How to encrypt and hide a hard disk partition using CyberSafe. Alternatives to TrueCrypt. Programs for encrypting individual files or entire disks

Launch the encryption tool in Windows by typing "BitLocker" in the search bar and selecting "Manage BitLocker". In the next window, you can enable encryption by clicking on "Turn on BitLocker" next to the hard drive symbol (if an error message appears, read the "Using BitLocker without a TPM" section).

Now you can choose whether you want to use a USB flash drive or a password when unlocking an encrypted drive. Regardless of the option you choose, during the setup process you will need to save or print the recovery key. You will need it if you forget your password or lose your flash drive.

Using BitLocker without a TPM

Setting up BitLocker.
BitLocker also works without a TPM chip - although this requires some tweaking in the Local Group Policy Editor.

If your computer does not have a TPM (Trusted Platform Module) chip, you may need to make some settings to enable BitLocker. In the Windows search bar, type "Edit Group Policy" and open the "Local Group Policy Editor" section. Now open in the left column of the editor "Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Operating system disks" and in the right column check the entry "Require additional authentication at startup".

Then, in the middle column, click on the Change policy setting link. Check the box next to "Enable" and check the box next to "Allow BitLocker without a compatible TPM" below. After clicking on "Apply" and "OK", you can use BitLocker as described above.

Alternative in the form of VeraCrypt

To encrypt a system partition or an entire hard drive using TrueCrypt's successor VeraCrypt, select "Create Volume" from the VeraCrypt main menu, and then "Encrypt the system partition or entire system drive". To encrypt the entire hard drive along with the Windows partition, select "Encrypt the whole drive" and then follow the step-by-step setup instructions. Warning: VeraCrypt creates a rescue disk in case you forget your password. So you will need an empty CD.

After you have encrypted your drive, you will need to specify PIM (Personal Iterations Multiplier) after the password during the initial boot. If you did not install PIM during setup, then just press Enter.

With CyberSafe, you can encrypt more than just individual files. The program allows you to encrypt an entire hard drive partition or an entire external drive (for example, a USB drive or flash drive). This article will show you how to encrypt and hide an encrypted hard drive partition from prying eyes.

Spies, paranoids and ordinary users

Who will benefit from the ability to encrypt partitions? Spies and paranoids will be discarded immediately. There are not so many of the first ones, and the need for data encryption is purely professional. The second is just to encrypt something, hide it, etc. Although there is no real threat and the encrypted data is of no interest to anyone, they still encrypt it. That is why we are interested in ordinary users, which, I hope, will be more than paranoid spies.
A typical partition encryption scenario is computer sharing. There are two options for using the CyberSafe program: either each of the users working on the computer creates a virtual disk, or each assigns a partition on the hard disk to store personal files and encrypts it. It has already been written about creating virtual disks, and in this article we will focus on encrypting the entire partition.
Let's say there is a 500 GB hard drive and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to restrict one user's access to files of another user, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
Therefore, the disk space of a hard drive can be divided as follows:

• Approximately 200 GB is a common partition. This partition will also be the system partition. It will install the operating system, the program and will store the common files of all three users.
• Three ~100 GB partitions - I think 100 GB is enough to store each user's personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the password for access to the encrypted section. In this case, the administrator, with all his desire, will not be able to decrypt the section of another user and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will be able to gain access only if he tricks the user into deceiving his password. But I don't think this will happen, so partition encryption is a much more effective measure than NTFS access control.

Partition encryption vs virtual encrypted disks

Which is better - encrypt partitions or use virtual encrypted disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.
What is a virtual disk? Look at it as an archive with a password and a compression level of 0. But the files inside this archive are encrypted much more securely than in a regular archive. The virtual disk is stored on the hard drive as a file. In the CyberSafe program, you need to open and mount a virtual disk, and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a USB flash drive or to an external hard drive. You can't do this with an encrypted partition. Also, a virtual disk file can be .
Of course, if necessary, you can create an image of an encrypted disk - just in case you want to backup it or move it to another computer. But that's another story. If you have such a need, I recommend the Clonezilla program - already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complicated undertaking than transferring a virtual disk. If there is such a need, it is easier to use virtual disks.
In the case of partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which way to choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents is quite large.
But there are situations when it is impossible to use the entire section or it makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. It makes no sense to encrypt the entire partition if the size of the documents (files) that you need to encrypt is small - a few gigabytes. I think we figured it out, so it's time to talk about which partitions (disks) can be encrypted.

