Truecrypt, in its usual understated way, has announced that TrueCrypt 5.0 will be available in January. It includes system partition encryption (!), a graphical user interface for the Linux version and (drumroll) -- a Mac OS X version!! Talk about a holiday present from the TrueCrypt foundation!!!!
http://www.truecrypt.org/future.php

Does that mean I can encrypt a whole harddisk, including my separate harddisk for personal data files ?
I wonder how fast the backup/restore will be of an encrypted HDD.
I was very slow with ATIv9, maybe ShadowProtect will do it faster.

-{ Quote: "Does that mean I can encrypt a whole harddisk, including my separate harddisk for personal data files ?
I wonder how fast the backup/restore will be of an encrypted HDD.
I was very slow with ATIv9, maybe ShadowProtect will do it faster." }-

TrueCrypt has tutorials at their websiye that will walk you through everything step by step.

-{ Quote: "Does that mean I can encrypt a whole harddisk, including my separate harddisk for personal data files ?..." }-

Yes ;D

The problem with TrueCrypt is that it acts like a vault. As long the vault is closed you are safe, once the vault is open any malware or hacker can steal your data.
A vault only protects you against physical theft, when a burglar steals your computer and can't read your data because the vault is closed.

My original and wrong idea was that TrueCrypt would encrypt any file on my data partition and make it unreadable for the thief, even when the file was stolen by malware or hacker. After all on-line theft happens alot more than physical theft.
If that was possible, I don't need outbound protection anymore, because whatever is stolen, the thief can't read it in a million years. Unfortunately it doesn't work that way. That was the reason, why I ditched TrueCrypt long ago.

-{ Quote: "The problem with TrueCrypt is that it acts like a vault. As long the vault is closed you are safe, once the vault is open any malware or hacker can steal your data.
A vault only protects you against physical theft, when a burglar steals your computer and can't read your data because the vault is closed.

My original and wrong idea was that TrueCrypt would encrypt any file on my data partition and make it unreadable for the thief, even when the file was stolen by malware or hacker. After all on-line theft happens alot more than physical theft.
If that was possible, I don't need outbound protection anymore, because whatever is stolen, the thief can't read it in a million years. Unfortunately it doesn't work that way. That was the reason, why I ditched TrueCrypt long ago." }-

axcrypt is free and comes highly recommended. You can encrypt individual files and it is easy to use. You could encrypt your files and then put them in a truecrypt partition, hehe!

-{ Quote: "After all on-line theft happens alot more than physical theft." }-

Theft of data happens online more than OFFline? No way. Laptops that go missing with hundreds of thousands of files of customer information, someone has a laptop stolen at the airport, DATA theft is most common from OFFline scenarios.

-{ Quote: "Theft of data happens online more than OFFline? No way. Laptops that go missing with hundreds of thousands of files of customer information, someone has a laptop stolen at the airport, DATA theft is most common from OFFline scenarios." }-
I was talking about home, not a laptop, which is an easy target for thiefs.

-{ Quote: "axcrypt is free and comes highly recommended. You can encrypt individual files and it is easy to use. You could encrypt your files and then put them in a truecrypt partition, hehe!" }-
And the thief can't read a file encrypted with axcrypt ?
And I have to encrypt them one-by-one with axcrypt ?

-{ Quote: "The problem with TrueCrypt is that it acts like a vault. As long the vault is closed you are safe, once the vault is open any malware or hacker can steal your data.
A vault only protects you against physical theft, when a burglar steals your computer and can't read your data because the vault is closed.

My original and wrong idea was that TrueCrypt would encrypt any file on my data partition and make it unreadable for the thief, even when the file was stolen by malware or hacker. After all on-line theft happens alot more than physical theft.
If that was possible, I don't need outbound protection anymore, because whatever is stolen, the thief can't read it in a million years. Unfortunately it doesn't work that way. That was the reason, why I ditched TrueCrypt long ago." }-

locking the vault is a basic switch to turn it off. you can't rely on the software doing everything you pc dont turn on by itself you have to do it. it same for banks they have to lock there vault. yes there is timed vault which the software can be made to do. it all come down to having common sense to be vigilant. thats the best security using your head. one click and the vault is locked. it hard not to forget as the vault is staring you in the face.

Truecrypt has option to be readonly and also to lock vault if no data has been written to it in a specified time.

