VeraCrypt Review – Is it Really As Secure as it claims?

VeraCrypt is a free encryption software from IDRIX, more like an upgrade, or newer version of Truecrypt but they’ve totally changed what TrueCrypt used to stand for with a lot of added fortified encryption features and algorithms and that’s what we will discuss about in this VeraCrypt review.

You probably already know what VeraCrypt is, atleast as an outline, and just wish to know what its features are, and how good, or not so good it is, isn’t that right?

So let’s get on with this VeraCrypt review and then you can be the judge and jury of its calibre and potential.

VeraCrypt Introduction

VeraCrypt as I already said, is an extension, an upgrade of TrueCrypt. VeraCrypt is Open-source, free, transparent and one of the most sought after encryption tools of the day.

Let me just say that VeraCrypt as an encryption software supports all three major operating systems, i.e. Windows, Linux, MacOSX so compatibility is great without doubt and you can continue reading this VeraCrypt review regardless of which OS you are on as it supports almost each of them.

What VeraCrypt Does for You?

I expect you to continue reading this piece, and maybe use VeraCrypt only if it does something for you, solves some of your problems, right?

Well, for starters VeraCrypt “encrypts” your files and folders, and does it “on-the-fly”. We will discuss the features in details later, but for now we can say that it makes sure your data isn’t compromised by any leak, network breach or even physical theft.

Veracrypt initially creates an encrypted area inside your partitions or any storage device, termed as “volume”, this “volume” resides in a file which is called a “container”. It’s this “container” where all your encrypted files are stored.

Although it also has the capability to encrypt a complete partition in which case the whole partition/storage device would be the “volume”.

It has the capability to encrypt not just your hard-disk, but external devices such as USBs and CDs as well.

It encrypts just about every kind of file type, be it a media file, a document, an application or anything else, you can protect everything.

It also let’s you create an entirely hidden volume along with a “hidden operating system” inside your primary OS! Intrigued? Let’s now have a deeper insight into its features.

VeraCrypt Features

Some of the most prominent features we will be discussing throughout this VeraCrypt review are:

  • Usability (How easy or hard it is to use).
  • On-the-fly Encryption.
  • Hidden Volume (Plausible Deniability).
  • Hidden Operating System
  • Portability
  • Prevention Against Data Theft and Data leaks.

1. Usability

Usability is a key-factor for this VeraCrypt review considering how most other encryption tools I’ve been with aren’t really made for the masses, well VeraCrypt is.

VeraCrypt supports all major OS(s), and most of the installation and encryption procedure is self-explanatory, you can read the on-screen instructions and get it done in a fizzy.

Although as you can see in the screenshot, there are some terms and phrases you may not totally understand, not that they’d make a big difference but even then I personally would appreciate if they could explain it to us in simpler words.

Also, encrypting a full disk isn’t as simple as checking off a box, you are required to take some major actions such as create a recovery disk, but at the end of the day it’s all there to protect our systems better.

Bottomline, it’s easy to use but needs you to “use” it, meaning it’s not 100% automated and your involvement is required at some level atleast.

2. On the Fly Encryption

This is what makes VeraCrypt special. On-the-Fly simply means something that happens “during transmission”, or “in real time” in a broader sense.

So, VeraCrypt has this ability to encrypt and decrypt data when it’s being used in real-time and not moments before or after the actual process.

In other words, you can copy-paste encrypted files/folders just as any other normal unencrypted file/folder you interact with, the trick is that VeraCrypt encrypts or decrypts the data when it’s in the RAM (when it’s being copied, or used in any other way).l

This prevents the need to “pre” encrypt or decrypt your data, which makes it impossible for hackers to get their hands on such decrypted data just sitting there.

Also when working on data, it’s automatically encrypted right before it’s saved, or in other cases decrypted exactly when you load it on your system to work on it. This part is totally automated and needs no switches to be flipped.

What’s worth noting is that, whatever is decrypted is never stored on our “hard-disks”, rather it resides on the RAM from where it can be used by the user.