Supported disc types

You can encrypt the following media types:

• Hard disk partitions formatted in FAT, FAT32 and NTFS file systems.
• Flash drives, external USB drives except for drives representing mobile phones, digital cameras and audio players.

Can't encrypt:

• CD/DVD-RW discs, floppy disks
• Dynamic disks
• System drive (from which Windows boots)

Starting with Windows XP, Windows supports dynamic disks. Dynamic disks allow you to combine several physical hard disks (similar to LVM in Windows). Such disks cannot be encrypted by the program.

Features of working with an encrypted disk

Let's imagine that you have already encrypted a hard disk partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk, which was specified during its encryption. After working with an encrypted disk, you must immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.
In other words, encryption only protects your files when the encrypted partition is unmounted. Once a partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive, and the files will not be encrypted. So when you're working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a little while! After you have unmounted the encrypted disk, your files will be under reliable protection.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on your computer's capabilities, but the system will still work and you'll just have to wait a little longer than usual (especially when you're copying large files to an encrypted partition).

Getting ready for encryption

The first step is to get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and want to encrypt a partition that already has files, then encryption will take some time. If during this time the power is turned off, then you are guaranteed data loss. Therefore, if you do not have a UPS that can withstand several hours of battery life, I recommend doing the following:

• Make a backup copy of your data, for example, on an external hard drive. Then you will have to get rid of this copy (preferably, after deleting data from an unencrypted disk, wipe the free space with a utility like Piriform so that it is impossible to recover deleted files), since if it exists, it makes no sense to have an encrypted copy of the data.
• You will transfer the data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don't need to format it separately - CyberSafe will do it for you, but more on that later.

If you have a laptop and are ready to continue without creating a backup copy of the data (I would recommend doing it just in case), be sure to check the disk for errors, at least with a standard Windows utility. Only after that you need to start encrypting the partition/disk.

Partition Encryption: Practice

So, theory without practice is meaningless, so let's start encrypting a partition / disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).

Rice. 1. List of partitions / disks of your computer

Select the partition you want to encrypt. If the button Create is inactive, the partition cannot be encrypted. For example, it can be a system partition or a dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when it is mounted. When entering a password, check the character case (so that the Caps Lock key is not pressed) and the layout. If there is no one behind you, you can turn on the switch Show password.

Rice. 2. Crypto Disk

From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but in government organizations it is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to keep it, turn on the switch. Please note that in this case, the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, located on an external hard drive, then you still have to copy them to an encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the box to turn on the radio button Preserve file structure and data otherwise you will lose all your data.
Other options in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and a quick format will be performed to the NTFS file system. Click the button to start encryption. To accept. The progress of the encryption process will be displayed in the main program window.

Rice. 3. Progress of the encryption process

After the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means that your drive has been encrypted and hidden - it won't show up in Explorer or other high-level file managers, but partition table programs will see it. No need to hope that since the disk is hidden, no one will find it. All disks hidden by the program will be displayed in the snap-in Disk Management(see Fig. 5) and other disk partitioning programs. Note that in this snap-in, the encrypted partition appears as a partition with a RAW file system, that is, no file system at all. This is normal - after encrypting a partition, Windows cannot determine its type. However, hiding the partition is necessary for completely different reasons, and further you will understand why.

Rice. 4. Disk status: encrypted, hidden. Section E: Doesn't show up in File Explorer

Rice. 5. Snap Disk Management

Now let's mount the partition. Select it and click the button Restored to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize the type of its file system, it will offer to format it (Fig. 6). You should never do this, because you will lose all data. That is why the program hides encrypted disks - after all, if not only you work at the computer, another user can format the allegedly unreadable partition of the disk.

