Encryption suggestions needed

My situation:

I have a desktop PC (XP SP2) with two internal hard drives. On the secondary HD I have one partition encrypted with TrueCrypt 4.3. Now I am in the need of full disk encryption (or should I say full system encryption since there are two disks inside).


I have several dilemmas:


1. What software to use? First, I was thinking of TrueCrypt but SteveTX said:

I heard there are some restrictions on encryption software exportation for US software. Since I live outside the US can I buy a fully functioning PGP WDE without any limitations?

So, Steve (and others), should I go for PGP or TC?


2. Can I keep my existing sensitive partition encrypted with TC 4.3 or do I have to decrypt/reencrypt it with the new software I choose for FDE (TC 6.x or PGP).

For example: I install TC 6.x and encrypt the whole system with it. Once I boot in the newly encrypted system I then run the old version of TC (installed elsewhere on the HD, not in the Program Files) and decrypt that previously encrypted partition.

Can I do the same if I decide to go with PGP (PGP system encryption and TC partition encryption within it)?


3. What about the other two (unencrypted) partitions I have on my secondary internal harddrive? Even if I have my system encrypted someone could still take away my secondary HD and boot in it from another system. Should I encrypt it partition-by-partition to avoid the possibility of reading my data from outside of my system?


4. I plan to add another (external) HD for backup purposes. What is the best practice for backing up an encrypted system?


5. I heard there are issues that newer versions of TC have with mp3 keyfiles used by older versions of TC. Simply change the keyfiles or is there another solution?


I know, I have so many questions here, but since there are so many experts and competent people who are willing to help on this board, I am sure I'll get valuable feedback and useful info. Steve, KookyMan, Gerard and others, please let me know what you think.

Thanks in advance!

 

1- I think you should go for Truecrypt because you just want WDE, Truecrypt is free and does that pretty well.

If you decide to buy PGP WDE you should not have any obstacle with US law regarding crypto exports, the list of affected countries is very small and posted on their site. Typical suspects: Iran,North Corea,Cuba...

2- If you decrypt your data and then encrypt it again it could be recovered by using specialist forensic software to undelete from the encrypted hard disk and show what was underneath before you encrypted it.

You would have to back up the data, reformat the disk and then encrypt again, I would not use the decrypt option.

TC6 is compatible with older versions ie TC4.3, the latest TC sofware should work perfectly to open encrypted partitions.

 

you may also want to consider other options to, like some kind of BOOT software, Use Active killdisk, Acronis drive cleanser, or Darik's Boot And Nuke, before reformatting the disk and so on, this will ensure all of your hidden data (that still resides after reformatting) on the drive gets destroyed and makes it impossible to recover using Hardware Recovery Tools.

 

Hello,
TrueCrypt by all means. It's free, well-tested, good reputation.
One thing about encryption is that you want to go with as publicly known and tested software as possible, not unknown, mundane, closed-source solutions. And definitely not pay huge sums of money for that.
Mrk