-{ Quote: "locking the vault is a basic switch to turn it off. you can't rely on the software doing everything you pc dont turn on by itself you have to do it. it same for banks they have to lock there vault. yes there is timed vault which the software can be made to do. it all come down to having common sense to be vigilant. thats the best security using your head. one click and the vault is locked. it hard not to forget as the vault is staring you in the face.

Truecrypt has option to be readonly and also to lock vault if no data has been written to it in a specified time." }-
Vault is one way, there are other ways to do encryption.

@ErikAlbert

If you turn off the hard drive theres no need to do encryption. You set the hard drive to turn off when you go online at a set time. You using Sandboxie and/or Returnil. If you really want ironclad security disable the 2nd hard drive in the bios and forget about it. When the time comes you need something off that 2nd drive is the time you realise it not there so you turn it on again in the bios. in fact theres a util now to access the bios from within windows.

-{ Quote: "@ErikAlbert

If you turn off the hard drive theres no need to do encryption. You set the hard drive to turn off when you go online at a set time. You using Sandboxie and/or Returnil. If you really want ironclad security disable the 2nd hard drive in the bios and forget about it. When the time comes you need something off that 2nd drive is the time you realise it not there so you turn it on again in the bios. in fact theres a util now to access the bios from within windows." }-
I agree that turning off the 2nd HDD would be alot better, but it has to be something PRACTICAL and CONVENIENT. Turning it on/off in the BIOS isn't and this time "no writing possible by malware", not like PC Security. :)

can you not say Truecrypt locking the vault at set time all set by the options isn't pratical when you go online? surely it is teamed up with Sandboxie

-{ Quote: "can you not say Truecrypt locking the vault at set time all set by the options isn't pratical when you go online? surely it is teamed up with Sandboxie" }-
At a set time ? Is that practical ? I want to lock or unlock my 2nd HDD when I need it, not at a specified time.
Sandboxie doesn't protect my 2nd HDD, when I test a suspicious software in my system partition, which can infect my 2nd HDD, unless it is locked properly.

ErikAlbert, There is no such thing as on-the-fly encryption without it being vulnerable while the partition/container is open. File-By-File encryption, such as AxCrypt, would be your only solution.

-{ Quote: "ErikAlbert, There is no such thing as on-the-fly encryption without it being vulnerable while the partition/container is open. File-By-File encryption, such as AxCrypt, would be your only solution." }-
OK. I will wait ... until the file-by-file encryption is more convenient to use.

-{ Quote: "At a set time ? Is that practical ? I want to lock or unlock my 2nd HDD when I need it, not at a specified time.
Sandboxie doesn't protect my 2nd HDD, when I test a suspicious software in my system partition, which can infect my 2nd HDD, unless it is locked properly." }-
It sounds like you tried using TrueCrypt with a partition-based volume. However, did you ever consider creating a small number of container files instead? Each one could containing a certain collection of data. Only mount (open) the volume that you need, and close it as soon as you are done.

To some degree this is the software equivalent of manually switching a second hard drive on and off, as per your earlier post, but this much more flexible because you can have as many 'drives' as you want, you can mount as many or as few as you need and you can dismount them all almost instantly if desired.

Check out R-Guard, or the file protection in COMODO Firwall Pro.

Can't wait to see how useful the new version will be.

I've mainly steered away from encryption anything for fear of ultimately losing data but maybe this is more reliable then i been led to believe all along.

I make plenty of use of virtual partitions via files in the past and they been reliable enough for me but perhaps encryption needs another look.

I kind of like the idea of AxCrypt files to TrueCrypt. Another interest to test out for sure.

-{ Quote: "I kind of like the idea of AxCrypt files to TrueCrypt. Another interest to test out for sure." }-

