Hi, I just hope someone knowledgeable will tell me if this simple setup will atleast work better than Windows>VPn>Tor.
I intend to create 2 partitions on a HD, one for a freshly installed Windows 7 host and VPN, the second for VirtualBox/Whonix.I will encrypt the second partition with Truecrypt. I intend to leave every Whonix and VB setting as default.
I hope that:
No information about the files or my work on the WhonixVB can be accessed (without cracking Truecrypt) or gleaned from Windows files. The VPN (P.I.A through UDP aes256, sha256, rsa4096) will hide that I am using Tor from the ISP. I will be a bit more secure and, by using the VB and Whonix defaults won’t open up any gaping security holes that will leave me less protected than I am now. I am a little worried that VirtualBox could actually leave me more exposed than I am now, as I don’t trust Oracle.
Are my expectations correct? And -simple- recommendations?
you are almost correct. The thing is, that Truecrypt isn’t deemed safe anymore. There are multiple unpatched security related bugs in it, see: So about Truecrypt. It's now unsafe Use Veracrypt, it is a fork of Truecrypt, which is still in developement. Also, you should consider maybe using a hidden volume with Veracrypt. Furthermore, keep in mind, that as long as the partition is decrypted, Windows is able to read and write whatever is on it, as at that point, it is mounted into Windows’s file system.
OK, thanks for the replies.
I don’t want to use Windows but I did try to install Ubuntu and it just black screens/no signal after loading. I will try Debian and see if that makes and difference. How do I go about full disk encryption? I found it confusing because its not obvious how you boot from an encrypted HD. Also, if I do encrypt the host, do I bother with the partition or just have the host and VBWhonix on the same encypted drive? Can you recommend another supported virtualizer, and outline what a hidden volume is/intends to achieve?
Unrelated to Whonix. You need to figure this out as per:
I found it confusing because its not
obvious how you boot from an encrypted HD.
This is a non-issue. If you enable full disk encryption in the Debian or
Qubes installer, they set this all up for you.
Also, if I do encrypt the
host, do I bother with the partition or just have the host and
VBWhonix on the same encypted drive?
I would always go for encrypting everything just to make sure nothing is
forgotten, but that’s up to you.
Can you recommend another
You can pick one from here:
and outline what a hidden volume is/intends to
You don’t necessarily need this. Has pros and cons. You can find lots of
discussions on that topic by just typing “hidden volume” perhaps in
combination with “encryption” and/or “truecrypt” into a search engine.
That should give you an idea what it’s (not) good for.