Address training team feedback

- Make it clearer that VeraCrypt needs to be installed on Windows/ Mac computers to open encrypted drives - Recommend diceware passphrases for Transfer/Export Device - Fix typo
freedomofpress · Sep 11, 2019 · 54301d8 · 54301d8
1 parent 892ee47
commit 54301d8
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 12 deletions.
diff --git a/docs/journalist.rst b/docs/journalist.rst
@@ -594,6 +594,14 @@ Copy the file or files you want to access on your everyday workstation to the
 Decrypting and Preparing to Publish
 -----------------------------------
 
+.. note::
+
+   To decrypt a VeraCrypt drive on a Windows or Mac workstation, you need
+   to have the VeraCrypt software installed. If you are unsure if you have the
+   software installed or how to use it, ask your administrator, or see
+   the `Freedom of the Press Foundation guide <https://freedom.press/training/encryption-toolkit-media-makers-veracrypt-guide/>`__
+   for working with VeraCrypt.
+
 To access the *Export Device* on your everyday workstation, follow these steps:
 
 1. If your *Export Device* has a physical write protection switch, make sure it
@@ -607,9 +615,6 @@ To access the *Export Device* on your everyday workstation, follow these steps:
 7. Open the *Export Device* in your operating system's file manager, and copy
    the contents of interest to your everyday workstation.
 
-For more information about working with VeraCrypt, see the
-`Freedom of the Press Foundation guide <https://freedom.press/training/encryption-toolkit-media-makers-veracrypt-guide/>`__.
-
 As a security precaution, we recommend deleting the files on the *Export Device*
 after each copy operation. If you are using write protection, you have to perform
 this step on the *Secure Viewing Station* to get the security benefits of write

diff --git a/docs/set_up_transfer_and_export_device.rst b/docs/set_up_transfer_and_export_device.rst
@@ -92,6 +92,15 @@ which ideally will synchronize to their smartphone. See the Freedom of the Press
 Foundation guide for `choosing a password manager <https://freedom.press/training/blog/choosing-password-manager/>`__
 if you are not currently using one.
 
+.. tip::
+
+   The user will have to enter this passphrase repeatedly. For this reason, we
+   recommend using `diceware <https://en.wikipedia.org/wiki/Diceware>`__ instead
+   of random character sequences that are difficult to type. If your password
+   manager does not support generating diceware passphrases, see the
+   `EFF guide <https://ssd.eff.org/en/module/creating-strong-passwords#1>`__
+   for information on how to do it yourself.
+
 Create USB *Transfer Device*
 ----------------------------
 
@@ -160,7 +169,7 @@ sure to label it.
 
 Create a USB *Export Device*
 ----------------------------
-We recommend using a fully encrypted USB drive for coping files off the
+We recommend using a fully encrypted USB drive for copying files off the
 *Secure Viewing Station*. This is even more important than for the
 *Transfer Device*, as the risk of accidentally leaving decrypted files on the
 *Export Device* is significant.
@@ -178,16 +187,22 @@ VeraCrypt is a good alternative to hardware-based encryption. It is actively
 maintained cross-platform software that has been independently audited and is
 free to use.
 
-VeraCrypt-encrypted media can be opened in the Tails operating system without
-installing additional software. However, to *create* your encrypted VeraCrypt
-drive in the first place, you will need to install the VeraCrypt software.
-The `guide by Freedom of the Press Foundation <https://freedom.press/training/encryption-toolkit-media-makers-veracrypt-guide/>`__
+VeraCrypt-encrypted media can be opened in the Tails operating system and on
+common Linux distributions without installing additional software. To open
+VeraCrypt media on Windows or Mac workstations, or to create VeraCrypt drives,
+you need to install the VeraCrypt software. The `guide by Freedom of the Press
+Foundation <https://freedom.press/training/encryption-toolkit-media-makers-veracrypt-guide/>`__
 provides instructions for encrypting storage media using VeraCrypt.
 
-While you can install the VeraCrypt software on an everyday workstation running
-Windows, macOS or Linux, larger organizations may want to consider setting up a
-more controlled environment for doing so, and having IT act as a provisioning
-service for encrypted drives.
+Keep in mind that each journalist using a Windows or Mac workstation will need
+to have the VeraCrypt software installed on their computer to access the encrypted
+*Export Device*.
+
+.. tip::
+
+   Larger organizations may want to consider setting up a controlled environment
+   for creating VeraCrypt-encrypted *Export Devices* and providing them to
+   journalists, to ensure that each drive is provisioned in a secure manner.
 
 As with the *Transfer Device*, we recommend storing the passphrase in the
 password manager of each user who will use a given *Export Device*.