Create a volume:

Assuming you’ve external drive connected and mounted already to /media/storage .

veracrypt -t -c

Select volume type, hidden volumes provide even higher security, however for now, we will just create normal volume.

Volume type : 1 ) Normal 2 ) Hidden Select [ 1]: '1'

Enter filename, within which volume will be created.

Enter volume path: '/media/Backup/vera-test-volume

Define volume size. If you need 10 kilo, mega or giga bytes it will look as follows.

10K (10 Kilobytes)

10M (10 Megabytes)

10G (10 Gigabytes)

We will use 10 Megabytes.

Enter volume size ( sizeK/size[M]/sizeG ) : '10M'

Select encryption algorithm, people who tries to do brute force attack on encrypted volumes, usually assumes AES algorithm hence it is recommended to select different one.

Encryption Algorithm: 1 ) AES 2 ) Serpent 3 ) Twofish 4 ) Camellia 5 ) Kuznyechik 6 ) AES ( Twofish ) 7 ) AES ( Twofish ( Serpent )) 8 ) Serpent ( AES ) 9 ) Serpent ( Twofish ( AES )) 10 ) Twofish ( Serpent ) Select [ 1]: '3'

Select hashing algorithm.

Hash algorithm: 1 ) SHA-512 2 ) Whirlpool 3 ) SHA-256 4 ) Streebog Select [ 1]: '1'

Select file system, for simplicity it can be FAT but if you need file permission even Ext4 might be used.

Filesystem: 1 ) None 2 ) FAT 3 ) Linux Ext2 4 ) Linux Ext3 5 ) Linux Ext4 6 ) NTFS 7 ) exFAT Select [ 2]: '2'

Password selection, it is recommended to use password consisting of more than 20 alpha numeric characters, due to possibility of brute force attack.

Enter password: '[your password]' Re-enter password: '[your password]'

PIM stands for Personal Iterations Multiplier.

It is a value that controls the number of iterations used by the header key derivation following the formulas: For system encryption: Iterations = PIM x 2048

For non-system encryption and file containers: Iterations = 15000 + (PIM x 1000) If PIM value is high, iterations are also high and this implies a better security but a slower mounting/booting. If PIM value is small, iterations count is also small and this implies quicker mounting/booting but it brings a decreases security.

Explanation done by Mounir IDRASSI.

We will select default value so, just press enter .

Enter PIM:

If you want to use keyfile instead of password, here you can define keyfile. We will not do that, so again you can just press enter .

Enter keyfile path [ none]:

Here is the funny part, you need to type at least 320 random characters since this will be base for your encryption key.

Please type at least 320 randomly chosen characters and then press Enter:

That’s it, now you need to wait for encryption to process. It might take even hours for 500GB drives.