I thought everyone already did that! Pete

-{ Quote: "I've mainly steered away from encryption anything for fear of ultimately losing data but maybe this is more reliable then i been led to believe all along." }-Exactly like me.
-{ Quote: "TrueCrypt 5.0 will be available in January. It includes system partition encryption (!)," }-Yes I read this 2 weeks ago. Very cool and wondering why this took so long for realization.
-{ Quote: "
The problem with TrueCrypt is that it acts like a vault. As long the vault is closed you are safe, once the vault is open any malware or hacker can steal your data.
A vault only protects you against physical theft, when a burglar steals your computer and can't read your data because the vault is closed." }-
That´s the next problem if you want to be secure while surfing the internet.
-{ Quote: "My original and wrong idea was that TrueCrypt would encrypt any file on my data partition and make it unreadable for the thief, even when the file was stolen by malware or hacker. After all on-line theft happens alot more than physical theft.
If that was possible, I don't need outbound protection anymore, because whatever is stolen, the thief can't read it in a million years. Unfortunately it doesn't work that way. That was the reason, why I ditched TrueCrypt long ago." }-How would you like to realize it? Windows itself would be unable to read its files. You would need a turbo engine that en/decrypts millions of things at the same time, probably needing octacore and system performance would probably go to 0.
-{ Quote: "Theft of data happens online more than OFFline? No way. Laptops that go missing with hundreds of thousands of files of customer information, someone has a laptop stolen at the airport, DATA theft is most common from OFFline scenarios." }-True too but
-{ Quote: "I was talking about home, not a laptop, which is an easy target for thiefs." }-That is reality in most cases.
-{ Quote: "Truecrypt has option to be readonly and also to lock vault if no data has been written to it in a specified time." }-At least something.
-{ Quote: "I agree that turning off the 2nd HDD would be alot better, but it has to be something PRACTICAL and CONVENIENT. Turning it on/off in the BIOS isn't and this time "no writing possible by malware", not like PC Security. " }-Think exactly.
-{ Quote: "
File-By-File encryption, such as AxCrypt, would be your only solution." }-
Winrar is enough too no need for Axcrypt.

-{ Quote: "
How would you like to realize it? Windows itself would be unable to read its files. You would need a turbo engine that en/decrypts millions of things at the same time, probably needing octacore and system performance would probably go to 0.
" }-
PC's are way too slow, but one day, when the hardware is improved, they will be fast enough to solve this problem. After all the chip was also a big improvement in the past, nothing stops inventors to do better.
One day harddisks will look old like tapes.

-{ Quote: "I thought everyone already did that! Pete" }-

Certainly not this one yet. Greets Pete.

I take another approach in virtual file partition to store various data/items but never keep anything of a truly sensitive nature on disk, at least not on disk connected to internet access, LoL.

Always good to read your articles on gov privileges and their impact on citizens freedoms. Much to be said & realized for those kind of efforts rarely told, keep up that timely reporting, worthy reading indeed. Appreciated.

Also see you keep a foot in the door at ERASER, been my fav a very long time and still is.

Encryption? A new venture for me, but then theres always a new discovery awaiting where concerns the computer right?

Regards EASTER

Hello,

A suggestion to all encryption users:

You MUST keep an unencrypted version too. Otherwise, if the encrypted volume gets corrupted somehow, you're most majorly cankered.

The idea of encryption is not to protect the data as to protect the device with that data. For example, no one will steal your lousy DVDs with words like movie movies or stuff written on it. But thumb drives, mobile HDDs, laptops, are a lucrative theft prize. They should be encrypted.

Mrk

-{ Quote: "
You MUST keep an unencrypted version too. Otherwise, if the encrypted volume gets corrupted somehow, you're most majorly cankered.
" }-
That's what I thought also : double backups, too much work for me. :)

-{ Quote: "Hello,
You MUST keep an unencrypted version too. Otherwise, if the encrypted volume gets corrupted somehow, you're most majorly cankered." }-
You don't need to make unencrypted backups. TrueCrypt can be run in traveller mode directly from a CD, DVD or USB flash drive and you can mount your encrypted backup on any computer that you can logon as admin, so you're not locked out of your data if you lose your main volume.

There are plenty of good ways to back up encrypted data. You can create an encrypted partition on removable media or use container files (which are much more flexible for this purpose). I prefer to merely copy my container files to an external drive, as this is very quick and convenient. Periodically I make a second copy to CD and I always include the TrueCrypt traveller files on the CD. I can take my backup CDs anywhere and run them on any PC that I have admin privileges on.

Hello,

I'm using containers, and I backup them. I keep a long history of backups, so if my container sudently become corrupted my last or above backup will work.
There is no point encrypting data if you make unencrypted backups, IMO.

Regards,
gkweb.

Agree with gkweb and dantz. I backup all encrypted data - but still in encrypted form. Backing up Truecrypt headers is all important as well.

If it's too much trouble, encryption isn't for you. True security never comes easy.

This new version seems very good indeed! I am still waiting for the raw cd/dvd images myself. Why do they always shut down the forum over the period before and after a new version release?

-{ Quote: "This new version seems very good indeed! I am still waiting for the raw cd/dvd images myself. Why do they always shut down the forum over the period before and after a new version release?" }-

This time, they're making some changes. The forums will be swamped with the addition of whole disk encryption - and a MAC OS X version.

