Encryption software free

Discussion in 'privacy technology' started by GoE75, Jul 28, 2018.

  1. GoE75

    GoE75 Registered Member

    Joined:
    Jul 28, 2018
    Posts:
    6
    Location:
    Hungary
    Hello all,
    I am looking for a secure encryption software in order to encrypt my all hard disk.
    I am absolutely NOT a computer genius so to explain I need some file encryption program that asks for password immediately when I start my laptop and if the pass is wrong locks my laptop.
    Is there any reliable, strong and FREE software?

    Thank you very much
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,050
    Location:
    Slovakia
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    VeraCrypt
    Built-in Windows's Bitlocker (not open-source)
    Built-in Linux's dm-crypt
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,658
    Location:
    UK
    Are you talking Windows or what? And which version/edition? Do you want system disk encryption (seems so)?
     
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    266
    Location:
    Germany
    Those and TrueCrypt. I use BitLocker (But I changed Group Policies in order to strengthen the encryption - do that)
     
  6. GoE75

    GoE75 Registered Member

    Joined:
    Jul 28, 2018
    Posts:
    6
    Location:
    Hungary
    Yes I am talking about Windows 10 Home. And yes I would like a system disk encryption.
    In Windows 10 Home there is no bitlocker.
     
    Last edited: Jul 29, 2018
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    266
    Location:
    Germany
    Did you test Vera- and TrueCrypt?
     
  8. GoE75

    GoE75 Registered Member

    Joined:
    Jul 28, 2018
    Posts:
    6
    Location:
    Hungary
    I downloaded Vera Crypt but I read that is not really a user friendly software. Cause as I said I am not a computer genius, I am a little bit scared of do something wrong and **** my laptop
    Oh and also another question if someone removes the disk from my machine will the encryption still protecting my data?
     
    Last edited: Jul 29, 2018
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,658
    Location:
    UK
    Indeed. The problem you have is that there is no supported software other than Bitlocker which handles GPT Windows system partitions. That's one of the factors in the cessation of the development of Truecrypt, and Veracrypt doesn't support it either (it does on MBR afaik).

    So, the answer to your question is no.

    If your laptop supports TPM 2, then it ought to be possible to use "Device encryption" which I think is a form of bitlocker under the hood, and this is nominally available for W10 Home.

    Otherwise, you're looking at an upgrade to W10 Pro.

    FWIW - I have a W7 Ultimate laptop without TPM, which can support bitlocker - but I don't think FDE is viable without TPM on a laptop because you have to supply too long a passphrase every time the thing reboots. What I do instead is to use a combination of 2FA on the account login, EFS on account files, and also a Truecrypt mount to keep things like email files encrypted. EFS is also only available on W10 Pro. Anyway, that way of running it keeps personal files encrypted so that examination of the disk at rest is somewhat protected, and I do not have a swap file so that risk is minimal.
     
  10. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    I see two (in three variants) possibilities:
    1. Upgrade to Windows Pro
    2. Use Linux:
    a) as main OS
    b) inside VM hosted on Windows provided you have VT-x (or alternative extension from AMD) support in your processor. VM can be boot without VT-x but performance overhead is not worth it IMHO.
     
  11. GoE75

    GoE75 Registered Member

    Joined:
    Jul 28, 2018
    Posts:
    6
    Location:
    Hungary
    Thank you for your info. So basically you are saying that is useless to use veracrypt on my laptop with windows 10 home?
    So if I use veracrypt my disk once removed will be accessible?
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    Does passphrase needs to be that long for Bitlocker? I mean in Linux you can use custom number of pbkdf2 iterations to slow down decrypting/brute-forcing process.
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,658
    Location:
    UK
    FDE needs to be about 80-100 bits of entropy, depending on what longevity you want from all this, way longer than account entropy. I don't think pbkdf iterations gain you that many bits. While I do find a 6/7 word diceware password eminently memorable, I'd get cheesed with entering that every time, whereas I'm fine with an account password plus Yubikey HMAC secret.

    That length can be mitigated if you have TPM (TPM+Pin is sweet) with bitlocker, or you can use a Yubikey as a second-factor on LUKS these days, works well at least for Debian distros. One might also use a static password component on the Yubikey, but that's never sat comfortably with me because the secret can be invisibly stolen.

    The method of encrypting a Linux VM is sensible, in any case, I'd recommend that for most internet facing activity.

    @GoE75 - a W10 Home laptop with no TPM and GPT partition is not supported under veracrypt and I don't know the status of the project to handle GPT. It could be painful even if it worked, whereas bitlocker is well established. Would you be comfortable exploring the world of virtual machines (which can be done with free software)? Would your laptop support that way of working?
     
  14. GoE75

    GoE75 Registered Member

    Joined:
    Jul 28, 2018
    Posts:
    6
    Location:
    Hungary
    WOW. As I said I am comfortable to explore everything. But as I said I am not a genius with IT. I will post here my laptop system info. Could you please help me in check it and see about TPM and GPT and also to check if my laptop will support virtual machine? Thank you
    Windows 10 home
    System Model: Aspire ES1-532G
    System Type: x64-based PC
    System SKU: Aspire ES1-532G_1123_V1.02
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,658
    Location:
    UK
    Model doesn't have TPM, and would likely have been set with UEFI and GPT for W10 pre-installed - that can be verified from Bios/Disk manager I think.

    Has single memory slot max 8G RAM, and dual core Celeron so it's likely to be painful to run a virtual machine with it.

    Sorry not to have any better news for you, unfortunately both privacy and security are way harder than they should be.

    I think what you can reasonably do is to have an encrypted data container or USB stick that contains your valuable information, with the knowledge that that won't do everything. Veracrypt would be a reasonable choice.

    You could then keep your valuable data with you encrypted, irrespective of the laptop.
     
  16. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    Can you provide processor model? Use shortcut: Windows + Pause Break to open System Properties. There should be processor model somewhere.

    Third option that comes to my mind is reinstalling everything while changing UEFI boot to Legacy boot and creating MBR-only partition layout.
     
  17. GoE75

    GoE75 Registered Member

    Joined:
    Jul 28, 2018
    Posts:
    6
    Location:
    Hungary
    Hello and than you for your patience and help. This is the info you've asked me.

    Intel(R) Celeron(R) CPU N3160 @ 1.60GHz 1.60 GHz
     
  18. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    According to ark.intel.com this processor supports VT-x and Second Level Address Translation. It is quite slow processor, but has virtualization acceleration features.
    It also has AES New Instructions for acceleration of that specific encryption algorithm.
    Biggest limitation for VM on your laptop is probably not large amount of RAM.
    You can try some Linux in VM. For example use Virtualbox and Xubuntu. If it won't work efficient enough, just delete that VM and Virtualbox. During installation there should be option to use encryption.
     
  19. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,658
    Location:
    UK
    Oh, the other thing about VMs is that the experience is much faster on SSD. But in this instance, I think it'll be slow, and trying it is the only way to see if it's bearable.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,123
    Agreed. But I've never used a Celeron that I liked.
     
  21. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,294
    Location:
    Here, There and Everywhere
    Wanted to jump in here and make certain everyone knows that Veracrypt supports GPT/GUID/UEFI as of release 1.18a.
    Everything is handled through the VCBL and works perfectly.
     
  22. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,658
    Location:
    UK
    @LockBox - oh that's good news, to confirm, that's on a system GPT partition? Have you personal experience thereof?
     
  23. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,294
    Location:
    Here, There and Everywhere
    @deBoetie Yes, absolutely. Yes, I work with it everyday.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.