Tails

#3 Updated by geb 2018-12-03 16:20:20

Hi,

intrigeri wrote:
> Let’s first try to describe the problem in a bit more comprehensive way.
>
> > Veracrypt interest maybe limited on MacOS X, because of the state of MacOS X NTFS support
>
> I don’t understand how that’s related. If I use VeraCrypt on macOS and want to share files with Tails, why would I create a NTFS filesystem? Doesn’t VeraCrypt offer other options that will work both on macOS and Linux?

- If you create a Veracrypt partition/container on Windows, it will be by default in NTFS (and no step to select the filesystem will be presented, i don’t know if there is another option than to reformat to let you choose the filesystem), it will work fine with Windows and Tails, but it will be read only in Mac.

- If you create a Veracrypt partition/container in MacOS X, an additional step is presented to let you choose the filesystem : FAT, exFAT, HFS+ (or APFS? I dont remind..) are proposed. FAT which is the default choice will be usable on Tails/Windows/Mac but will suffer limitation, like filesize. I don’t know if/how other formats will work either with Tails or Windows. In case of a Veracrypt container, attention also have to be taken to the underlying filesystem.

https://tails.boum.org/doc/encryption_and_privacy/veracrypt/index.en.html#index1h2 documents Veracrypt has being portable to Tails, MacOS and Windows. However if veracrypt is portable by itself, the containers created may only be read only or may suffer limitation :

- a container/partition created in Windows, will be ok with Tails, but read only with MacOS X
- a container/partition created in MacOS X, will be by default usuable with both Windows/MacOS X and Tails but will suffer limitation : file size < 4GB and in case of a container : container size < 4GB because of the fact the underlying filesystem also have to be FAT…

While it may be out of scope for Tails to document if and how Veracrypt could be setup to be fully usuable accross Tails, Windows and MacOS X (as it is actually wrote in https://tails.boum.org/doc/encryption_and_privacy/veracrypt/index.en.html), it may also worth to be documented and maybe it may worth to invesigate if a good (readwrite, not limited to 4GB) option could be proposed (maybe exFAT if its possible to create and use a exFAT veracrypt volumes on Windows ?), especially if at a moment, proposing users to create veracrypt volumes is envisionned (Is it ? I did not found any ticket for that).

Feel free to reject if not relevent.

#5 Updated by intrigeri 2018-12-03 16:38:59

Thanks a lot for the clarifications.

> While it may be out of scope for Tails to document if and how Veracrypt could be setup to be fully usuable accross Tails, Windows and MacOS X, it may also worth to be documented and maybe it may worth to invesigate if a good (readwrite, not limited to 4Gb) option could be proposed (maybe exFAT if its possible to create and use a exFAT veracrypt volume on Windows ?),

The scope of our VeraCrypt work was, perhaps implicitly and maybe erroneously, restricted to “interoperability between Tails and one of Windows and macOS”, which AFAIK works fine already. In that sense, documenting this is indeed out of scope. But if there’s a simple recommendation we can make, that works everywhere, indeed that would be nice :) I don’t think doing this research fits into any of the Core work roles we have but if someone does it and comes up with a solution, I guess that our tech writers could add it to the doc rather cheaply.

> especially if at a moment, proposing users to create veracrypt volumes is envisionned

Indeed.

> (Is it ? I did not found any ticket for that).

#9 Updated by sajolida 2018-12-04 12:56:38

I fully agree with intrigeri on Bug #16179#note-5.