Full disk encryption or System Drive (OS) encryption, How stable / reliable is it?

Discussion in 'privacy technology' started by cett2, Nov 29, 2009.

Thread Status:
Not open for further replies.
  1. cett2

    cett2 Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    5
    Full disk or System Drive (OS) encryption,

    How reliable is it?



    I've been using "standard / normal" Windows XP without encryption:
    for many years now and it has been pretty reliable, in terms of data stability VS data corruption.

    Yes, it is possible your data can become corrupted but as far as my personal experience, its very rare. (Excluding hardware failures, hard drive failures)


    So I'd like to say that no encryption is pretty reliable in terms of software / data stability... (Although I'd always advise to Back Up your data regularly!)


    Now if I were to switch to full disk / system encryption (Truecrypt or PGP),
    + take good back up practices and precautions,

    How reliable would this be in terms of data corruption? Obviously the risk increases, but is it significant? (Significance, as in increases risk of data corruption by 400-1000%+++)

    Or would it be insignificant increase?


    Ex: 10 years no encryption, 1 occurrence of data corruption.
    10 years full disk encryption = 5 occurrences of data corruption? 10-20 occurrences?





    Here's a post from Blackbird (from TomsHardware), who seems knowledgeable in this area....

    "I've been using Truecrypt for about 2 years now: system encryption as described in this article (pasword at bootup), and my whole data drive encrypted with a password and keyfile.

    I chose to work with such (hardcore) security measures because our privacy gets more and more threatened in these modern technology days. I like the privacy protection it offers a lot.

    But this is not for everyone. You really have to know what you're doing:
    - Forget your pasword: you're doomed.
    - Find out your rescuedisk doesn't work in case of disk corruption: you're doomed.
    - Loose a keyfile: you're doomed.
    - Don't have a header backup, and header gets corrupted (got that once): you're doomed.

    You need the rescue iso, headers and keyfiles securily backupped TWICE to prevent data loss, at all cost. It's something you have to take very seriously, or face the possible consequences of loosing all your data forever."
     
    Last edited: Nov 29, 2009
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    Interesting that no one has an opinion about this since there are users of Truecrypt and other encryption software here. FWIW I've used disk compression in the past when hard drive space was at a premium. It seems similar to me in that you're making the data unreadable without passing it through a decompression layer. I don't remember experiencing a significant increase in data corruption in that case. I think if you take all the precautions mentioned then it's not going to be a big problem if something goes wrong. In that sense it doesn't matter whether or not encryption increases the possibility of data corruption. The only real protection against data loss is an educated user :)
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I pondered some of these thoughts, as I have a client that needs to encrypt their fleet of laptops.

    As I started looking into FDE, and asking around at some network tech forums, one bit of feedback that initially alarmed me was "from 10-40% performance hit" with software FDE. I have to setup about 25 laptops of varying age and performance..some of which are early Pentium M processors, with only 512 megs of RAM, and they're 12" ultra portables so only 4,200rpm hard drives....so they wouldn't fair well with an additional performance hit.

    I then found out that there are laptop hard drives with HARDWARE disk encryption. Basically a little daughtercard on the hard drive with the processor and RAM which does all the encryption in hardware, so there is in all practicality darn close to zero performance hit. Seagate released a few versions of hardware FDE in their Momentus line of laptop hard drives. They cost just a tad over 100 bucks.

    So I'll be ordering around 20 of those, and every new laptop I order for this client will be coming with hardware FDE SSD drives..which most vendors are offering now as an option...not only speedy SSD...but hardware FDE as an option too.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    Hardware support for FDE sounds like a great option. There is DiskCryptor though, which claims better performance with an encrypted drive Vs unencrypted (if I'm understanding it correctly). I haven't tried it so can't say, but it's hard to understand how you can add a processing layer without creating some overhead. Here's a link...

    http://diskcryptor.net/index.php/DiskCryptor_en#Performance
     
Loading...
Thread Status:
Not open for further replies.