ghost
commented
1 year ago On the volume specification page:
The maximum possible VeraCrypt volume size is 263 bytes (8,589,934,592 GB). However, due to security reasons (with respect to the 128-bit block size used by the encryption algorithms), the maximum allowed volume size is 1 PB (1,048,576 GB).
The wording is extremely confusing here and I'm getting the feeling that a typo was made here, but from what I can tell the first value is over 8192 PB in reality. The second part took some research.
Whoever wrote the manual for this was extremely vague but the exact "security issue" is due to the birthday problem. That is that eventually, a different master key needs to be used after a certain point to prevent the birthday bound from allowing a cryptanalyst to perform a birthday attack to reduce the possibilities needed to successfully access your nasty data.
If you want a real-life example of what birthday attacks can do on ciphers, see https://sweet32.info/ which details a vulnerability found in DES and other 64-bit block ciphers.
Just follow the recommendations instead of trying to bypass them. Cryptography is one of the few fields where following the rules is the best option rather than bypassing them.
I created a RAID0 software array using four 8TB SSDs with a physical sector size of 512 bytes (Sector size (logical/physical): 512 bytes / 512 bytes).
I then proceeded to create a hidden volume encryption on the entire RAID0 array using tcplay, as it appears that VeraCrypt does not support or allow for it. When attempting to mount it using VeraCrypt, I encountered the typcial linux styled "wrong filesystem error".
To address this issue, I took the following steps:
Mount outer volume with: veracrypt -t --filesystem none --hash SHA-512 /dev/md126 /media/veracrypt1
Create exFAT on outer volume: sudo mkfs.exfat /dev/mapper/veracrypt1 Dismount: veracrypt -d
(As exFAT is a non-journaling file system, it will protect me from accidentally destroying the inner volume when creating files on the outer volume)
Then the same again for the inner volume but other filesystem:
veracrypt -t --filesystem none --hash SHA-512 /dev/md126 /media/veracrypt1 mkfs.ext4 /dev/mapper/veracrypt1 veracrypt -d
I then mounted the hidden volume, created multiple files on it, and everything appeared to be functioning correctly.
Although, I am concerned as it seems to be working well, as I have been copying large amounts of data in and out of the volume for two days and I have checked the files and errors, and everything appears to be running smoothly.
I am curious as to why this method is/seems working now. Is it possible that the encryption is not functioning properly or could be broken? Should I be concerned about the security or safety of my data?