Encryption question

[ATLien247]

If someone were to encrypt the contents of their hard drive using a software-based encryption tool, would any unencrypted information be retrievable from the slack space?

I'm thinking that there would be, since there is a good chance that some of the resources used to encrypt would entail using virtual memory.

Any thoughts? And if so, can you point me to your source(s)?

 

[Bassyhead]

Edit: I suppose I misunderstood your question. I would think any good encryption tool would take care to make sure that no unencrypted data would be left behind except for the source data.

 

[Matthias99]

Originally posted by: ATLien247
If someone were to encrypt the contents of their hard drive using a software-based encryption tool, would any unencrypted information be retrievable from the slack space?

I'm thinking that there would be, since there is a good chance that some of the resources used to encrypt would entail using virtual memory.

Any thoughts? And if so, can you point me to your source(s)?

Define "slack space".

Normally, when you "encrypt" a file, the same disk blocks are overwritten with the encrypted data. If you do some sort of encryption/compression combination (so maybe the encrypted file is smaller than the original one), you need to make sure to zero out the disk blocks that used to be occupied by the plaintext but are no longer needed.

When working with encrypted files, care must be taken that the data and/or encryption keys are never be written to disk in the clear, including as part of the virtual memory (unless you can be sure that the virtual memory is securely wiped before the system shuts down, but even then a hard crash could leave unencrypted data on the disk).

Competent encryption implementations should lock any sensitive data into physical RAM so that it will not be paged out to disk.

 

[ATLien247]

By "slack space" I mean the unused portion of a disk block...

 

[Matthias99]

Originally posted by: ATLien247
By "slack space" I mean the unused portion of a disk block...

If you just take all your files and encrypt them, they normally will take up the same amount of space (or possibly a bit more) than they used to, and the process will overwrite all the blocks that were originally part of the unencrypted file. If a file only occupied part of a block to begin with, the encrypted version would write over the same bits (or it might pad the file out to fill the whole block).

Now, if you have an unencrypted file, then you make an encrypted copy of it, then delete the original, the unencrypted data is probably sitting somewhere on your drive, just not as part of the filesystem. But that's a different scenario than the one you described.