0

My situation: I create containter in VeraCrypt encrypted by AES-Twofish-Serpent with Whirpool. I put my data in here and then I split the container using WinRAR into smaller pieces without compression (for example 2 GB containter into 4 500 Mb files). I also set password for the RAR which is different from the password I set for the container.

My question is: What are advantages/disadvantages? Is it bad? Can I keep doing that? Is it more or less safe than just storing original containter?

Please don't mention that this is slow and not necessary - I already know that. I just want to know if this is less safe.

e-sushi
  • 1,296
  • 2
  • 14
  • 41
  • 1
    "less safe" pretty much always follows "unnecessary" when it comes to crypto. Complexity is the enemy of security. – Ella Rose Jun 11 '17 at 01:25

2 Answers2

1

To answer in a word, yes, it's less safe. But probably not for the reasons you are attempting to guard against. Everyone dealing with security can sometimes get sucked into the Fort Knox way of thinking, but this is not always the best way to go about security. Remember that security is a combination of many factors, two of the most prominent being safety, and usability.

Your method tends to lean towards the analogy of "can i guard my house by encasing the entire thing with concrete?" well yes, you can and it will be extremely difficult for anyone to get into your home. But if you're not careful, you yourself may end up without a way in.

Your method here adds an extra layer of security, but that layer is the password, nothing more. Splitting the file into 500mb entities serves to only apply a sort of "security through obscurity" approach, which would be cool if it were part of some scavenger hunt or hacker challenge, but for your own data not so much. Remember read write errors are a thing. The more you do this the more likely you are to miss a piece, or for something to go wrong when reconstructing the original encrypted container. Maybe it will be fine at first but over time you may find yourself unable to reconstruct it.

Secondly, what is the backup methodology here? are you going to create two or more of these? because if you do end up in a situation where you cant recover your files what then? If you want to be sure that a backup exists that will be there when you need it you may find yourself using another method. Then i have to ask, why wouldn't anyone who wants this data just go for that then?

This kind of thing almost always adds complexity for the user, and usually results in only marginal security gain. Since, veracrypt already has the option to create a hidden container within a container. This is considerably simpler and, i would wager, provides the same if not more security than what you propose here. Since in one case the enemy knows another password is required, and in the hidden container's case, they may not.

Nalaurien
  • 1,614
  • 9
  • 16
  • I forgot to mention one important thing. I split my container because I need to upload that original container into cloud that has a limit for individual files. –  Jun 11 '17 at 10:54
  • ah i see, now im getting your motivations a bit clearer. you may benefit from a similar problem i saw a while ago, the guy who answered this question https://superuser.com/questions/732251/how-to-split-truecrypt-file-into-smaller-files-for-cloud-backup-to-onedrive#737332 listed some software options designed for this purpose. maybe you might find them more useful. – Nalaurien Jun 11 '17 at 11:03
0

Given the current situation, your approach actually has the advantage that you can CRC-check the file's integrity when unpacking. If there is a problem, Winrar will tell you that (by the way, you should switch to 7Zip. It's better under every aspect).

Without the archive, let's say if you use just a simple file splitter, you would need to MD5 your files in order to make sure they have their initial integrity.

From a security perspective, that extra .rar password is an additional measure, so it can't hurt.

So I'd recommend to keep things as they are with the mention of using 7zip instead.

Overmind
  • 8,779
  • 3
  • 19
  • 28