AusGamers Forums
Show: per page
1
Full disk encryption experiences
natslovR
Sydney, New South Wales
7906 posts
Is anybody using full disk encryption at home on their main pcs and servers? If so, what do you recommend and why?

There seems to be lots to choose from, so I'm looking for your experience if you are on Windows.

I'm leaning towards TrueCrypt, but I'm happy to be directed to something else, and would consider reasonably priced for home use commercial products.

I'm biased against Bitlocker but if enough sing its praises I'd consider it.
02:07pm 25/08/12 Permalink
system
Internet
--
02:07pm 25/08/12 Permalink
hardware
Brisbane, Queensland
10324 posts
drive encryption is good if necessary, but remember the performace overhead and the extra layer of difficulty if things go wrong
02:13pm 25/08/12 Permalink
thermite
Brisbane, Queensland
10105 posts
I used true crypt on a partition in windows 7.
Basically you start truecrypt mount the partition and type in your password and then a new drive shows up.
02:34pm 25/08/12 Permalink
parabol
Brisbane, Queensland
7210 posts
Is anybody using full disk encryption at home on their main pcs and servers? If so, what do you recommend and why?

I use Truecrypt for FDE on my laptop with Win7 x64. I started off with a mechanical drive and then moved to an SSD. Flawless on both. Also passes TRIM commands, so for an SSD the performance won't degrade as you fill the drive.

Just make sure that:

a) your CPU supports hardware AES so that there is almost no performance hit from the processor

b) if using an SSD, stay away from Sandforce (Intel, OCZ, Corsair use them) as those drives use compression for their performance. If you encrypt a Sandforce drive, the compressibility approaches zero and you'll get an insane penalty in performance. I went a Crucial drive as they don't use compression. Samsung may be similar but it's worth researching first.

i7-2670qm with Crucial M4 256GB before truecrypt:

http://users.on.net/~deadsimple/images/sa.png

After Truecrypt system-disk encryption enabled. Still awesome performance (apart from the "4K QD32 scenario" which is rare in real-life):

http://users.on.net/~deadsimple/images/sb.png

last edited by parabol at 15:54:15 25/Aug/12
03:49pm 25/08/12 Permalink
parabol
Brisbane, Queensland
7211 posts
I used true crypt on a partition in windows 7.
Basically you start truecrypt mount the partition and type in your password and then a new drive shows up.

Regular Truecrypt encryption within Windows is not relevant to full-disk encryption sorry. FDE is very low level and asks for a password at a DOS-style login prior to Windows being loaded, and serves up unencrypted sectors. Very different to regular volume/container encryption.
drive encryption is good if necessary, but remember the performace overhead and the extra layer of difficulty if things go wrong

As I've hinted, with hardware AES (any modern CPU from the last year or two) on a non-compressing SSD .. I'd be surprised if anyone could tell the real-world performance difference between FDE on or off. Also as with any drive, you should be running regular backups if the data is valuable to you - incremental style backups recommended.

Also .. don't buy into the "AES 256bit encryption" that current SSDs are claiming to support internally. They are implemented so poorly (e.g. max 8 letters for password, or master key PRINTED ON THE HARD-DRIVE'S STICKER that can bypass your password) that there are boot ISOs out there that can crack some HDD passwords very easily. Truecrypt/Bitlocker style encryption is much more secure in comparison.

last edited by parabol at 15:56:38 25/Aug/12
03:51pm 25/08/12 Permalink
Whoop
Brisbane, Queensland
20482 posts
unless you're into some seriously illegal s***, why would you even bother on a home computer? I couldn't even imagine myself encrypting my computer if I used it for work purposes, just back s*** up remotely in case of theft.
03:59pm 25/08/12 Permalink
Jim
UK
13056 posts
wow, even in this age of information people still ask questions like this? ^^
04:28pm 25/08/12 Permalink
Dazhel
Gold Coast, Queensland
5173 posts
why would you even bother on a home computer?

Identity theft is a big reason.
If someone steals your computer the data on it in the right hands could be worth orders of magnitude more than the hardware itself.

OP: Many moons ago I used to work for a mob that sold a commercial full disk encryption product. These days I wouldn't bother buying anything, TrueCrypt is really quite good.
04:32pm 25/08/12 Permalink
Jerry
Queensland
4212 posts
ive considered it but effort > amount willing to put in.. like with most things

it's like when I used virtual machines for internet banking.. that lasted a couple of weeks

Doesnt windows 7 ultimate have bitlocker available for full o/s disk encryption? assuming that since it comes with the o/s the setup is easy and performs okay

the only thing I encrypt is portable drives.. in case my bag goes missing while travelling there is probably enough info to rip off my ID. I normally leave a message in root saying I will purchase the same drive/usb stick for anyone who returns them to encourage even thieves to give them back
04:38pm 25/08/12 Permalink
parabol
Brisbane, Queensland
7212 posts
why would you even bother on a home computer?

