RoboMan

Level 32
Verified
Content Creator
Malware Tester
Hello everybody. I want to encrypt my whole drive, so in case anybody wants to access my information by, for example, removing my drive and connecting it somewhere else, they cannot.

My question is: which software do you recommend to do this?

My first obvious choice was: VeraCrypt, the true descendant of TrueCrypt and software I use daily for encrypting virtual drives to secure my sensitive data. Now, I tried this software, and despite it works, my booting is painfully slow (no encryption, 5 seconds, encryption, 90 seconds)

So I'm considering BitLocker since it's built in, but now again: is it really secure? There have been leaks that Microsoft has no worries in working along NSA and similar to unlock your data.

I beg you avoid comments such as "if you have nothing to hide you shouldn't worry about NSA". Of course I'm clean but that doesn't mean I wanna give up my information. If NSA can do it, cybercriminals can too, and as far as it goes, NSA tools have been leaked in the past, and huge mess was made. So you get my point.

Recommendations?
 

security123

Level 27
Verified
My question is: which software do you recommend to do this?
Bitlocker with TPM.

So I'm considering BitLocker since it's built in, but now again: is it really secure?
Yes.

Encryption protect against locally attacks and NSA has nothing to do with local attacks.

Recommendations?
Bitlocker, but harden the cipher settings in Group Policy before encryption as default isn't maximum possible.
 

brigantes

Level 1
Hello everybody. I want to encrypt my whole drive, so in case anybody wants to access my information by, for example, removing my drive and connecting it somewhere else, they cannot.

My question is: which software do you recommend to do this?

My first obvious choice was: VeraCrypt, the true descendant of TrueCrypt and software I use daily for encrypting virtual drives to secure my sensitive data. Now, I tried this software, and despite it works, my booting is painfully slow (no encryption, 5 seconds, encryption, 90 seconds)

So I'm considering BitLocker since it's built in, but now again: is it really secure? There have been leaks that Microsoft has no worries in working along NSA and similar to unlock your data.

I beg you avoid comments such as "if you have nothing to hide you shouldn't worry about NSA". Of course I'm clean but that doesn't mean I wanna give up my information. If NSA can do it, cybercriminals can too, and as far as it goes, NSA tools have been leaked in the past, and huge mess was made. So you get my point.

Recommendations?

"The truth of the matter is that if you encrypt your entire C drive using BitLocker or a third party utility, it's going to slow your system down quite a bit. The reason for this is because every single file written to the drive must be encrypted, and then decrypted when read - including your operating system files."

If you are using HDD the slowdown will be compounded.
 

blackice

Level 28
Verified
"The truth of the matter is that if you encrypt your entire C drive using BitLocker or a third party utility, it's going to slow your system down quite a bit. The reason for this is because every single file written to the drive must be encrypted, and then decrypted when read - including your operating system files."

If you are using HDD the slowdown will be compounded.
You really don't like HDD do you?
 

brigantes

Level 1
nowadays hardware has AES support so the encryption isn't noticeable :)

If you have SSD from certain manufacturers, and set BitLocker to AES, then the SSD firmware will not even encrypt the drive. AES has been proven time-and-again to pose problems of non-encryption because the hardware manufacturers keep making mistakes. Researchers have been reporting this for years.

The only way to prevent this is to use software encryption, which will result in slowdowns.


You really don't like HDD do you?

I own 32 HDDs. So I hardly dislike them. I am just a realist about about the technology and its limitations. In matters of speed and diminished speeds the type of drive being used is usually the most central issue. Everything on an HDD is going to be very noticeably slower to the extent in some cases system boot might take up to 5 minutes or longer.
 

Azmawee

New Member
Full disk encryption will slowdown your machine no matter what, and it's vary between solutions. Another workaround is to create a VHDx image (virtual harddisk) and encrypt that image using Bitlocker (Veracrypt had this feature without using VHDx). This will create a new drive or you can mount that VHDx to any folder anywhere in C: drive. Then put all of your sensitive data inside the drive. Yeah, not a total full disk encryption, but its still encrypted and you can easily move the VHDx image around anywhere you want.