Could someone explain what’s the deal with the jorunaling thing? When you are doing full disk encryption with VeraCrypt, they give you the option to choose filesystem. Typically I would use ext4 for linux, exFAT if I want to open it in Windows too. I have heard somethings about how they can leak data but it’s too technical for me.
I was also looking at hidden volumes, it sounds good if you are forced to decrypt, it’s better than nothing. In this case, would it be possible to fully encrypt an USB and have a hidden volume on it? what filesystems would you recommend? I know USB is not ideal because they corrupt easily etc, but again it’s better than nothing.
Journaling is a technology that enables the filesystem to recover data that was in the process of being edited upon a hard shutdown like if the drive is forcefully disconnected or if the system looses power suddenly. I’m not aware of how it leaks data. Maybe someone else could comment on that.
If you are going the hidden volume route I would recommend reading this thread and the links therein while considering your threat model in relation to your adversaries. Hidden volumes do work for USB storage and I would go with ext4 unless you have want for more features with btrfs like it’s neat backup capabilities. And of course exFAT for windows.
From what I recall reading, journaling thing may leak that for instance you accessed the encrypted drive recently, and for hidden volumes I reckon they recommended non-journaling filesystems.
A file-hosted VeraCrypt container is stored in a journaling file system (such as NTFS). A copy of the VeraCrypt container (or of its fragment) may remain on the host volume. To prevent this, do one the following:
Use a partition/device-hosted VeraCrypt volume instead of file-hosted.
Store the container in a non-journaling file system (for example, FAT32).
So I don’t see the benefit of ext4. Or it means this is a problem only for volumes and not full device encryption?
And also there’s this:
A VeraCrypt volume resides on a device/filesystem that utilizes a wear-leveling mechanism (e.g. a flash-memory SSD or USB flash drive). A copy of (a fragment of) the VeraCrypt volume may remain on the device. Therefore, do not store hidden volumes on such devices/filesystems. For more information on wear-leveling, see the section Wear-Leveling in the chapter Security Requirements and Precautions.
Again, is this talking about individual containers only and its safe if you do it on the full device?
The no journalling recommendation applies to the host operating system storing the encrypted container not the container’s filesystem itself. If full-disk encryption is enabled at the OS level then this should not matter unless you are forced to unlock your system to an adversary or a snatch and run attack is expected while in use (check-out Buskill). If Veracrypt is applied on a whole partition or drive then it’s not vulnerable to journal leaks because it’s not hosted on a filesystem to begin with. And the vulnerability it seems specifically pertains to the plausible deniability of a hidden volume since it notes above that these are similar issues to the known critical problem that if an adversary has access before and after a modification to the hidden volume they can see sectors have changed in a suspicious area of “free” space — assuming they have knowledge of this by coercing you to unlock the outer volume. (I wonder if a filesystem that intentionally writes to random sectors would mitigate this. Maybe that’s what shufflecake does. I don’t know, but the name evokes that sense.)
So it looks like if you do want to successfully use hidden volumes you would need to at least:
Avoid putting the container in a journalling filesystem by either doing block encryption or storing those containers on an external exFAT device (I guess you could run the OS on a non-journalling filesystem but you would want a reliable power supply like a UPS or laptop battery and hope that your system doesn’t crash at inopportune moments).
Not use wear-leveling devices if highly skilled forensic examination is in your threat model. This is talking about both individual containers and full device because it mentions device/filesystem. See https://anonymousplanet.org/guide/#wear-leveling for more info. This guide also goes into the use of hidden volumes with Veracrypt.
Heed everything else mentioned on their “Security Requirements and Precautions Pertaining to Hidden Volumes” page.