Rice. 6. Suggestion to format the encrypted partition

From formatting, of course, we refuse and press the button Montirov. in the main window of the CyberSafe program. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).

Rice. 7. Drive letter selection

After that, the program will ask you to enter the password needed to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the area Connected decrypted devices(Fig. 9).

Rice. 8. Password to decrypt partition

Rice. 9. Connected decrypted devices

After that, you can work with the decrypted disk as with a normal one. Only drive Z will be displayed in Explorer: - this is the letter I assigned to the decrypted drive. Encrypted Drive E: Will not be displayed.

Rice. 10. Explorer - view computer disks

Now you can open the mounted drive and copy all the secret files to it (just don't forget to delete them from the original source later and wipe the free space on it).
When you need to complete work with our section, then either click the button Dismantled. and then the button Hide or just close the CyberSafe window. As for me, it's easier to close the program window. Of course, you don't need to close the program window during the copy/move operation. Nothing terrible and irreparable will happen, just some of the files will not be copied to your encrypted disk.

About performance

It is clear that the performance of an encrypted disk will be lower than a normal one. But how much? On fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in fig. 11 - approximately at the level of 1.3 MB / s. This means that 1 GB of small files will take approximately 787 seconds to copy, which is 13 minutes. If you copy the same folder to an unencrypted partition, then the speed will be approximately 1.9 MB / s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB / s, but very few files were copied at this speed, so we believe that the speed was at the level of 1.9 MB / s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds, or almost 9 minutes.

Rice. 11. The speed of copying small files from an unencrypted partition to an encrypted one

Rice. 12. Speed ​​of copying small files between two unencrypted partitions

As for large files, you will not feel any difference. On fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one, and it was 11.1 MB/s. The difference is small and within the margin of error (however, the speed changes slightly during the copy operation). For the sake of interest, I'll tell you the speed of copying the same file from a USB flash drive (not USB 3.0) to a hard drive - about 8 MB / s (there is no screenshot, but trust me).

Rice. 13. Large file copy speed

Rice. 14. Speed ​​of copying a large file to an encrypted partition

Such a test is not entirely accurate, but still allows you to get some idea of ​​\u200b\u200bperformance.
That's all. I also recommend that you read the article

Hello readers of the ComService company blog (Naberezhnye Chelny). In this article, we will continue to explore the systems built into Windows designed to increase the security of our data. Today it is the Bitlocker drive encryption system. Data encryption is necessary to ensure that your information is not used by strangers. How she gets there is another matter.

Encryption is the process of transforming data so that only the right people can access it. Keys or passwords are usually used to gain access.

Full disk encryption prevents access to data when you connect your hard drive to another computer. The attacker's system may have a different operating system installed to bypass protection, but this will not help if you are using BitLocker.

BitLocker technology was introduced with the release of the Windows Vista operating system and has been improved in . Bitlocker is available in Ultimate, Enterprise and Pro versions. Owners of other versions will have to look for .

Article structure

1. How BitLocker Drive Encryption works

Without going into details, it looks like this. The system encrypts the entire drive and gives you the keys to it. If you encrypt the system disk, it will not boot without your key. The same as the keys to the apartment. You have them, you will fall into it. Lost, you need to use the spare (recovery code (issued during encryption)) and change the lock (do encryption again with other keys)

For reliable protection, it is desirable to have a Trusted Platform Module (TPM) installed on the computer. If it is and its version is 1.2 or higher, then it will manage the process and you will have stronger protection methods. If it is not there, then it will be possible to use only the key on the USB drive.

BitLocker works as follows. Each sector of the disk is encrypted separately using a key (full-volume encryption key, FVEK). The AES algorithm with 128 bit key and diffuser is used. The key can be changed to 256 bit in group security policies.

When the encryption is completed, you will see the following picture

Close the window and check if the startup key and recovery key are in safe places.

