VeraCrypt review — encrypted containers and disk encryption
Who is this for? Anyone who wants to encrypt sensitive files on Windows, macOS or Linux — in a container or on a full drive. System disk encryption is already covered for most users by BitLocker or FileVault; VeraCrypt adds value for standalone containers, USB drives and hidden volumes.
VeraCrypt review
Who is this for? Anyone who wants to encrypt sensitive files on Windows, macOS or Linux — in a container or on a full drive. System disk encryption is already covered for most users by BitLocker or FileVault; VeraCrypt adds value for standalone containers, USB drives and hidden volumes.
VeraCrypt is the standard for file encryption and disk encryption on Windows, macOS, and Linux. It creates encrypted containers — files that are mounted as a drive — or encrypts complete partitions and USB drives. Open-source, independently audited, and free.
Two use cases
Encrypted container (recommended for beginners): VeraCrypt creates a file on your drive — say documents.vc. That file is an encrypted vault. You open it with VeraCrypt, enter your password, and it appears as a regular drive in your file explorer. Everything you store in it is automatically encrypted. Close the container, and the files are inaccessible without the password.
Full disk encryption: VeraCrypt can also encrypt a complete partition or external storage medium (USB drive, external disk). Useful for external drives with sensitive data that you travel with.
Note: for system disk encryption on Windows, built-in alternatives also exist — see comparison table below.
Comparison with built-in encryption
| VeraCrypt | BitLocker (Windows) | LUKS (Linux) | FileVault (macOS) | |
|---|---|---|---|---|
| Open-source | Yes | No | Yes | No |
| Independently audited | Yes | No | Partially | No |
| Hidden volumes | Yes | No | No | No |
| Containers (loose files) | Yes | No | No | No |
| Cross-platform | Yes | Limited | Linux/macOS | macOS only |
| Built-in | No | Windows Pro/Enterprise | Most distros | macOS |
BitLocker caveat: BitLocker is closed source and often integrates with Microsoft-account or enterprise recovery flows. For higher-risk use, many people therefore prefer VeraCrypt or LUKS.
Hidden volumes
VeraCrypt supports hidden volumes: one container with two passwords. Password A shows innocent files. Password B shows the actually sensitive files. A third party cannot prove a hidden volume exists.
This is relevant for journalists and activists or people storing sensitive information in jurisdictions with compelled decryption laws.
Audit
VeraCrypt has been independently audited:
- 2016 — Open Crypto Audit Project: no critical vulnerabilities found, several findings resolved
- Later follow-up audits — later rounds reviewed the implementation further
This is more than most closed-source alternatives can offer.
Installation and use
VeraCrypt is available for Windows, macOS, and Linux (also as Flatpak). Download via veracrypt.fr.
Creating a container:
- Start VeraCrypt → “Create Volume”
- Choose “Create an encrypted file container”
- Set location and size (from 1 MB to hundreds of GB)
- Choose encryption algorithm (default AES is fine)
- Set a strong password
- Random mouse movements for entropy
- Container created — mount via VeraCrypt to use it
Caveats
Windows: forensic traces. If a VeraCrypt container has been mounted on Windows, registry and prefetch files may leave traces that the file was opened. For maximum protection: use on a live OS like Tails.
Forget password = lose data. Zero-knowledge also means: no recovery option. Store passwords in KeePassXC or another offline password manager.
Large password, slow mount. VeraCrypt intentionally uses slow key derivation (PBKDF2 with high iterations) to hamper brute force. Mounting takes a few seconds — this is a feature, not a bug.
Pros and cons
Pros
- Hidden volumes with two passwords — plausible deniability if compelled to decrypt
- Cross-platform: encrypted containers open on Windows, macOS, and Linux
- Open-source and independently audited — no public critical issues from those audit rounds
- Containers are just files — easy to back up, move, or store anywhere without special tools
- Intentionally slow key derivation (PBKDF2 high iterations) makes brute-force impractical
Cons
- Windows registry and prefetch files may leave forensic traces that a container was mounted — use Tails for maximum protection
- Forgetting the password means permanent data loss — no recovery option
- System disk encryption on Windows leaves BitLocker as a simpler alternative for most users who don’t need cross-platform or hidden volumes
Conclusion
For sensitive files stored on an external drive or that you want to protect against disk seizure: VeraCrypt is the standard. Open-source, audited, cross-platform. The learning curve is low if you only use containers.
Use VeraCrypt for files you want to store locally encrypted. Use Proton Drive for encrypted cloud storage.
See also:
- Secure laptop guide — VeraCrypt as part of a secure desktop environment
- Profile: journalist and activist — VeraCrypt for sensitive source materials
- Profile: lawyer, notary, or politician — encrypted storage for professional confidentiality
- KeePassXC review — store VeraCrypt passwords here