This project has moved. For the latest updates, please go here.

Is this secure?

Topics: Technical Issues
Jan 22, 2016 at 3:01 AM
Dear Veracypt admin and fellow users,

1) I plan to use VC's system partition to encypt a SD card so the whole of SD card is encrypted and then I am going to "copy and paste" some existing VC encrypted containers from my computer's hard disk onto it. It means that I will have 1 copy of those VC containers within my SD card and 1 copy on my hard disk and they have the same set of password/encyption because they are just exact copies of each other.

Question: Is the above method safe and is it a good practice? I asked because I remember in previous TC's documentation that it is recommended that a person should decrypt the partition on SD card first, and then create new containers within this partition of SD card using a different password, and then copy the sensitive files from the encrypted containers on hard drive onto the encryption containers of SD card, so those encrypted containers have different passwords from each other.
__--------------------------------------------------------------------------------------

2) The following question is not directly related to VC but it's also related to computer's security and so I hope Admin doesn't mind I also post it here and your opinion/help is really appreciated.

I run a software on my computer and I have some files in a specific folder in a directory of this software folder. Those files have to be in this specific folder as they are being utilised by the software. In the software folder I also have some custom 3rd party's dll in it as they are also being utilised by this software.

This software has to be connected to the internet 23 hours each day. I have 2 potential risks:
a) The software has some spyware code and my files in the specific folder can be uploaded to the internet or to the software's server, without me knowing.

b) Those 3rd party's dll can have malicious code and the files of the specific folder can be uploaded to the original programmers' servers without me knowing.

Question: How can I guard against the 2 risks above? I think I can use a firewall and specify a condition such that "ALL FILES IN THIS FOLDER CANNOT BE UPLOADED TO THE INTERNET or CANNOT LEAVE THIS COMPUTER" or, just single out a certain files in that specific folder that cannot be uploaded to the internet or any servers.

I am not too familiar with firewall. Is Windows 7 capable of dong the above? If not, anyone who has expertise in FIREWALL can recommened a good solution or a good firewall option? My concern is that those files have to be in that specific folder in order to be utilised by the sofware locally, but at the same time I don't want my files in that specific folder to be stolen or uploaded to anyone's servers.

P.S. Can anyone also recommend a good firewall/technical forum where I can ask such a question?

Thanks in advance for your reply.
Jan 28, 2016 at 1:49 PM
1)
A potential problem of having a copy of a VC container is, that the encryption key is the same.
Say someone has your password, so you change the password of your volume.
If the adversary has another (older) copy of the volume, he can extract the key from the old volume with the old password and open your new volume without knowing the old password.

2)
What strange kind of tool is that? It needs secret data and 23h/day internet connection, but you don't trust it?
If it has to read your files and it has to have an inet connection you cannot prevent it from sending the file content to the internet.
If it needs 23h/day inet-connection this is most likely for copy protection reasons, right? In that case the communication between the software and the server is most likely encrypted, so "from the outside" you cannot see what is uploaded. The only chance to detect that I see is via filesize - if the secret data is pretty large, you could monitor the amount of data uploaded by that tool and disconnect it if the traffic becomes suspiciously high.