password manager), but also tough
to crack. Try to make it at least 20
characters in length.
Gain additional protection by
checking “Use keyfiles” and clicking
the “Keyfiles” button. This adds
another layer of protection: Not only
do you have to enter your password
correctly, but you also need to select
whichever file (or files) you choose
to be linked to your container. These
files can be already present on your
hard drive—choose a compressed
format such as MP3 or Zip—or you
can have VeraCrypt generate a newrandom key file from scratch. Either
way, make sure the files are backed
up somewhere safe, because if
they’re deleted or the first 1,024KB
of data is changed, your vault will be
impossible to access.
Checking the “Use PIM” box
creates an additional step after
clicking “Next,” where you can
set a custom Personal Iterations
Multiplier. The default setting (485)
prioritizes security over speed
when mounting the volume after
each system boot—should you wish
to reduce the time taken, you can
set a lower value, but make sure
you’ve set a lengthy password.Format & mount encrypted volume
After clicking “Next,” you’re asked
if you plan to store files larger than
4GB in your new virtual drive—this
determines which filesystem is set
as the default in the next step (exFAT
if yes, FAT if no). Click “Next” and
you’re ready to configure and format
your volume. You can change the
filesystem here—NTFS and ReFS
are also available—plus choose
whether to perform a quick format
(not recommended). CheckingIt’s possible to encrypt an existing data drive
without wiping it in VeraCrypt using “Encrypt in
place.” But there are drawbacks. Unlike encrypting
your Windows installation, the drive won’t be
available while it’s being encrypted. Also, when
done, you’re prompted to assign it a different drive
letter—this isn’t necessary as we’ll explain shortly.
Choose “Encrypt in place,” click “Next,” read
the warning, and click “Yes.” You’re prompted to
set encryption and authentication options, then
asked to move your mouse randomly to strengthen
the encryption keys, before ending up at the “Wipe
Screen.” This allows you to shred unencrypted files
after the drive has been encrypted to prevent them
from being recovered by undelete tools later. Only
the most paranoid should consider anything other
than “None (fastest)” or “1-pass (random data).”
Click “Next,” then “Encrypt.” Click “Yes” (you
may need to click “Yes” again if the drive is in
use, to dismount it), then wait for the drive to be
encrypted. Once done, read any warnings, and click
“Finish.” To keep the same drive letter, right-click
“This PC” in File Explorer, and choose “Manage.”
Identify your encrypted partition using its drive
letter, right-click it, choose “Change Drive Letter
and Paths,” select the current drive letter, and
click “Remove,” then “OK.” You should now be able
to select the drive letter in the main VeraCrypt
window, and click “Auto-Mount Devices” to follow
the advice in the main feature to access the drive. If
you wish to decrypt the drive permanently, select
it, and choose “Volumes > Permanently Decrypt.”ENCRYPT IN PLACE
“Dynamic” means the file
containing your encrypted volume
isn’t formatted as its actual size,
but instead increases in size as you
add content to it—this comes with
several warnings, not least of which
are severely degraded performance
and reduced security.
You’ll see a prompt to move your
mouse within the VeraCrypt window
to improve the cryptographic
strength of the volume’s encryption
keys. When you’ve configured
the drive and the “Randomness
Collected From Mouse Movements”
meter is full, click “Format,” and the
encrypted volume is created. Wait
until the confirmation dialog box
appears, then click “OK” followed
by “Exit” to return to the main
VeraCrypt window, ready to access
your encrypted container for the
first time.
Select a free drive letter from the
list and click the “Select File” button
to choose your encrypted container.
Click the “Mount” button and then
enter the volume’s password
before—if applicable—clicking the
“Keyfiles...” button to select
the required files that will give youKey files add an
additional layer
of security to
your encrypted
data drives.VeraCrypt’s benchmark tool shows you how each algorithm or hash performs.protect your data
38 MAXIMUMPC MAR 2020 maximumpc.com