It works! I recently switched to VeraCrypt from TrueCrypt, because TrueCrypt is now unsupported and rumor has it that technology was making TrueCrypt less and less secure. I do not use Partition/Device encryption or System encryption, only Volume Encryption, meaning that specially-created "container" files in the normal unencrypted Windows environment are mounted as encrypted volumes exactly as if they were separate, encrypted disk drives. I keep my personal and business files there, and I do it this way because it is simple, because backup of those container files is trivially easy, and because there is zero risk of a complete failure.
If you want to know more about Partition/Device encryption or System encryption, the information in this post may not help you.
A year ago I wrote about TrueCrypt Forks. I didn't like VeraCrypt then because it took a very long time, a minute or more, to open a container after entering the correct password. This was by design - the VeraCrypt developer, Idrassi, by default uses hundreds of thousands of iterations in the key derivation function, contending that it helps protect against brute-force attacks, where a computer is automatically trying billions of password guesses. He is right - this method of attack is becoming faster and more effective as computer power increases and multiple processors can be brought to bear. However, I open and close encrypted volumes frequently and the defaults pushed my patience too far.
Happily, the current version of VeraCrypt, Release 1.17, offers a compromise: If the password is 20 characters or more, VeraCrypt allows the user to bypass the defaults and choose a lower number of iterations by specifying a Personal Iteration Multiplier (PIM). The minimum multiplier of 1 will still result in an iteration count 8 to 16 times greater than that used in TrueCrypt, with a very short delay, whereas multipliers in the range of 10 to 100 will increase security but will cause somewhat greater delays. Those delays might still be acceptable, depending on the speed of the processor. I experimented with several different PIM values.
The PIM is a secret value, chosen when the container file is created, and it must be entered correctly as a separate parameter when the password is entered to mount an encrypted volume. Therefore, though the PIM may be used to reduce the iteration count and make a brute force attack easier, it also effectively increases the password strength, making the attack more difficult again.
I use passwords of 20 characters or more anyway, so the PIM is a perfect compromise. During the process of creating new volumes I did have to wait through some long delays, but now that the volumes are created and in place, the delays are quite acceptable. PIM works.
Also interesting, VeraCrypt can actively coexist with TrueCrypt on the same system, running at the same time. I created new VeraCrypt containers and copied the encrypted contents of the old mounted TrueCrypt volumes directly into the mounted VeraCrypt volumes with no problems. During that process, none of the encrypted files were ever decrypted on disk. That's cool - no disk wiping required. Actually, VeraCrypt can mount most TrueCrypt volumes (though not my oldest ones), so the applications might not have to coexist, but it was slick.
I rarely use the TrueCrypt or VeraCrypt console, instead using command-line scripts (cmd.exe processor) to automatically mount and dismount volumes, create backups of volumes, copy volumes to the cloud and to other computers, and more. Every script that worked with TrueCrypt still works with VeraCrypt, after just changing the run path. It just works, no errors, no problems.
For a thorough, functional test I uploaded a 3 GB encrypted container full of files to the cloud, using both iDrive and CloudBerry, then downloaded that same file back to the desktop. Using Microsoft's comp program, the files compared exactly with the original in each case. Also, in each case, the downloaded encrypted container opened without issue, the true proof that the file was not corrupted.
I use VeraCrypt on two computers, a desktop and a laptop, The desktop runs a clean install of Windows 10 (it once ran Vista), and the laptop runs Windows 10 upgraded from Windows 7. Both have plenty of RAM and disk, with dual processors in the 2 - 3 GHz range.
My congratulations to Mounir Idrassi, the force behind VeraCrypt. I'll be making a PayPal donation to the cause.
By the way: I also downloaded CipherShed, intending to compare it with VeraCrypt. However, the CipherShed installer informed me that I would have to uninstall TrueCrypt first. Since I want to keep TrueCrypt around, I did not install CipherShed.
Showing posts with label cloud. Show all posts
Showing posts with label cloud. Show all posts
Saturday, March 5, 2016
Friday, August 15, 2014
IDrive Backup Review
It works and I like it. IDrive is a backup and file-sync facility with lots of good features, supporting a wide array of computer operating systems and mobile devices. The features that I particularly like are:
Desktop Application:
IDrive has both a GUI desktop application and a brower-based application, with similar but not identical functionalities. It took me a little while to get used to the two and determine which to use for what purpose. There are similar applications for many different computer operating systems and mobile devices. I was able to install and use the GUI desktop app on Windows XP Pro, Vista Ultimate, Windows 7, and Windows 8.1, with no obvious differences in functionality.