3. Flash Drive Encryption - BitLocker To Go

Why should encryption be paused? So that BitLocker does not block your drive and do not resort to the recovery procedure. System settings (and the contents of the boot partition) are fixed during encryption for added protection. Changing them may result in a computer lock.

If you select Manage BitLocker, you will be able to Save or Print the Recovery Key and Duplicate the Startup Key

If one of the keys (startup key or recovery key) is lost, you can restore them here.

Managing Encryption for External Drives

The following functions are available to manage the encryption settings of a flash drive

You can change the unlock password. You can only remove the password if a smart card is used to unlock the lock. You can also save or print the recovery key and turn on disk unlock for this automatically.

5. Restoring disk access

Restoring access to the system drive

If the flash drive with the key is out of the access zone, then the recovery key comes into play. When you boot your computer, you will see something like the following picture

To restore access and boot Windows, press Enter

We will see a screen asking you to enter the recovery key

With the last digit entered, provided that the recovery key is correct, the operating system will automatically boot.

Restoring access to removable drives

To restore access to information on a flash drive, or click Forgot your password?

Select Enter recovery key

and enter this terrible 48-digit code. Click Next

If the recovery key matches, then the drive will be unlocked

A link appears to Manage BitLocker, where you can change the password to unlock the drive.

Conclusion

In this article, we learned how we can protect our information by encrypting it using the built-in BitLocker tool. It's frustrating that this technology is only available in older or advanced versions of Windows. It also became clear why this 100 MB hidden and boot partition is created when setting up a disk using Windows tools.

Perhaps I will use the encryption of flash drives or. But, this is unlikely since there are good substitutes in the form of cloud storage services such as, and the like.

Thanks for sharing the article on social media. All the best!

Recently, laptops have become very popular due to their affordable price and high performance. And users often use them outside of protected areas or leave them unattended. And this means that the issue of ensuring the inaccessibility of personal information to outsiders on systems running Windows is becoming extremely urgent. Simply setting a login password will not help here. And encrypting individual files and folders (read about that) is too routine. Therefore, the most convenient and reliable means is hard drive encryption. In this case, you can make only one of the partitions encrypted, and keep private files and programs on it. Moreover, such a partition can be made hidden without assigning a drive letter to it. Such a partition will outwardly look like an unformatted one, and thus not attract the attention of intruders, which is especially effective, since the best way to protect secret information is to hide the very fact of its presence.

How hard drive encryption works

The general principle is this: the encryption program makes an image of the file system and places all this information in a container, the contents of which are encrypted. Such a container can be either a simple file or a partition on a disk device. Using an encrypted container file is convenient because such a file can be copied to any convenient place and you can continue working with it. This approach is useful when storing a small amount of information. But if the size of the container is several tens of gigabytes, then its mobility becomes very doubtful, and besides, such a huge file size reveals the fact that it contains some useful information. Therefore, a more universal approach is to encrypt an entire partition on a hard drive.

There are many different programs for these purposes. But the most famous and reliable is considered TrueCrypt. Since this program is open source, this means that it does not contain bookmarks from manufacturers that allow access to encrypted data through an undocumented "back door". Unfortunately, there are suggestions that the creators of the TrueCrypt program were forced to abandon further development and pass the baton to proprietary counterparts. However, the latest reliable version 7.1a remains fully functional on all versions of the Windows operating system, and most users use this version.

Attention!!! The latest up-to-date version is 7.1a ( Download link). Do not use the “stripped down” version 7.2 (the project was closed, and on the official website of the program they offer to switch from TrueCrypt to Bitlocker and only version 7.2 is available).

Create an encrypted disk

Let's consider the standard approach to encrypting partitions. To do this, we need an unused partition on a hard drive or flash drive. For this purpose, one of the logical drives can be freed. As a matter of fact, if there is no free partition, then during the process of creating an encrypted disk, you can choose to encrypt the disk without formatting, and save the existing data. But this is longer in time and there is a small risk of losing data during the encryption process if, say, the computer freezes.

If the required partition on the disk device has been prepared, then you can now launch the TrueCrypt program and select the "Create New Volume" menu item.

