defragmenting encrypted USB hard drive

[ChrisGreaves]

When I try to enable that option in VeraCrypt it gives me this warning message. I think I will leave the default alone!

Hi Stuart; I have read the texts in the various links, and it seems to me that the cautions are for VeraCrypt file containers rather than entire partitions.
I am encrypting a non-system partition, so my understanding is that if I were to defragment the decrypted partition from the command line, the security issues would not arise.


That said, I can see the start of paranoia in my life, that would steer me to "wiping free space" on an irregular basis.

Cheers
Chris

[StuartR]

You CAN decrypt a VeraCrypt volume if you set the option in Settings > Preferences > More Settings... > Performance / Driver configuration

[ChrisGreaves]

You CAN decrypt a VeraCrypt volume if you set the option in Settings > Preferences > More Settings... > Performance / Driver configuration

Untitled.png

BINGO!
Thank you Stuart and Leif.
I made the setting, started (and then quit) the Win10 defragmenter. (Now I can do something I don't really want to do).

This has cleared up the mystery of why Win10 doesn't want to treat my VeraCrypted drive and has as well demonstrated to me a solution to the problem.
Tonight I sleep happy!
Thanks again
Chris

[StuartR]

I am encrypting a non-system partition, so my understanding is that if I were to defragment the decrypted partition from the command line, the security issues would not arise.

There are two potential security issues that could arise in this scenario.

1. If your non-system partition includes a HIDDEN veracrypt drive, as well as the visible one, then this could be destroyed by defrag.
2. Some file data from the encrypted partition will be stored in the system partition during the defrag, it is possible that this could be visible to an attacker even after you dismount the encrypted partition

[ChrisGreaves]

1. If your non-system partition includes a HIDDEN veracrypt drive, as well as the visible one, then this could be destroyed by defrag.
2. Some file data from the encrypted partition will be stored in the system partition during the defrag, it is possible that this could be visible to an attacker even after you dismount the encrypted partition

Hi Stuart. I well remember the descriptive scenario from the TruCrypt documentation - someone held a gun to your head and forced the password out of you, but you had a secret hidden container within your password-protected container, - or similar. Hasn't happened to me yet. Nor, i am prepared to bet, has it happened to you (I hope; Grin).
I believe I read that scenario, chuckled, and moved on. Never thought of hidden containers since then.
The residue data is a possibility and its visibility, even after dismount, is a possibility.Truth is, even if an attacker (nowadays a piece of malwarerather than a Real Live Person), does stumble on the string 2b4qqvxxh p7055475 1utmie95 6415nlwu xkgl94su wuvLHLLs te0120bw xnglspen fg215nlw vvhel215n l7urvlswr 845nl76su swoz and manage to make something out of it, the only thing they are likely to find of value is my passwords DOCument file ("customline.xls") which, once they get past the "format is not valid" hurdle, will allow them access to my bank password which will then plunge them into the mire of "how to survive for a month on a $50 bank balance".

Turns out the best security is to defrag the drive and reclaim/wipe free space, which brings us full-circle to something i don't really want to do.

The deeper question is 'Why is someone like me encrypting anyway?", and as far as I can remember, I used to sit students down at my machine for ad hoc training sessions, and by rebooting and ignoring the password for decryption, my data partition remained out-of-bounds, and its contents could not be accidentally overwritten by a clumsy trainee. That is, I was protecting agaiinst accidental overwriting rather than intentional discovery of data.

Cheers
Chris

[StuartR]

My needs are similar to yours Chris. I have customer data and I need to treat it with respect, but I am unlikely to be forced to reveal my passwords under duress!