Once the system shuts down, or restarts, the data is re-encrypted automatically and is dismounted (taken off the RAM) hence requiring authentication once more from the user in case they wish to access the data.

The same is true in case the system turns off suddenly without proper shutdown.

Although as I mentioned earlier in this review that it offers on the fly encryption, because of that there are no additional RAM requirements.

As the files are encrypted/decrypted on the RAM only when they’re being used, and aren’t “stored” there.

During my use of the tool for this Veracrypt review, I found that there only was a very slight delay in the “opening” of the encrypted volume, but the eventual “use” of the volume like reading/ writing/ opening files was as smooth as any other unencrypted file.

3. Hidden Volume (Plausible Deniability)

Hidden Volume is exactly what the phrase suggests, a volume, which is hidden. Do not confuse it with “hidden operating system”, cause that’s like a totally different feature.

Hidden Volume is a partition which is stored inside a standard encrypted volume. Standard encrypted volume is a volume which is visible but is still encrypted and secure. (Best option for newbies).

While this hidden volume is “inside” the standard volume. Because it’s hidden “behind” the standard encryption, there’s no way to verify that the hidden volume actually exists.

This is what offers you plausible deniability. Meaning there is no proof that the hidden volume actually exists behind the standard volume, so you can deny the knowledge of such a volume completely.

In other words, we can call it “decoy” strategy, your standard volume which is visibly encrypted should have some files, which you’re okay with being compromised.

So, if you’re ever forced to decrypt your encryptions using your passphrase or key-files, you can simply unlock the “standard” volume, which should make the person forcing you happy because you unlocked your volume, what they don’t know is you also have another “hidden partition” behind this volume.

Let’s glance over how it works in brief. For any encrypted volume to work for you, you need to mount the volume using Veracrypt. Although in the case of hidden volumes, you only mount the “outer” volume and the inner (hidden) volume is automatically mounted.

In order to reveal the hidden volume, all you need to do is enter the password for the hidden volume.

So it’s like, if you enter the password for your standard volume, only that volume is accessible, and in order to access the hidden volume, it’s the Hidden volume’s password that you need to enter (note that both the passwords use the same screen, what is accessible depends on which password you enter).

I believe we’ve imparted enough attention to Hidden volumes in this Veracrypt review, let’s move on to another aspect, something similar yet distinctly different- Hidden Operating System,.

4. Hidden Operating System

A Hidden Operating system is slightly different than the hidden volumes we just talked about in this.

A Hidden volume is just a file/folder that’s “hidden” and is created inside a standard encrypted volume.

A hidden OS on the other hand is significantly different, yet similar. In the case of Hidden Operating systems, you create “a separate Operating System” on your computer.

When I encrypted my whole system (the main partition where my Windows files live / the complete OS) using Veracrypt (which you need to do in order to create a hidden OS), Veracrypt started asking for a pre-boot password everytime before I access my system.

Note that this “encrypted partition or OS”  isn’t hidden. It’s just a basic encryption procedure, you encrypted your whole system, so now you need to enter a password to access it, simple.

But, when you create a Hidden OS, what you actually do is, you create an encrypted standard OS, then you create an encrypted “Outer volume”, inside this outer volume you create a Hidden Volume, and then inside this Hidden Volume, you install your Hidden OS.

Yeah, it’s lengthy, and as I mentioned in this Veracrypt review earlier, does need some activity on your part, but it’s “simple” even though it’s lengthy.

When logging in to your system after creating the Hidden OS, you’re asked to enter your pre-boot password, now this is where you determine what you wish to access. If you enter your normal Veracrypt OS password, your normal (unhidden) OS will open, while if the hidden OS password is entered, that OS is what’s accessible.

My two cents here are that do not go for the Hidden OS unless you’ve something really extremely confidential or sensitive to hide.

The “Hidden Volume” should be sufficient in most cases for most general users.

5. Portability

Moving on to another aspect of this Veracrypt review – Portability.

This is a feature which lets you “use” Veracrypt without actually installing it on a system.

Meaning, you can encrypt/decrypt files on a system, and yet not leave a lot of trace that VeraCrypt was used on the system (although some traces are left).

