only benefiting from the enhanced security of the key derivation also from the various bug and security fixes implemented in VeraCrypt.
Jan 31, 2015 at 10:58 PM
Edited Jan 31, 2015 at 11:22 PM
Currently in VeraCrypt 1.0f-1 version, only for non-system volumes.

Referencing thread:

Mounir wrote:
Currently, the conversion of TrueCrypt system partitions is not implemented. Only TrueCrypt containers and non-system partitions are supported.
Hopefully, this will be implemented in the next version if all technical difficulties are overcome.
Jan 31, 2015 at 11:21 PM
Edited Jan 31, 2015 at 11:23 PM
That's great news, Thanks guys!
I do run System Encryption under TrueCrypt. However, I think should still be able to run VeraCrypt as a portable program while under my current implementation and just use it to change the headers on my NoneSystem drives until I get around to encrypting the system with VC. After doing so, I would just have to mount the drives with the portable VeraCrypt at that point.
Feb 1, 2015 at 2:52 PM
There are no conflicts between TrueCrypt and VeraCrypt so you can install VeraCrypt even if you are using TrueCrypt for system encryption.
Of course, VeraCrypt in portable mode will also work.
Feb 3, 2015 at 10:28 AM
Thanks again for your response on this idrassi. If I may ask one last question: Are 4 TB drives initialized by using the GUID partition table (GPT) partitioning scheme supported with VeraCrypt?
Feb 3, 2015 at 2:02 PM
VeraCrypt supports GPT partitions for non-system encryption, so there will be no problems.

Concerning 4TB drive specifically, there is a compatibility issue on Windows if the drive doesn't support the 512-bytes emulation mode. This is explained in the following issue entry:

In order to see if your drive comes with the emulation mode, run the following command:
fsutil fsinfo ntfsinfo L:

L: being the drive letter of your 4 TB hard drive.

If the "Bytes Per Sector" shows 512, then the emulation is enabled and there will be no issues with VeraCrypt on Windows. On Linux and MacOSX, there are no such limitation and VeraCrypt is compatible with all sector sizes.

A user, Enigma2Illusion, posted a link to instructions detailing his experience with a 4 TB and TrueCrypt which applies also to VeraCrypt.
Feb 3, 2015 at 8:45 PM
Edited Feb 3, 2015 at 8:50 PM
Hello idrassi

Where would you run this command, and does the drive need to be mounted before you run it? The reason I'm asking is, I remove my drive letters under windows because the OS Nags about encrypted volumes at boot time. It wants to format them every time you boot. The solution was to remove the drive letters of your encrypted drive.
Note: My 4 TB seems to be working fine under VeraCrypt, and was never an issue under Truecrypt. I'm guessing that could be a good sign.
I always buy internal SATA drives, never USB. The USB controllers are nothing but problems, I don't trust them.
I've had good luck with Western Digital HGST CoolsSpins, or just the normal 7200rmps and Hitachis.

On a side note. How would you verify this info at the store when buying a new drive?