VeraCrypt review — encrypted containers and disk encryption
VeraCrypt creates encrypted containers and can encrypt full drives or partitions. Open-source, audited, and supports hidden volumes for plausible deniability.
VeraCrypt review
VeraCrypt is the standard for file encryption and disk encryption on Windows, macOS, and Linux. It creates encrypted containers — files that are mounted as a drive — or encrypts complete partitions and USB drives. Open-source, independently audited, and free.
Two use cases
Encrypted container (recommended for beginners):
VeraCrypt creates a file on your drive — say documents.vc. That file is an encrypted vault. You open it with VeraCrypt, enter your password, and it appears as a regular drive in your file explorer. Everything you store in it is automatically encrypted. Close the container, and the files are inaccessible without the password.
Full disk encryption: VeraCrypt can also encrypt a complete partition or external storage medium (USB drive, external disk). Useful for external drives with sensitive data that you travel with.
Note: for system disk encryption on Windows, built-in alternatives also exist — see comparison table below.
Comparison with built-in encryption
| VeraCrypt | BitLocker (Windows) | LUKS (Linux) | FileVault (macOS) | |
|---|---|---|---|---|
| Open-source | ✅ | ❌ | ✅ | ❌ |
| Independently audited | ✅ | ❌ | Partially | ❌ |
| Hidden volumes | ✅ | ❌ | ❌ | ❌ |
| Containers (loose files) | ✅ | ❌ | ❌ | ❌ |
| Cross-platform | ✅ | Limited | Linux/macOS | macOS only |
| Built-in | ❌ | Windows Pro/Enterprise | Most distros | macOS |
BitLocker caveat: BitLocker is closed source. Microsoft has made escrow keys available to governments. For high-risk use, VeraCrypt is preferable.
Hidden volumes
VeraCrypt supports hidden volumes: one container with two passwords. Password A shows innocent files. Password B shows the actually sensitive files. A third party cannot prove a hidden volume exists.
This is relevant for journalists and activists or people storing sensitive information in jurisdictions with compelled decryption laws.
Audit
VeraCrypt has been independently audited:
- 2016 — Open Crypto Audit Project: no critical vulnerabilities found, several findings resolved
- 2020 — DeutscheTelekom/VeraCrypt: update audit with positive result
This is more than most closed-source alternatives can offer.
Installation and use
VeraCrypt is available for Windows, macOS, and Linux (also as Flatpak). Download via veracrypt.fr.
Creating a container:
- Start VeraCrypt → “Create Volume”
- Choose “Create an encrypted file container”
- Set location and size (from 1 MB to hundreds of GB)
- Choose encryption algorithm (default AES is fine)
- Set a strong password
- Random mouse movements for entropy
- Container created — mount via VeraCrypt to use it
Caveats
Windows: forensic traces. If a VeraCrypt container has been mounted on Windows, registry and prefetch files may leave traces that the file was opened. For maximum protection: use on a live OS like Tails.
Forget password = lose data. Zero-knowledge also means: no recovery option. Store passwords in KeePassXC or another offline password manager.
Large password, slow mount. VeraCrypt intentionally uses slow key derivation (PBKDF2 with high iterations) to hamper brute force. Mounting takes a few seconds — this is a feature, not a bug.
Conclusion
For sensitive files stored on an external drive or that you want to protect against disk seizure: VeraCrypt is the standard. Open-source, audited, cross-platform. The learning curve is low if you only use containers.
Use VeraCrypt for files you want to store locally encrypted. Use Proton Drive for encrypted cloud storage.
See also:
- Secure laptop guide — VeraCrypt as part of a secure desktop environment
- Threat profile: journalist and activist — VeraCrypt for sensitive source materials
- Threat profile: lawyer, notary, or politician — encrypted storage for professional confidentiality
- KeePassXC review — store VeraCrypt passwords here