This project has moved and is read-only. For the latest updates, please go here.

2 Questions. How secure is AES? Does the MFT store the filenames in an encrypted volume in Win10?

Topics: Technical Issues
Mar 23, 2016 at 7:07 AM
Hello idrassi, big fan of your amazing work.
Just wanted to ask, i am trying out Veracrypt containers with the default AES enryption and exFAT filesystem. The volume i have created is a 100mb container,and at the moment contains saved pdf attachments and other banking statements etc etc. Basically my personal info and some journal entries.
My question is this: How secure is AES in general? Do you have any information if it has been compromised by hackers or even the law enforcement agencies?
How about AES volume with a 21 character password that has upper and lower case, numbers and symbols? So for example even if AES is somehow compromised as Bruce Schneier thinks, will having a strong 21 character password make cracking it by brute force a futile effort?
I am fascinated by the math of encryption and how you cant use torture to solve a math problem lol.

Also, i hear concerns about hackers getting to know about encrypted containers contents by opening the MFT (master file table) in Windows 10 and below. Is this possible, that a record of the filenames are kept in windows even if any saved or created file has always been inside the volume and accessed also only from within the volume?
Is it true that the MFT and shellbag MRU's have the details of the filenames stored in Windows?
And if so, what do you recommend to clean/scrub those entries?

Thanks for taking the time to read this lengthy post, i hope you have a great day. I have donated and continue to spread the word to take back your privacy among work colleagues and friends.
Mar 24, 2016 at 2:29 AM
Just as a followup: Lets say that as the encrypted veracrypt volume is not NTFS but deliberately exFAT and the system is a win10 NTFS,
when this encrypted volume is opened in win10, because the hosting system is different, it should not be appended or the "handshake"that happens when another NTFS filesystem is connected to the host machine.
What i am trying to ask is, if the volume is not NTFS same as the host machines filetable format, will this make a difference if the logs are kept or not?
Mar 24, 2016 at 5:22 PM
Dear xiduxumub,
  1. AES is safe, trused and with a good password it is not possible to hack it via bruteforce today in reasonable amount of time.
  2. Once you see any file or folder from withing windows, it gets stored inside registry, or folders like prefetch, recent, files like thumbcaches, pagefile, hiberfil, etc. It is very hard (and maybe impossible) to avoid leaving any traces. If adversary can't get to the originals you have been working with, he can still see what you have been doing. If you don't like this, you have to encypt the whole system, it is only possible solution. You will still leave traces, but they will be encrypted with the system. There are many traces in MFT too, but each volume has its own MFT, so I don't see it as a problem, because on an encrypted volume MFT is encrypted too.