I am curious if TrueCrypt WDE will work along-side Rollback RX :S

If it uses a boot loader, then probably not, the drive would not decrypt, because the boot loader would be replaced.

-{ Quote: "
Quote:
Originally Posted by Mrkvonic
Hello,
You MUST keep an unencrypted version too. Otherwise, if the encrypted volume gets corrupted somehow, you're most majorly cankered.
You don't need to make unencrypted backups. TrueCrypt can be run in traveller mode directly from a CD, DVD or USB flash drive and you can mount your encrypted backup on any computer that you can logon as admin, so you're not locked out of your data if you lose your main volume.

There are plenty of good ways to back up encrypted data. You can create an encrypted partition on removable media or use container files (which are much more flexible for this purpose). I prefer to merely copy my container files to an external drive, as this is very quick and convenient. Periodically I make a second copy to CD and I always include the TrueCrypt traveller files on the CD. I can take my backup CDs anywhere and run them on any PC that I have admin privileges on." }-
Great tipps dantz,
-{ Quote: " Hello,

I'm using containers, and I backup them. I keep a long history of backups, so if my container sudently become corrupted my last or above backup will work.
There is no point encrypting data if you make unencrypted backups, IMO.

Regards,
gkweb." }-Exactly this is really true, very important that this is written down here.

Mrkv. hopefully this knowledge will help you to not be that cheeky in future.

Hello,

Cheeky?

My data = my rules. Anyone can backup the data any which way. I believe in good ole as many copies as possible everywhere. If I could bother, I'd also print everything - and engrave it in stone.

The idea of keeping all my data encrypted - ONLY - makes my bowels twitch. It's entirely personal. Kudos to anyone brave enough to keep all of their data in encrypted form.

In my case, it's mainly against theft - on portable devices.

Mrk

Hello Mrkvonic,

-{ Quote: "
The idea of keeping all my data encrypted - ONLY - makes my bowels twitch. It's entirely personal. Kudos to anyone brave enough to keep all of their data in encrypted form." }-

You are talking directly or indirectly about two points, and I will give you my opinion on both.

1 - Encryption can lead to data loss and is therefore risky
2 - If we use encryption we must keep an unencrypted backup somewhere

It is true that when we encrypt something, if the container becomes corrupted everything inside it is lost. However, by using a simple backup strategy, data loss is a risk eliminated. For instance always keep an history of backup containers and "volume header" in the case of TrueCrypt (Tools menu -> Backup Volume Header), and put your backups accross multiple drives, and places if you can. Using this backup strategy, you cannot loose what is encrypted because you will always have a working version at hand. If you loose those drives, it does not matter they are encrypted or not.

Then, about keeping unencrypted backups, we should keep in mind why we encrypted data in the first place. We encrypt data to strongly prevent other people to access it, no matter these data have an emotional or financial value. However, if someone breaks in your house and steal everything he finds including external USB HDD where unencrypted backups are, I doubt he will try to decrypt an encrypted TrueCrypt container while he has the plain unencrypted data. If you keep unencrypted backups in a bank safe instead, one have to wonder of what is stronger between the bank safe box and encryption (a rogue employee could open it, or criminals might break it, whereas none of the both could decrypt it).

To sume it up, by using an organized backup strategy you cannot loose more data because they are encrypted, or else your backup strategy is wrong. Secondly, if for you the risk of unencrypted backup stealing is acceptable, then it should be acceptable too to not encrypt your data at all.

The bottom line is that encrypting data leads to a risk of data loss, however the steal of these data unencrypted would be worse, and data loss can be eliminated using backups.

That being said, merry christmas to everyone :)

Regards,
gkweb.

Hello,

Good and valid points, all.

I mainly use TC volumes - rather than containers. ALL of my backups sum to up approx. 150GB give or take, so backing up this backup this can be a little tricky. I do backup the headers, but that does not reduce my paranoia regarding physical damage.

Now, the risks:

Theft - well one can never be really sure what thieves could take, but the chances are they'll go for portable stuff rather than DVDs labeled with markers.

Damage - this is the most likely cause of failure of anything digital - plain simple damage or death of the device, in which case restoration of data, partial or full, can be several orders of magnitude more complicated it it's encrypted.

So this brings me to my point of bulk plain backups:

Plus, the cost - 120 DVDs = 500GB cost 15 dollars, 1 500GB HDD costs 150 dollars. The likelihood of all 120 DVDs getting damaged simultaneously or stolen or broken is much lower than the chance of a single device gong bad.