Since we are interested in storing data not in a container file, but in a disk partition, we select the “Encrypt non-system partition / disk” item and the usual type of volume encryption.

At this stage, the aforementioned choice appears - to encrypt the data in the partition or format it without saving information.

After that, the program asks what algorithms to use to encrypt. For everyday needs, there is not much difference here - you can choose any of the algorithms or a bunch of them.

Only in this case, it should be taken into account that when using a bunch of several algorithms, more computing resources are required when working with an encrypted disk - and, accordingly, the read and write speed drops. If the computer is not powerful enough, then it makes sense to click on the test button to select the optimal algorithm for your computer.

The next step is the actual process of formatting the encrypted volume.

Now it remains to wait until the program finishes encrypting the hard drive.

It should be noted that at the stage of setting a password, you can set a key file as an additional protection. In this case, access to encrypted information will be possible only if this key file is present. Accordingly, if this file is stored on another computer on the local network, then if a laptop with an encrypted disk or a flash drive is lost, no one will be able to access secret data, even if they guessed the password - after all, there is no key file either on the laptop itself or on the flash drive.

Hiding the encrypted partition

As already mentioned, an advantageous advantage of an encrypted partition is that it is positioned in the operating system as unused and unformatted. And there is no indication that it contains encrypted information. The only way to find out is to use special cryptanalysis programs that can conclude from the high degree of randomness of bit sequences that there is encrypted data in the partition. But if you are not a potential target for the special services, then such a threat of compromise is unlikely to threaten you.

But for additional protection from ordinary people, it makes sense to hide the encrypted partition from the list of available drive letters. Moreover, all the same, accessing the disk directly by its letter will not give anything and is required only if encryption is removed by formatting. To detach the volume from the letter used, go to the “Computer Management / Disk Management” section in the “Control Panel” and call the context menu for the desired partition, select the “Change drive letter or drive path ...” item, where you can remove the binding.

After these manipulations, the encrypted partition will not be visible in Windows Explorer and other file managers. And the presence among several different system partitions of one nameless and "unformatted" is unlikely to arouse interest among outsiders.

Using an encrypted disk

To use an encrypted device as a regular disk, you need to connect it. To do this, in the main window of the program, right-click on one of the available drive letters and select the menu item "Select device and mount ..."

After that, you need to mark the previously encrypted device and specify the password.

As a result, a new drive with the selected drive letter should appear in Windows Explorer (in our case, drive X).

And now it will be possible to work with this disk as with any ordinary logical disk. The main thing after finishing work is not to forget to either turn off the computer, or close the TrueCrypt program, or disable the encrypted partition - after all, as long as the disk is connected, any user can access the data located on it. You can unmount a partition by clicking the "Unmount" button.

Results

Using the TrueCrypt program will allow you to encrypt your hard drive and thereby hide your private files from strangers if someone suddenly gains access to your flash drive or hard drive. And the location of encrypted information on an unused and hidden partition creates an additional level of protection, since the uninitiated circle of people may not even guess that secret information is stored on one of the partitions. This method of protecting private data is suitable in the vast majority of cases. And only if you are being targeted with the threat of violence to obtain a password, then you may need more sophisticated protection methods, such as steganography and TrueCrypt hidden volumes (with two passwords).

This is the fourth of five articles in our blog devoted to VeraCrypt, it analyzes in detail and gives step-by-step instructions on how to use VeraCrypt to encrypt a system partition or an entire disk with the Windows operating system installed.

If you are looking for how to encrypt a non-system hard drive, encrypt individual files or an entire USB flash drive, and want to learn more about VeraCrypt, check out these links:

This encryption is the most secure since absolutely all files, including any temporary files, the hibernation file (sleep mode), the swap file and others are always encrypted (even in the event of an unexpected power outage). The operating system log and the registry, which store a lot of important data, will be encrypted as well.

System encryption works through pre-boot authentication. Before your Windows starts to boot, you will have to enter a password that decrypts the system partition of the disk containing all the files of the operating system.

