There are those who advocate encrypting my hard drive (HD) using BitLocker. I would GREATLY appreciate any & all comments about that idea. Also, I have some specific questions about this topic. Those questions may well be silly ones, because I have near-zero background on this aspect of computer security. Q-1 If I encrypt my HD, I would have to decrypt it in order to do any work on my computer, right? Q-2 Bitlocker evidently encrypts with either 128 bit or 256 bit encryption. Many folks advocate 256 bit. Good grief!!! Would anyone actually want to get into my computer's knickers sufficiently to crack 128 bit encryption? Q-3 Seems to me that someone who wants to access my HD would first have to get past my security (G-Data AV, VoodooShield, SpyShelter), right? If correct, isn't HD encryption by a home user a bit paranoid? Q-4 Further pursuing Q-3 above --- Some of the folks who advocate HD encryption say it's needed so as to increase protection against identity theft. However, identity theft is mostly the work of scam artists who harvest personal information that is readily available on the internet, right? Thus, for someone to access my HD by breaking through my computer's security wall, that would take much more computer expertise than the average scam artist possesses, right? Q-5 Bottom Line, isn't HD encryption a tool mainly needed by outfits such as banks, insurance companies, medical services, etc -- instead of home computer users?
Q-1 If I encrypt my HD, I would have to decrypt it in order to do any work on my computer, right? If your hardware uses TPM v1.2 or 2.0, then decryption will happen automatically when you log in, and re-encrypt when you log out. Q-2 Bitlocker evidently encrypts with either 128 bit or 256 bit encryption. Many folks advocate 256 bit. Good grief!!! Would anyone actually want to get into my computer's knickers sufficiently to crack 128 bit encryption? Default is apparently 128 bit. Q-3 Seems to me that someone who wants to access my HD would first have to get past my security (G-Data AV, VoodooShield, SpyShelter), right? If correct, isn't HD encryption by a home user a bit paranoid? The main benefit of full drive encryption is that if someone gains physical access to your hardware, especially by theft, they will not simply be able to plug in your hdd and see its contents, because the key is store inside the TPM chip. If you have nothing to keep secret, then you probably don't need it, otherwise...Now if someone gets past your security measures while you are using your device, then they could see your hdd's contents, because when you are logged in and using your device, the drive is in an unencrypted state. Q-4 Further pursuing Q-3 above --- Some of the folks who advocate HD encryption say it's needed so as to increase protection against identity theft. However, identity theft is mostly the work of scam artists who harvest personal information that is readily available on the internet, right? Thus, for someone to access my HD by breaking through my computer's security wall, that would take much more computer expertise than the average scam artist possesses, right? Again, full drive encryption's real benefit is to hide the hdd's content if someone gains physical access to your device, typically by theft or maybe a nefarious member in your household. Q-5 Bottom Line, isn't HD encryption a tool mainly needed by outfits such as banks, insurance companies, medical services, etc -- instead of home computer users? Typically yes. However, it depends on what the home user has on their drive. The question they would have to ask of themselves: "do I care if someone, perhaps law enforcement or government, could see what's on my hdd if they gain physical access to it?" Finally, if you do use full drive encryption, make sure you keep a copy of your Recovery key in a safe and secret place. Probelms with encryption can be: 1. If you use a dual-boot configuration such as Windows and Linux, Bitlocker can you fits under certain circumstances, requiring you to input the lengthy Recovery key. I know because I've been there many times. 2. Imaging your HDD could require you to Suspend Bitlocker first, unless the imaging program does this for you, such as Macrium Reflect.
@wat0114 -- Great answer! Very informative and to the point. I learned a lot from what you wrote. I have decided not to encrypt. There are no nefarious members in my family -- evidently the nefarious sperm swimmers never won the race to the ovum, thank goodness. May God richly bless & prosper thee & thine, bellgamin
Yes thanks for the info @wat0114, from me too. I also never really understood how disk encryption of PC's worked, but I decided not to do it either, too much hassle. And I'm not that worried about my data in case my PC gets stolen, although it would be a major bummer of course. BTW, from what I understood, smartphones do automatically encrypt your data, I assume because their SSD's are much smaller it's not a problem to quickly decrypt them during login.
@Rasheed187 For my Xiaomi phone there was an separate option to encrypt the phone. It had to be activated by me it wasn't on by default so if you care about data encryption better always check your phone options.
If you guys have an extra hdd or even partition your one drive, you could encrypt one or more of those partitions for storing your more sensitive data on them. You would just need to enter the passphrase when opening the partition, and then you could "re-lock" it with a simple batch file such as for example what I use for two of my encrypted data storage partitions: Code: @echo off manage-bde -lock D: manage-bde -lock E: Of course my Windows system drive utilizes the TPM chip for "on-the-fly" un-encryption and re-encryption when logging on and off, so no passphrase entry is needed.
OK weird, didn't know about this. I thought I read somewhere that on the newer Android versions this is done automatically. But I haven't got a clue if it's disabled by default.
