Re: [orca-list] Accessible encryption

[Rastislav Kish <rastislav kish protonmail com>]

Hi there,

besides other already mentioned options, there is also VeraCrypt, the 
descendand of the legendary TrueCrypt, which is rumored to be forcibly 
discontinued by NSA because of their inability to break its encryption.


Even though the rumors are most likely just conspiracy theories, the 
fact is, that Edward Snowden, the well known whistle-blower, marked 
TrueCrypt as problematic for secret agencies to break (Tc development 
was ended shortly after this announcement), and there are recorded cases 
of FBI and other authorities being unable to gain access as well in few 
investigations.


VeraCrypt as already mentioned is based on TrueCrypt, fixing some of its 
vulnerabilities and adding new security algorithms and features.


It supports 5 encryption algorithms (AES Rijndael, Twofish, Serpent, 
Camellia and Kuzniechik), being not just able to use the algorithms 
alone, but also combine them in pairs or triples, slowing down any 
attack three times in case of the last option.


Multiple hashing algorithms are also supported, such as SHA512, SHA256 
or Whirlpool, further adding the complexity of decryption process.


And finally, you can select a PIM number for each container, which is 
able to increase the number of password hashing iterations and further 
slow down any attack.


If you're new to this field, it may be also worth noting the system of 
how VeraCrypt operates.

It works with .hc containers, special files, which you can imagine as 
.zip files, just instead of compression, there is a really heavy 
encryption protecting the data.


You can mount these .hc files through VeraCrypt like virtual filesystems 
and operate there normally, like you would on USB, network drive or 
another partition.

All modifications are encrypted and decrypted on fly, without any 
noticeable delay.


When you're finished, you can simply dismount the volume, and noone can 
access the data anymore without knowing the password.


This is the basic scenario of usage. There are quite a lot of features, 
like hidden volumes (a volume with a decoy and a hidden part for cases 
you were forced to reveal the password), whole disk / system encryption 
(I have no idea, how accessible is this), using files as encryption keys 
etc.


You can get VeraCrypt from its official site:

https://www.veracrypt.fr/code/VeraCrypt/


For Linux, I recommend the command line version. There is nothing to 
worry about, the terminal interface is almost fully interactive, so you 
don't need to remember any complicated parameters.

veracrypt --help will write out, besides special parameters, the few 
commands you'll need, such as to create a new volume, mount a volume, 
dismount a volume etc.


Also, while creating the volume, the challenge to write 300 random 
characters on keyboard to randomize the numbers generator is somewhat 
more realistic for us than waving a mouse above a window in gui version, 
so this is another reason why I personally prefer tui here.


Best regards


Rastislav


On 10. 1. 2021 12:39, Reece O'Bryan via orca-list wrote:
> good morning! Does anyone have recommendations as to Accessible applications that can encrypt files?
>
> Somewhat unrelated, but I have a hunch that anyone answering the above question may answer this one as 
> well, but is there a possible way to make freenet accessible?
>
> Thank you,
>
> -Reece
> _______________________________________________
> orca-list mailing list
> orca-list gnome org
> https://mail.gnome.org/mailman/listinfo/orca-list
> Orca wiki: https://wiki.gnome.org/Projects/Orca
> Orca documentation: https://help.gnome.org/users/orca/stable/
> GNOME Universal Access guide: https://help.gnome.org/users/gnome-help/stable/a11y.html