Spent like 2 hours encrypting an usb only to get a “VeraCrypt is not responding” window on Debian, 100% was reached but it’s doing nothing.. so what do I do? I Force Quit and assume it’s all right? or do I have to spend another 2 hours? wtf man, waste of time.
Anyway I Force Quitted and now it shows mounted, I cannot even open it, and I cannot even unmount it
“device-mapper: remove ioctl on veracrypt1: failed: Device or resource busy
Command failed.”
Yeah I think I wasted time for nothing as this doesn’t work, probably corrupted and I have to do the entire thing again.
I know that this could be something wrong with the Veracrypt process, but every SSD and USB stick I’ve seen something like this happen to during formatting had complete drive failure shortly after. So I would say you should at least take that into account.
I would say the safest option is just reformatting the drive. Setting up a Veracrypt File instead of a partition might work better.
If a disk is Linux-only I’d recommend LUKS over Veracrypt. Veracrypt is one of the few robust cross-platform encryption tools, but it is meant mostly for Windows.
I don’t know how luks works beyond just using it on the “Guided” setting during installin Debian and that’s it. I don’t understand why it does not encrypt the boot partition, unlike Veracrypt for windows which does, but other than that I assume it’s safe and strong.
For containers and USB since I switched to Linux i still use Veracrypt because it works great and the GUI is easy to use, first time doing this with USB.
Anyway, I did the whole process again, and it worked. The only thing different being I used ext4 instead of ext3, who knows. I tested with some test files, it works. So let’s see how it performs.
What USB brands you recommend? Also to check USB health to predict failures is it possible? I guess a secondary backup would be good.
It’s possible Windows pulls something off with the TPM I’m not aware of but generally the boot partition cannot be encrypted since the computer needs to boot with enough drivers to decrypt the rest of the drive before you can type the password. Veracrypt just replaces the Windows boot partition with its own.
Overall disk encryption tools protect against theft. They still leave you vulnerable to “Evil Maid Attacks” (replacing the bootloader with a malicious rootkit). Secure Boot offers some (very little) protection against them. BIOS boot passwords offer an alternative. Both can be bypassed on many computers
They use roughly the same encryption standards by default. Veracrypt does provide far more options in the GUI.
Setting up LUKS is a bit more complicated, although it seems to be commonly listed as a GUI disk formatting option these days. Security wise this should be roughly on par with a default veracrypt setup. The main benefit is system integration, it’s more similar to Bitlocker or the Mac drive encryption tools.
On different USB’s.
The first point is that USB flash drives and SSD’s although both rely on the same underying memory chips have differences that impact reliability.
In short, Flash Drives support FAT file systems and are meant to be portable far more than reliable.
SSD’s are more robust and use file systems like EXT4 and NTFS (I don’t recall what EXT3 does differently). These file systems have built in mechanisms to detect file corruption that FAT file systems lack.
Both can be used long term without issue, but a failure in either one tends come with little warning. I’m not aware of any good tools to check disk health on Linux, and I’m not sure flash drives support health checks.
My main rule is having three copies of data rather than focusing on a brand. I actually try not to have two drives from the same brand and model to avoid ending up with multiple drives from a bad batch. You will draw the short end of the stick at some point, hopefully just not anytime soon.
Western Digital/SanDisk and Samsung are probably the two most maisntream reliable brands in terms of flash storage and SSD’s. Kingston is more mediocre in my opinion but I’ve never had an issue with them.
The main thing to avoid are the cheap brands like Kingspec.
Some cheaper brands can be worthwhile but still warrant caution. ADATA and Patriot seem to be in this category. The warranty support from these brands doesn’t seem great, but they can be great value for money and on average the failure rate should be low enough on average to make up for it.
1 Like