sysadmin

For example:

G.SkillRipJaws DDR5 SO-DIMM Series (Intel XMP) 32GB (2 x 16GB) 262-Pin DDR55200 CL38-38-38-83 1.10V Dual Channel Desktop MemoryF5-5200S3838A16GA2-RS

https://www.amazon.com/G-Skill-RipJaws-SO-DIMM-CL38-38-38-83-F5-5200S3838A16GA2-RS/dp/B0B1L42MS7/

The Windows system partition contains everything that you see when you open your C: drive in Windows Explorer: Windows system files, documents, user accounts, etc.

When you encrypt the system partition, all those files get encrypted with whichever algorithm you choose.

Anyone who gets a hold of your computer will be completely unable to access anything on the C: drive because it's all been encrypted.

HOWEVER, they would be able to access it if your computer gets stolen while it's powered on or in sleep mode (if it's a laptop)

So if you're really paranoid, you should always shut down your system when you're in a situation where it could possibly get stolen.

No. That's the whole point. If you only have one disk (or volume), both the operating system and your documents are on it. Therefore, encrypting it means no one can use your computer unless he has the Vera Crypt password.

Yup. Works for me.

Not sure it's a "veracrypt and/or chromebook issue" so much as a "windows hates it when you change the hardware abstraction layer issue". Did you consider not using windows? I'm not entirely sure it's ready for the consumer market.

There is a Ram encryption option in VeraCrypt which is using ChaCha20. (I have this enabled).

For Full Disk Encryption, no. This is due to 3 reasons, 1 being ChaCha20 is a stream cipher, 2 being the Poly1305 variant is authenticated which is not suitable for Full Disk Encryption (due to overhead and sector sizes on drives), and 3 the standard variant can only safely encrypt 256GB of data if I recall correctly. AES-256 in XTS mode is more suitable for the purpose Veracrypt serves which is Block Level Encryption or Full Disk Encryption. ChaCha20 in general is better for individual File Encryption or File Based Encryption, for example CryFS, and Picocrypt.

I went on their discord and saw someone asked the same question a few weeks back and was told to email [email protected], which I did. I got an email back acknowledging the issue and that they would get back to me on Monday.

Security depends upon who the threat agent is that you are trying to protect against. A common person, an experienced expert/criminal hacker or a nation/state. Given that in theory any nation/state has "potentially unlimited" resources, to the point of there being at least one known case of a cyberattack on an air-gap computer, I would say all bets are off if you are doing something shady enough to attract the attention of the government of a powerful nation such as the USA or UK and be viewed as a potential threat to national security. Beyond that, I'd say within reason most encryption accomplishes its job by at the very least slowing the person down big time and requiring more resources to extract the data than the data is worth.

The "store now, decrypt later" is an issue with public key cryptography- which is most internet traffic. Symmetric encryption isn't really messed up by quantum computing even in theory- your 256 bit thing might become effectively a 128 bit thing, but that's still incredibly impossible to worry about (there's some general purpose algorithm that requires a quantum computer that would generally halve the key size I think).

What is likely threatened by quantum computing are public key algorithms that work on the idea of one way being easy, and another way being hard. Like factoring- multiplication of huge numbers is fast, factoring them is not. Shor's algorithm is the famous one to be able to do this fast enough given a good quantum computer. But a lot of these allegedly one-way functions would be varying degrees of screwed up in the so-called 'post-quantum world'.

In a normal SSL connection, you use public key cryptography to exchange a symmetric key, then you use that. So if you were to record an entire SSL connection and then in the future be given a big quantum computer, you could in theory work it all out- first by undoing the public key initial piece, and then by reading the symmetric key directly, at which point you would be able to decrypt the remainder normally.

From my understanding, standard notes wouldn't actually be subject to this, as it never transmits your actual key- you encrypt it with your real key locally, and then it gets sent as TLS stuff. So while the public key could be discovered, and the private key for the TLS session, the actual payload data would be encrypted with a key derived from your password that is never transmitted.

Now, if it does actually transmit that key at some point, then all bets are off. But it couldn't really be secure if it transmitted your key anyway right? So it probably doesn't do that.