Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDD Encryption


  • Please log in to reply
15 replies to this topic

#1 Night Train

Night Train

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 January 2015 - 12:23 PM

I'd like to encrypt my HDD, both internally and for my backup. I figured if I can encrypt my HDD, then the backup won't need to be encrypted. So what do you guys suggest for HDD encryption, I've heard Truecrypt is alright, but I haven't done much research on the topic myself. If I do encrypt my internal HDD, is there a point to encrypting the backup itself?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 19 January 2015 - 12:52 PM

Well, from what I know right now, TrueCrypt 7.1a is the latest known secure version of TrueCrypt, since the project was discontinued. The first report of the security audit declared that version safe to use, but we'll only really know once we get the second report. For more information, you can take a look at the audit's website here:

 

http://istruecryptauditedyet.com/

 

May I ask you which version and edition of Windows you have? If you have Windows 7 Ultimate/Entreprise, or Windows 8/8.1 Professional or Entreprise, you have access to Windows in-built BitLocker to encrypt your HDD and it's content. See the article here:
 

http://windows.microsoft.com/en-us/windows-vista/bitlocker-drive-encryption-overview

 

Otherwise, there's other alternatives to TrueCrypt and BitLocker, such as DiskCryptor and VeraCrypt. However, you should take a look at their requirement to make sure that they support your version of Windows. 

 

As for your last question, it really depends. Is the back-up "online" or "offline"? It also depends if you bring it with you often or not. If there's a chance that this back-up drive might get stolen, I would encrypt it as well, just in case.


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Night Train

Night Train
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 January 2015 - 01:07 PM

Well, from what I know right now, TrueCrypt 7.1a is the latest known secure version of TrueCrypt, since the project was discontinued. The first report of the security audit declared that version safe to use, but we'll only really know once we get the second report. For more information, you can take a look at the audit's website here:

 

http://istruecryptauditedyet.com/

 

May I ask you which version and edition of Windows you have? If you have Windows 7 Ultimate/Entreprise, or Windows 8/8.1 Professional or Entreprise, you have access to Windows in-built BitLocker to encrypt your HDD and it's content. See the article here:
 

http://windows.microsoft.com/en-us/windows-vista/bitlocker-drive-encryption-overview

 

Otherwise, there's other alternatives to TrueCrypt and BitLocker, such as DiskCryptor and VeraCrypt. However, you should take a look at their requirement to make sure that they support your version of Windows. 

 

As for your last question, it really depends. Is the back-up "online" or "offline"? It also depends if you bring it with you often or not. If there's a chance that this back-up drive might get stolen, I would encrypt it as well, just in case.

 

Windows 8.1 Pro, I don't have a problem using BitLocker as long as I can assume it isn't backdoored. As for the backup, it is not online, and I usually don't move it much. I think it would be safe to assume if the backup is stolen, the iternal could be stolen simultaneously.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 19 January 2015 - 01:12 PM

It would be more safe to assume that the back-up would be stolen before the internal HDD, as an external HDD is easier to grab and run than an internal HDD or the laptop/computer in which it's installed :P I don't know what is BleepingComputer's position on BitLocker being backdoored, but I would wait for one of their expert to tell you more about it. Personally, I used BitLocker on my Windows 8.1 Professional in the past, and changed the settings/local GPOs so it works like I wanted it to work and it did the job just fine. I uninstalled it since there was an issue where sometimes, I wouldn't load the desktop which was on the D: drive that was encrypted. Reason being that the D: drive wouldn't unlock fast enough for the C: drive to access it and request the desktop files. I could have prevented it by enabling the boot-time password, but I didn't feel like it as I didn't wanted to write two passwords back to back (lazyness). 


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 19 January 2015 - 02:09 PM

How do you plan to make your backups?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Night Train

Night Train
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 January 2015 - 02:36 PM

How do you plan to make your backups?

Presently I'm using Acronis, but I'm open to suggestions.



#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 19 January 2015 - 02:45 PM

OK, then you will have to encrypt your backup. Because Acronis True Image reads the decrypted harddisk, thus the backup file is not encrypted.

But that's easy to fix, Acronis gives you the option to encrypt your backup with a password.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Night Train

Night Train
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 January 2015 - 03:00 PM

Yes I noticed that, however when I went to create a backup using a password protected encryption, I could never get the backup to actually run. I suppose I could try reinstalling Acronis for now.



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 19 January 2015 - 03:07 PM

I've used Acronis True Image and TrueCrypt together.

 

You are running Acronis from Windows? And not from the rescue CD?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Night Train

Night Train
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 19 January 2015 - 03:18 PM

From Windows, yes.



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 19 January 2015 - 03:32 PM

I've done this too, with a password. And later I was able to recover files. Don't know why it would fail for you.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:26 PM

Posted 20 January 2015 - 06:53 PM

xkcd-security.png
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#13 tairoylance112

tairoylance112

  • Banned
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 21 January 2015 - 05:47 AM

Otherwise, there's other alternatives to TrueCrypt and BitLocker, such as DiskCryptor and VeraCrypt. However, you should take a look at their requirement to make sure that they support your version of Windows.



#14 tairoylance112

tairoylance112

  • Banned
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 21 January 2015 - 05:49 AM

I've heard Truecrypt is alright, but I haven't done much research on the topic myself. If I do encrypt my internal HDD, is there a point to encrypting the backup itself?



#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 21 January 2015 - 06:49 AM

I've heard Truecrypt is alright, but I haven't done much research on the topic myself. If I do encrypt my internal HDD, is there a point to encrypting the backup itself?


Yes, we discussed this, take a look above.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users