Furthermore, salvaging partial data from a physically damaged encrypted drive is much harder than unencrypted one.

I think encryption is not meant to hide you from the world - merely make things slightly more difficult for potential thieves - because they might also steal your birth certificate and the passport, and you can't encrypt these.

If someone really bothers to go after your private data, it's a whole new level of theft protection. But if a casual thief gets hold of a USB drive or a laptop, well then he/she might want to browse the data out of pure curiosity, in which case some encryption is useful.

Hey, you might even lose a USB drive at your workplace and someone might plug it in and take a look. Digging through hundreds of CDs, DVDs to get to a disk labeled "my backup 18-03-01" is not really the most common scenario. TVs and laptops fish a much better price.

gkweb, I think you're talking about a different level of encryption protection, which is different from what I had in mind.

Mrk

Hello,

You have valid points too :)

Indeed, if we simply want to protect as home user our data against "casual" thieves, it is a different context than confidential data at work against spy pr criminals. I perfectly understand your point.

Talking about the risks, I talked of thieves, but admittedly what happens 99% of the time (and it happened to me several times) is a physical damage (HDD not working).

Regards,
gkweb.

Sometimes I wonder in these threads on encryption exactly what I need to encrypt. Data loss incidents get a lot of publicity, but how many around here have to really worry about losing a big database? I suppose Trucrypt is going in the right direction as the emerging standard is full disk encryption.

It reminds me of the threads on hard drive erasure and how many pases you need, when one pass will stop everyone but a three letter agency, and then only if it is really important will they bother.

-{ Quote: "Hello,

A suggestion to all encryption users:

You MUST keep an unencrypted version too. Otherwise, if the encrypted volume gets corrupted somehow, you're most majorly cankered.

The idea of encryption is not to protect the data as to protect the device with that data. For example, no one will steal your lousy DVDs with words like movie movies or stuff written on it. But thumb drives, mobile HDDs, laptops, are a lucrative theft prize. They should be encrypted.

Mrk" }-

Thanks Mrk for confirming my suspicions all along. Not that such would happen overnight or over some time, but truth is all software can malfunction for whatever reason and an encrypted drive without first an unencrypted backup IMO would be the same as playing on blind trust nothing would ever go wrong.

Good Advice.

Good points on encryption.

I've been playing with various encryption software just out of curiosity, and it occurred to me that I don't really have anything on board that anybody would want. I don't do anything online that would necessitate a need for encrypting anything. To me, that's the only genuinely safe way.

Still, encryption software is an area I've never fooled with, and it interests me.

-{ Quote: "Truecrypt, in its usual understated way, has announced that TrueCrypt 5.0 will be available in January. It includes system partition encryption (!), a graphical user interface for the Linux version and (drumroll) -- a Mac OS X version!! Talk about a holiday present from the TrueCrypt foundation!!!!
http://www.truecrypt.org/future.php" }-

I saw that up there yesterday. I dont see any mention on the home page. Is that new or has it been there a while?

-{ Quote: "don't do anything online that would necessitate a need for encrypting anything. To me, that's the only genuinely safe way." }-That is a good strategy too if it is really so but many people have sensitive informations. Probably all people have passwords, then we have software developpers, authors... to care about encryption is always useful.

-{ Quote: "I saw that up there yesterday. I dont see any mention on the home page. Is that new or has it been there a while?" }-

Yes, it's on the home page, toward the bottom of the page you'll see:
" Next release 5.0 scheduled for: January 2008" with a link to the page that lists all the changes (major!) in 5.0.
------------
As for the worries about encryption, I have worked with hundreds of TC containers and partitions, ever since version 1.5 and have never had data corruption. It's rare. Of course when it happens, you'll read about it on the TC forums. But, really, the risk is minimal. Backup a container and you're safe. You won't have two corrupted containers - just won't happen. I think if you feel you must keep unencrypted backups - use the bank deposit box scenario, that's a good, safe option.

As for what is worth encrypting? Many people don't realize how much on their computer could be used for ID theft and many other things. Think about how more and more of our lives are being kept on our computers. Social Security numbers, credit card numbers, bank passwords, medical records, scanned material (leases, mortgage papers, wills, etc.), databases with much personal or work-related research. Especially with laptops, without encryption, you risk so much. It will one day be routine and an accepted part of owning a laptop.

Hello,
All of the docs you mentioned, Gerard, should NOT be on a PC.
Cheers,
Mrk

-{ Quote: "Hello,
All of the docs you mentioned, Gerard, should NOT be on a PC.
Cheers,
Mrk" }-

Not on an unencrypted one, for sure. I definitely agree - that's basic. But, there's nothing at all wrong with these being on a PC with encryption. In fact, it's safer than sitting in a drawer at home.

