Radified Community Forums
http://radified.com/cgi-bin/yabb2/YaBB.pl
Rad Community Technical Discussion Boards (Computer Hardware + PC Software) >> PC Hardware + Software (except Cloning programs) >> On-the-fly hard drive encryption
http://radified.com/cgi-bin/yabb2/YaBB.pl?num=1242186034
Message started by Rad on May 12th, 2009 at 10:40pm

Title: On-the-fly hard drive encryption
Post by Rad on May 12th, 2009 at 10:40pm
Anybody try/use on-the-fly hard drive encryption?

I saw this:

http://filehippo.com/download_truecrypt/

Cool stuff, but I can't help but feel it's gotta come with a significant performance hit, no?

Love the names of their encryption algorithms:


Quote:
Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.


Features:


Quote:
TrueCrypt performs the following tasks:

* Creates a virtual encrypted disk within a file and mounts it as a real disk.

* Encrypts an entire partition or storage device such as USB flash drive or hard drive.

* Encrypts a partition or drive where Windows is installed (pre-boot authentication).

* Encryption is automatic, real-time (on-the-fly) and transparent.

I mean, laptop hard drives are slow enough.

What does this mean?


Quote:
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography) and hidden operating system.
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

Title: Re: On-the-fly hard drive encryption
Post by MrMagoo on May 13th, 2009 at 1:06am
True-crypt is often cited as an example of the right way to implement disk encryption.  They work very hard to implement the best encryption possible using the most peer-reviewed methods.  If you really want to make sure someone doesn't get your data, True-crypt is probably your best bet.

I haven't used it because every time I try, my computer crashes.  My particular processor/motherboard combination doesn't handle something correctly that True-crypt is trying to do.  Seems like lots of people use it with no issues tho, so I think its just me.


Rad wrote on May 12th, 2009 at 10:40pm:
Cool stuff, but I can't help but feel it's gotta come with a significant performance hit, no?

There is some performance hit.  In general, your CPU can do floating-point math far faster than your HD can read it, so the performance hit isn't as bad as you would think.  You'll notice it most on slower computers or during heavy multi-tasking.


Rad wrote on May 12th, 2009 at 10:40pm:
What does this mean?

In some countries (like the UK), you can be punished for not giving the authorities your encryption keys on request.  So, if you REALLY don't want ANYBODY to get your data, just encrypting it isn't enough.  You have to hide the fact that you even have the data. 

True-crypt attempts to do this by hiding a secret encrypted volume of data inside a non-secret volume of encrypted data.  If you are forced to turn over your encryption key, you turn over the key to the non-secret portion.  If everything works the way it should, they will never be able to prove you have the secret portion.


Rad wrote on May 12th, 2009 at 10:40pm:
Love the names of their encryption algorithms:

They didn't make them up themselves.  These are industry standard ciphers.  The NSA sponsored (open) development of AES.  Serpent was a finalist in the same design competition which AES won.  Twofish is the modern replacement for Blowfish (and also another finalist.)

Title: Re: On-the-fly hard drive encryption
Post by Rad on May 13th, 2009 at 8:27am

MrMagoo wrote on May 13th, 2009 at 1:06am:
I haven't used it because every time I try, my computer crashes.

So you *have* tried (to try) it. Shame it doesn't work for you.


MrMagoo wrote on May 13th, 2009 at 1:06am:
In some countries (like the UK), you can be punished for not giving the authorities your encryption keys on request.So, if you REALLY don't want ANYBODY to get your data, just encrypting it isn't enough.You have to hide the fact that you even have the data.

True-crypt attempts to do this by hiding a secret encrypted volume of data inside a non-secret volume of encrypted data.If you are forced to turn over your encryption key, you turn over the key to the non-secret portion.If everything works the way it should, they will never be able to prove you have the secret portion.

That is cool. Somebody has really been thinking this thru.

Wonder how imaging would work with an encrypted volume.

Title: Re: On-the-fly hard drive encryption
Post by Pleonasm on May 13th, 2009 at 11:18am
About two years ago, I tested WinMagic's SecureDoc (a full disk encryption product), and experienced about a 3% reduction in performance.  Unfortunately, I couldn’t get SecureDoc to work well with Norton Ghost (version 10?), despite the company’s claims that the products are compatible.

Today, I use PGP Desktop to create virtual encrypted volumes, and have been pleased with that approach.

Radified Community Forums » Powered by YaBB 2.4!
YaBB © 2000-2009. All Rights Reserved.