Encrypting a whole drive, couple of questions?

Discussion in 'privacy technology' started by Socio, Mar 2, 2005.

Thread Status:
Not open for further replies.
  1. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    I read the FAQ posted in this thread which is one hell of a good read by the way.

    https://www.wilderssecurity.com/showthread.php?t=69036

    Anyway that fact has got me thinking about encryption, specifically a whole main drive and so pardon me if I sound newbish but I have a couple of questions:

    1, If you encrypt your whole main drive including OS does your desktop maintain normal functionality, I mean does everything look, work and act the same, apps still open an run normally?

    2, If you install a new app or save a new document to your encrypted drive does the new program or doc automatically get encrypted?

    Thanks!
     
  2. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I'm not an expert on this but from what I know for most encryption software.

    Yes.

    Yes.

    Hope this helps,

    Chris
     
  3. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    Thanks for the reply,

    I have one more:

    Does running an encrypted drive with your OS on it slow down your systems performance?

    So far it sounds like a good idea unless you have to take a noticeable hit on performance.
     
  4. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Depends on the program but with a speedy computer it's not going to bring you to a crawl but you may notice a slight slowdown.

    Please check the link listed in this post it is very helpful. http://www.panta-rhei.dyndns.org/pantawiki/SecurityAndEncryptionFaq?action=print

    Hope this helps,

    Chris
     
  5. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    That is what got me started thinking about the whole encryption thing.

    I have yet another question, is it possible to back up sensitive data on to a CD or DVD encrypted? If so would you have to copy all the data back to your harddrive to view it or would you still be able to view it on the DVD or CD even though its encrypted?

    Thanks
     
  6. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Yes. You would have to use a program to encypt the files than burn them on the cd.

    I am not 100% but I think again depending on what program you use to encrypt it. I know that's kinda vague. I wish someone would jump in to give an exact answer for you. Sorry took so long this post been at work all day.

    Hope this helps,

    Chris
     
  7. What I have always heard (never experienced it myself because I don't encrypt my entire hadrdrive) is that if you encrypt your harddrive, and then attempt to make images (with programs like Ghost or True Image) or just backup data while it is encrypted, you may have trouble restoring that data back to your hardrive later if you wanted to.
     
  8. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    The more I look in to it the more I like the idea, but like you I have similar concerns.

    If you have full drive encryption on say the Main drive with OS and on a second drive and the main drive become unbootable or dies how would you get back in to the second drive?

    Can you just install a new drive and re-install your OS and encryption software and still be able to use stored keys from a floppy for CD you created for the second drive to gain access to that drive? If this is possible then at least some of risk of data loss would be mitigated.

    Since you can not use ghost or other type imaging software, to further lower risk of data loss I would like to be able to find a way to mirror certain folders from the main encrypted drive to a second encrypted drive should one or the other go bad I would still have access to that data.

    If the above can be accomplished then the gains would far out weight the risks in doing full drive encryption at least from my perspective.
     
  9. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Theoretivcally you can install OS and install encryption software and use your stored key to access the second drive.

    Hope this helps,

    Chris
     
  10. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I know people who use an older second computer for all sensitive data and use DCPP on that computer alone. You can also take data only and encrypt it into DVD-size 4GB containers (with Drivecrypt or TrueCrypt) and back up all the data before encrypting the entire main drive. You would then keep your DVD encrypted backups off premises and secure. That way if anything were to happen to the drives with DCPP you would have your critical data someplace to easily retrieve.
     
  11. PaRaNoiD_JaCK

    PaRaNoiD_JaCK Registered Member

    Joined:
    Mar 6, 2005
    Posts:
    5
    DCPP Plus Pack is a good OS encryption. I`ve used it over the last year without problems.

    :D
     
  12. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    "Theoretivcally" :doubt:

    Well at least it seems plausible; I think I would need to test it out to see for sure before I give the encryption software that much trust.

    Gerard Morentzy,

    That would be great for static data storage though I am not sure if you would need to copy the 4GB of encrypted data back to your hard drive before you can view it or not.

    What concerns me more it the daily data changes, like new and changed documents, e-mail correspondence, e-mail addresses, and other stuff you would not back up on a daily basis. I am still looking around for some kind of software that will mirror folders\files on one drive to a second drives in real time or even synchronize the data between the two locations at system shutdown. I can always re-install my OS and software if something goes wrong but loosing a days worth of work but loosing that kind of data built up over a period of time would not be fun.


    PaRaNoiD_JaCK,

    I am looking at that software and another one called Safeguard Easy both run about the same price and both look to do what I am thinking of doing.
     
  13. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    You should not have to do this. Most can do it on the fly.

    Thanks,

    Chris
     
  14. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    166
    Ah then I will test this as well once I get setup.

    I found several mirroring software’s that should be able to mirror folders/files between hard drives and I think it will work with encrypted drives as long as both drives have been unlocked via their keys. I won't know for sure until I test it out to make sure.
     
  15. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    See this thread for more info.

    When encrypting the whole drive, this is what happens:
    Boot pc: first the mbr is loaded and from it the disk encryption software is started. It is a mini operating system, that checks for the encryption key on a token, or somewhere on disk. We use a smartcard that's secured with a PINcode in order to keep the encryption key secured off disk.
    Then, from the secured os environment the windows os is run.

    For windows to be able to read/write the encrypted harddisk, an encrypting device driver is used instead of the default windows driver. By doing this, the performance impact is minimal. Our Safeboot performance penalty is probably a few percents, but that's not noticable by our end users. After installing Safeboot the encryption fase takes up to 10% processor performance (and you can lower that). Besides... you can abort the encryption process and resume later on, great stuff! Compared to using a Zenith 183 with onboard encryption chip in the mid-80's, progress has been great.

    Due to the integration of the smartcard and safeboot, the users don't have to login to Windows or the network, there's a single sign on capability.

    Once a disk is encrypted, the setup is completely transparant to the user, apart from the boot process with the smartcard. There's no difference in functionality compared to a non encrypted harddisk. That's the big advantage over container based encryption schemes, where the user needs to know how and where to save securely.
    So, backing up data to another harddisk is the same as on a regular system: writing to a non secured disk is in a non encrypted format. Restoring to a secured harddisk is possible too, because reading from a non secured medium is just file i/o to a secured harddisk.
    From our central admin system we can configure the local systems, encrypting drive partitions and so on.

    In order to encrypt removable media, separate drivers are necessary, usually these are separate products. Safeboot (sorry, I'm not trying to promote them) has their content encryption products to offer dvd and usb media support. You can even control usb acces from the central admin station.

    I'm sure other suppliers offer the same functions in their tools. Just make sure that the devices that you want to secure are supported.
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It is probably worth noting that while whole disk encryption will secure your data from being read by another user without a login on your system, it will not prevent any malware that gets run under your user ID from accessing it (so process monitoring/control software like Process Guard/Systen Safety Monitor still has a role to play).
     
  17. TECHWG

    TECHWG Guest

    I would just like to say here Please guys dont trust any "closed source" encryption programs as you can not varify they are secure. Stick to open source- for example i will be staying away from Drivecrypt products because itrs closed BUT also the guy pleaded with a reporter that "on my childs and familys life i swear there are no backdoors" That sounds a little -"You will put a backdoor in your software or bad things might happen to you and your family"- Men in black type of reson to come out with a statement like that. Im nto too paranoid about it because i dont use it, but it has to make you think . . .
     
Loading...
Thread Status:
Not open for further replies.