[OPSEC/Computer] Encrypting entire USB?

So I have a a usb with tails and an encrypted persistent volume. However, im wondering should i encrypt the whole usb with veracrypt or is this not needed? Also, if i did this would the computer just ask for the pass phrase before launching tails when i boot from USB?


Comments


[3 Points] hastatuss:

If you have a persistent volume, encrypt it is a safe bet.

However, you can't use it Veracrypt since it won't ask you the passphrase at the boot. You can use a LUKS encryption. Google it and you'll find some tutorials for Tails


[2 Points] None:

Don't know much about tails, dont know much more about running off a flash drive. But linux, installed on a hard drive, cannot boot if the kernel, bootloader, or drivers for the disk encryption system (generally either in the kernel or in the initial ram disk image) are encrypted. Generally you would make your /boot unencrypted. First of all, by definition, that means your ENTIRE usb cannot be encrypted. But....is it even possible to set up your tails with a seperate /boot partition?


[0 Points] DancingWindAway:

Depends, for windows it doesn't seem possible. You would need to decrypt it before the Legacy or UEFI boot. Might be possible with Linux if I remember correctly.

But it makes no sense, your presistant is already encrypted and the rest of the USB stick is amnesic so there is no need to encrypt it. And unless you use 100+ symbol passwords it doesn't matter much how often you encrypt. The TAO division of the NSA is capable of 3 trillion guesses per second. Takes them 30sec instead of 15 to crack it open...