This functionality is implemented using the VeraCrypt bootloader which replaces the standard system bootloader. You can boot the system in case of damage to the boot sector of the hard disk, and hence the bootloader itself, using VeraCrypt Rescue Disk.

Please note that the system partition is encrypted on the fly while the operating system is running. While the process is in progress, you can use your computer as usual. The above is also true for decryption.

List of operating systems for which system disk encryption is supported:

• Windows 10
• Windows 8 and 8.1
• Windows 7
• Windows Vista (SP1 or later)
• Windows XP
• Windows Server 2012
• Windows Server 2008 and Windows Server 2008 R2 (64-bit)
• Windows Server 2003

In our case, we are encrypting a Windows 10 computer with a single drive C:\

Step 1 — Encrypting the System Partition

Launch VeraCrypt, in the main program window, go to the System tab and select the first menu item Encrypt system partition/drive (Encrypt system partition/disk).

Step 2 - Selecting the Type of Encryption

Leave the default type Normal (Normal) if you want to create a hidden partition or a hidden operating system, then pay attention to the VeraCrypt dedicated to additional features. Click Next

Step 3 - Encryption Area

In our case, it is not of fundamental importance to encrypt the entire disk or just the system partition, since we have only one partition on the disk that occupies all the free space. It is possible that your physical disk is divided into several partitions, for example C:\ and D:\. If this is the case and you want to encrypt both partitions, choose Encrypt the whole drive (Encrypt the entire drive).

Please note that if you have multiple physical drives installed, you will have to encrypt each of them individually. A disk with a system partition using this instruction. How to encrypt a data disk is written.

Choose whether you want to encrypt the entire disk or just the system partition and click the button Next.

Step 4 - Encrypting Hidden Partitions

Select Yes (Yes) if your device has hidden partitions with computer manufacturer's utilities and you want to encrypt them, this is usually not necessary.

Step 5 - Number of operating systems

We will not analyze the case when several operating systems are installed on the computer at once. Select and click Next.

Step 6 - Encryption Settings

Choice of encryption and hashing algorithms, if you are not sure what to choose, leave the values AES and SHA-512 by default as the strongest option.

Step 7 - Password

This is an important step, here you need to create a strong password that will be used to access the encrypted system. We recommend that you carefully read the recommendations of the developers in the Create Volume Wizard window on how to choose a good password.

Step 8 - Collect random data

This step is necessary to generate an encryption key based on the password entered earlier, the longer you move the mouse, the more secure the resulting keys will be. Move the mouse randomly at least until the indicator turns green, then click Next.

Step 9 - Generated Keys

This step informs you that the encryption keys, binding (salt), and other parameters have been successfully created. This is an informational step, click Next.

Step 10 - Recovery Disc

Specify the path where the ISO image of the recovery disk (rescue disk) will be saved. You may need this image if the VeraCrypt bootloader is damaged, but you still need to enter the correct password.

Save the recovery disk image to removable media (for example, a USB flash drive) or burn it to an optical disc (recommended) and click Next.

Step 11 - Recovery drive created

Note! Each encrypted system partition requires its own recovery disk. Be sure to create it and store it on removable media. Do not store the recovery drive on the same encrypted system drive.

Only a recovery disk can help you decrypt data in case of technical failures and hardware problems.

Step 12 - Clean Up Free Space

Clearing free space allows you to permanently delete previously deleted data from the disk, which can be restored using special techniques (especially true for traditional magnetic hard drives).

If you are encrypting an SSD drive, select 1 or 3 passes, for magnetic disks we recommend 7 or 35 passes.

Please note that this operation will affect the total disk encryption time, for this reason, refuse it if your disk did not contain important deleted data before.

Don't choose 7 or 35 passes for SSD drives, magnetic force microscopy doesn't work with SSDs, 1 pass is enough.

Step 13 - System Encryption Test

Perform a system encryption pre-test and read the message that the VeraCrypt bootloader interface is entirely in English.

Step 14 - What to do if Windows won't boot

Check out, or better yet, print out recommendations in case what to do if Windows does not boot after a reboot (this happens).

Click OK if you have read and understood the message.