Best methodology to encrypt an internal hard drive?

[geepondy63]

I'm exploring the best way to encrypt an internal secondary hard drive used for data storage. I want it to require a password for usage each time the computer is booted up (Windows 7 home user). My first thought was True Crypt of which I had used in the past but I have a couple of concerns. One, it's no longer being supported, correct? Two, I've only used it for small size folders. If I encrypt the whole or or nearly whole drive (say a partition folder greater than 1 T), will take a long time to decrypt each time I need to do so?

I use the WD Drive locker utility for my external drive which seems to do the job but don't read about any usage for internal hard drives. Likewise I read Windows has it's on bit locker program but is only available in the more advanced Windowws 7 OS.

On another note, I have a 5 plus year old AMD2 motherboard. Better safe than sorry and stick with a 2 terabyte drive or do you think it will access a 3 terabyte. I read issues about older motherboards not able to access drives larger than 2 T.

Thanks for any thoughts, suggestions.

 

[dave_the_nerd]

Self-Encrypting Drives

http://www.computerweekly.com/featu...kept-secret-in-hard-drive-encryption-security

Mostly higher-end business hard drives and SSDs have this, but if it's important to you, that's the way to go.

Your motherboard manual should indicate what the maximum supported HDD size is.

 

[Jovec]

I would feel confident about using Truecrypt. The prevailing theory is that TC got hit with a NSL, which prevents them from even discussing what's happening. That, or they simply wanted to drop the project.

Whole disk encryption will have little noticeable impact on performance if your CPU supports AES hardware instructions and you encrypt with AES. Decryption happens on-the-fly (on access) and not the entire disk at once.

The important part is understanding the limits. Truecrypt, Bitlocker, luks, SEDrives, etc. will offer protection against someone viewing your files if your drive gets stolen at the airport or similar, even if those programs have government back doors or non-critical bugs. Critical bugs are another story - example, maybe ten years back SSL was only generating 1024 possible keys, which could be brute-forced in less than a minute.

If you are worried about legitimate corporate espionage, then best talk with your IT dept. and follow company policy. It's not inconceivable that a competing corp would look to a virus, key logger, green pill, or evil maid type attack if the potential gain was big enough.

Regarding Uncle Sam, even if the gov't could hack, brute force, back door, or torture the passphrase out of you, they might not want to reveal their capabilities depending on the potential payoff. The NSA isn't going to help your local PD crack your TC drive to stop your small-time pot business.

Finally, disk encryption is only one part of the security equation. It does little good to encrypt your disk then email your company's plans for their portable fusion reactor over open Wifi at the coffee shop. Or leave your computer turned on (and thus disk decrypted) while you take your lunch.

 

[geepondy63]

No, for personal use only, not work related. My friend's laptop was stolen and that got me thinking I have a bunch of files I'd rather other people not see should I have a break in and my PC got stolen.

My motherboard is a Gigabyte GA-MA69GM-S2H with I believe a SB600 controller that handles up to four SATA devices (3.0 speed, not newer 6.0) and although the manual talks about all kinds of things such as RAID configuration, I can't find any reference to a maximum hard drive size.

 

[ArisVer]

The 2TB limit is when you use MBR disk. If you convert them to GPT there shouldn't be a problem. Then again some mainboards may have other limits.

 

[geepondy63]

So if one is not using it as a boot drive, does the size matter then?

The 2TB limit is when you use MBR disk. If you convert them to GPT there shouldn't be a problem. Then again some mainboards may have other limits.

 

[ArisVer]

I don't think so but I'd like someone to verify that.

All my disks are GPT apart from my OS and I am using legacy BIOS on an eight year old system (sig).