Not sure about you, but on my home PC I store:

* Personal photos and videos
* Personal, financial and identity documents and scans thereof.
* Logged in passwords/sessions of browser and other software
* Serial numbers and keys of installed software

As mentioned, the identity theft part is a big deal. Also you'd be scrambling to change all of your passwords, assuming you can remember every single site you'd logged into ...
I couldn't even imagine myself encrypting my computer if I used it for work purposes, just back s*** up remotely in case of theft.

On my laptop that I take into work I have a heap of the company's IP and correspondence on there. Definitely would not want that accessible if someone steals my laptop. This is completely unrelated to backups, that you should be doing anyway in parallel anyway (in my case my backups are encrypted automatically by Macrium Reflect - adding another layer of protection).

I understand some people might not care about their photos leaking online, but I thought the other aspects (especially identity/financial documents) were really obvious stuff?
it's like when I used virtual machines for internet banking.. that lasted a couple of weeks

Not sure why you'd use a VM for net-banking? That shows more of a misunderstanding of what you're doing and why ...
Doesnt windows 7 ultimate have bitlocker available for full o/s disk encryption?

Comes with Win7 Ultimate which is the most expensive. Most laptops/computers have Win7 Home and the majority of the remainder probably have the Professional version installed.
the only thing I encrypt is portable drives.. i

That's very good practice. I'm surprised by the number of people storing really critical and potentially compromising stuff on a usb stick or hdd without a care in the world if someone yanks it.

last edited by parabol at 16:52:12 25/Aug/12
04:46pm 25/08/12 Permalink
poiuty
Sydney, New South Wales
237 posts
Years ago I trialled Credant which was pretty poor, had a few unrecoverable systems from it and support was not very helpful. Went to TrueCrypt instead, and I've used this on a number of systems for years without problems. And as parabol said performance is not an issue, I've put it on systems where the primary task is to play games and the end users don't notice (except that they need to type a password in to boot up). I don't know what the support is like though, but that is only because I have never needed to use it.
04:53pm 25/08/12 Permalink
dranged
Melbourne, Victoria
2037 posts
I use TrueCrypt, but thank you parabol for that very informative post, will check out in due course!
06:10pm 25/08/12 Permalink
stinky
USA
3726 posts
My laptop running Fedora 17 is fully encrypted. Was dead easy, just a matter of checking a few boxes during the linux install.

I haven't noticed any real performance degradation ( although it is an SSD which probably helps ).
05:52am 26/08/12 Permalink
natslovR
Sydney, New South Wales
7912 posts
Just a follow on, there's an article around today doing a cost analysis of FDE for businesses, Calculating the Cost of Full Disk Encryption. From the /. post:
After doing all of the math, Ponemon found that the cost of FDE on laptop and desktop computers in the U.S. per year was $235, while the cost savings from reduced data breach exposure was $4,650.
09:23pm 03/09/12 Permalink
parabol
Brisbane, Queensland
7222 posts
there's an article around today doing a cost analysis of FDE for businesses

A company that sells an FDE product sponsors a study that finds FDE is useful.

News at 11 :)
10:37pm 03/09/12 Permalink
natslovR
Sydney, New South Wales
8024 posts
I went with TrueCrypt.

Doing the system drive was too easy, the issue I had was with a new 3TB drive.

To encrypt the drive there has to be no partitions on the drive. When you make a drive GPT it automatically creates a tiny partition at the start (127MB), so you can't then use TC full disk encryption with it, you have to go with the file option.

You can fully encrypt an MBR disk, but MBR only goes to 2TB, you end up wtih an MBR partition that's 2 TB and 700MB unpartitioned.
05:06pm 17/11/12 Permalink
system
Internet
--
05:06pm 17/11/12 Permalink
AusGamers Forums
Show: per page
1
This thread is archived and cannot be replied to.
 

Advertise with Us | Download Media Kit | Privacy Policy | Contact Us
© Copyright 2001-2014 AusGamers™ Pty Ltd. ACN 093 772 242.
A Mammoth Media web development / Australian VPS Hosting by Mammoth Networks