To use Portability, you need to “extract” VeraCrypt on an external device, such as an USB drive. Simply plug in this USB drive on any computer to start using VeraCrypt.

6. Prevention Against Data Theft and Data Corruption

This is the final aspect I’m taking up for the purposes of this Veracrypt review, more than a feature this is like a “failsafe”.

But you need to know it exists in order to be able to probe Veracrypt’s true level of security, don’t you?

Veracrypt has this feature which makes sure that all the Veracrypt volumes which are “non encrypted” or “non-hidden” are “read only”. Meaning you can’t “Write” (add/edit) data to those volumes.

For data to be written to a Veracrypt volume, it has to be encrypted and/or hidden.

This feature is supposed to also protect us against data corruption, as in the cases when the system enters hibernation mode, this “write-protection” makes sure that the state of the drives is the same post-hibernation as it was before the system entered hibernation mode.

Bottomline, as an open source encryption tool, Veracrypt does satisfy me personally. I believe it’s time we end this review Veracrypt.

7. Tech-Backed Speed

While most other similar software “claim” to offer speed, Veracrypt has backed its talk up. It makes use of Hardware Acceleration, Parallelization and Pipelining to offer faster speeds than tools which lack these abilities.

Hardware Acceleration in the simplest terms is a system’s ability to use its “Hardware” specs (when available) to boost performance. Or in other words, the process isn’t completed only by the software, but also the Hardware.

Parallelization is the ability which lets Veracrypt use all of a computer’s cores while encrypting or decrypting. When using Parallelization, Veracrypt can split the data into multiple chunks, each is encrypted/decrypted simultaneously. So the “wait-period” is exponentially lowered, as data-chunks do not have to “wait in a one single line”.

It also is capable of Hyper-threading, if and when available Parallelization can be further increased. In this case, more cores than are physically present tend to get the job done.

Finally Pipelining is the superpower using which Veracrypt can decrypt a file on the system’s RAM, even when it’s just being loaded. In other words, users do not feel an extended delay due to, or for Encryption/Decryption, it’s all smooth and seamless.

8. Warrant Canary

We’re talking about Veracrypt’s security claims, aren’t we? Well it does seem pretty legit. The company publishes regular Warrant Canaries on its website.

Warrant Canaries are basically notices available publicly which list all the legal warrants/demands that a company receives from law enforcement/courts. All requests (if any) to install backdoors, share private keys etc. are listed on this warrant canary.

The date of issuance can be verified, and the canary is PGP-signed to prevent doctoring. It also mentions that in case the canary isn’t updated by a pre-mentioned time, it should trigger caution.

9. Multiple Encryption Algorithms

Veracrypt offers over 5 encryption protocols which can be used to encrypt your data, these include:

  • AES: Arguably the most secure encryption protocol in existence, military-grade protection.
  • Twofish: Extremely secure, almost came close to being standardized.
  • Kuznyechik: National Russian standard.
  • Serpent: AES contest finalist, pretty secure.
  • Camellia: Often considered equal in security to AES and Rijndael.

Closing Words

I believe by now you’ve got a solid idea how capable or not so capable from your perspective, VeraCrypt is, isn’t that right?

It has a great support for operating systems, and it uses a number of advanced encryption algorithms to secure us.

It’s free, as well as open-source, meaning the possibility of the existence of backdoors just isn’t there, as it’s open for audit by anyone educated enough to do so.

Although I personally felt that, the security precautions and measures needed to make your system “truly” secure aren’t that simple. Atleast not for those who’re encrypting their systems for the first time.

Sure, the basic, standard, visible encryption is as simple as it can be, you encrypt it, and decrypt it using a password or key-file.

But, the advanced features such as Hidden Volume and Hidden OS need careful handling and installation, in the absence of which the data you’re protecting may get corrupted.

So summing this Veracrypt review up, all I’ll say is, go for it even if you’re a newbie and are willing to stick to the standard, visible encryption. And if you’re an advanced user, there aren’t many alternatives better than its Hidden OS or Hidden Volume out there (especially for free).