Hello,

OK, but my question was why should you keep the actual credit card number or any password written anywhere? The same goes for other personal country/state/govt-issued documents.

I can understand scanned docs, like wills and such - but these are really much better off in an attorney's office or such. At worst, you can encrypt single files, where you take the risk of potentially losing this data - but where it won't really matter, more a privacy precaution that actual productivity loss.

Mrk

-{ Quote: "Thanks Mrk for confirming my suspicions all along. Not that such would happen overnight or over some time, but truth is all software can malfunction for whatever reason and an encrypted drive without first an unencrypted backup IMO would be the same as playing on blind trust nothing would ever go wrong.

Good Advice." }-

This simply isn't true.

Depending how you set it up, you have two seperate versions of the same data in two places. If one is damaged then you still have the other one. There is little difference between this and a non encrypted system in terms of a complete drive failure.

The way I and many others do it with TC is to create two encrypted drives - one on the PC and one on a backup drive. You mount both drives and use any common back up application to back up from one drive to the other. You can keep copies of the truecrypt headers on both drives, an unencrypted drive, or anywhere else (like an online email account or something).

-{ Quote: "You are talking directly or indirectly about two points, and I will give you my opinion on both.

1 - Encryption can lead to data loss and is therefore risky
2 - If we use encryption we must keep an unencrypted backup somewhere" }-

This is been my deepest concern all along where it involves encryption. IMHO there are already too many deficiencies floating about in microsoft O/S's, adding encryption just increases this fatal potential, no matter the general percentages.

While it may prove a useful concept and idea privacy/protection against compromise for many, including governments, they had better be prepared ahead of time with some solid safe provisions for backing up the entire system FIRST, because the past & present track record of $M O/S's don't exactly encourage reasonable trust in something as integrate as code scrambling.

-{ Quote: "This simply isn't true.

Depending how you set it up, you have two seperate versions of the same data in two places. If one is damaged then you still have the other one. There is little difference between this and a non encrypted system in terms of a complete drive failure.

The way I and many others do it with TC is to create two encrypted drives - one on the PC and one on a backup drive. You mount both drives and use any common back up application to back up from one drive to the other. You can keep copies of the truecrypt headers on both drives, an unencrypted drive, or anywhere else (like an online email account or something)." }-

Thank you. Of course, you are exactly right and all the fear-mongering over Truecrypt is truly ridiculous. As you said, using two Truecrypt drives it is no different than using two regular hard drives with no encryption and risking hard drive failure. It boggles the mind how uninformed so many people here are regarding encryption and yet - post about it! Not understanding is fine, Not understanding but spreading disinformation and fear is not so easily overlooked.

Hello,

I did not wish my PERSONAL regard to data integrity to become a trend. This works for me. It does not mean it's globally true or applicable.

As I have told gkweb, the chance of a single drive holding 500GB failing is exponentially higher than 100 5GB DVDs holding that same data, which encrypted can be a lot tricker to extract in case of partial hardware failure ... but you can read the pleasant exchange of thoughts some posts above.

That's all. Backup is always necessary. I would not dream of having some of my stuff encrypted only - regardless of TC or any other software.

Cheers,
Mrk

I'd say that for most people the idea of burning 100 dvds is out of the question. Also it's not exactly flexible for data that chang much over time. I wouldn't even consider this because of the hassle. Also encrypting these DVDs doesn't seem to add much risk.

This is why most people these days use either online storage or external hard-drives. It's done on the fly and is usually pretty invisible to the user.

Re: external drives - I think the chance of both the drive in your PC and the external drive failing are pretty slim....unless there is a major physical reason like a fire which destroys everything. For this reason I'd suggest backing up really crucial data online. Personally I backup onto an encrypted USB drive once a week and store this in a safe in the house. I also store my family photos (important and unreplaceble data to me) in Picassa online (free and reasobably integrated into Picassa photosuite anyway). This way I can deal with a drive failure, a moderate fire and the more common theft of the PC.

You are right that encrypted drives are likely to be harder (if not impossible) to recover if certain faults arise. However again I'd say the chances of both encrypted drives failing at the same moment are slim so I wouldn't be worried about this risk myself. Other problems are more likely like accidentally backing up incorrectly and finding you're backup isn't what you thought it was etc - problems that occur with or without encryption.