Speed:
Although upload appears to go as fast as my DSL link allows, about 900 kbps or about 3 hours per GB, download through the GUI desktop application appears to be throttled to about 5 Mbps, roughly 2 GB per hour. My DSL is about three times that fast, almost 16 Mbps, so it should go faster, as do most other downloads. The browser-based application actually downloads a little faster than the GUI desktop application, maybe 25% faster when restoring my 2 GB encrypted file, finishing the download in 45 minutes instead of 57, though this is still well below half of the maximum speed of the DSL connection.
IDrive isn't very expensive, $37.12 per year for 300 GB, but I am still using the free version because we don't yet need the extra space or features of the professional versions. Perhaps download speed is throttled for freeloaders like myself - I don't know, and I wouldn't blame them. It's not an issue in our application, though, because file recovery will be seldom if at all, mostly just for testing, and at 2 GB per hour it won't require more than two or three hours to download everything we have up there in any case.
Technical Support:
Excellent so far - I've had two interactions with them, one via chat and another through a submitted bug report. They know that I have a free account, I'm sure, but seem interested in solving my problems anyway. There is also a forum, in which IDrive participates quite actively. I submitted one problem there and was soon advised to submit the problem as a regular bug report.
Hints:
Command-line options are implemented through a program called idevsutil.exe, found in the IDrive programs folders (C:\Program Files (x86)\IDriveWindows\... in Windows). However the one that is supplied by the IDrive installer didn't actually work - I had to go to the Getting Started page and download the idevsutil.exe that actually does work.
Cloud backup provides the ultimate off-site backup, to protect against a disaster such as fire, flood, theft, even death of a principal person. However, it's no good if the files are inaccessible due to a lost usrname or password. Be sure to have those somewhere else safe, perhaps in a safe deposit box.
- The command-line options that allow me to incorporate this cloud backup facility into the rest of our normal, every-night archive system; and
- The sophisticated incremental backup features which back up only the files which have been modified since the last backup, and then back up only the modified sectors of large modified files.
Desktop Application:
IDrive has both a GUI desktop application and a brower-based application, with similar but not identical functionalities. It took me a little while to get used to the two and determine which to use for what purpose. There are similar applications for many different computer operating systems and mobile devices. I was able to install and use the GUI desktop app on Windows XP Pro, Vista Ultimate, Windows 7, and Windows 8.1, with no obvious differences in functionality.
Speed:
Although upload appears to go as fast as my DSL link allows, about 900 kbps or about 3 hours per GB, download through the GUI desktop application appears to be throttled to about 5 Mbps, roughly 2 GB per hour. My DSL is about three times that fast, almost 16 Mbps, so it should go faster, as do most other downloads. The browser-based application actually downloads a little faster than the GUI desktop application, maybe 25% faster when restoring my 2 GB encrypted file, finishing the download in 45 minutes instead of 57, though this is still well below half of the maximum speed of the DSL connection.
IDrive isn't very expensive, $37.12 per year for 300 GB, but I am still using the free version because we don't yet need the extra space or features of the professional versions. Perhaps download speed is throttled for freeloaders like myself - I don't know, and I wouldn't blame them. It's not an issue in our application, though, because file recovery will be seldom if at all, mostly just for testing, and at 2 GB per hour it won't require more than two or three hours to download everything we have up there in any case.
Technical Support:
Excellent so far - I've had two interactions with them, one via chat and another through a submitted bug report. They know that I have a free account, I'm sure, but seem interested in solving my problems anyway. There is also a forum, in which IDrive participates quite actively. I submitted one problem there and was soon advised to submit the problem as a regular bug report.
Hints:
Command-line options are implemented through a program called idevsutil.exe, found in the IDrive programs folders (C:\Program Files (x86)\IDriveWindows\... in Windows). However the one that is supplied by the IDrive installer didn't actually work - I had to go to the Getting Started page and download the idevsutil.exe that actually does work.
Cloud backup provides the ultimate off-site backup, to protect against a disaster such as fire, flood, theft, even death of a principal person. However, it's no good if the files are inaccessible due to a lost usrname or password. Be sure to have those somewhere else safe, perhaps in a safe deposit box.
Subscribe to:
Posts (Atom)
