Is it recommended to encrypt your hard drive?

[ManBearPig]

If so, what drawbacks are there and why would you do it? I read an article in CPU magazine and it seems like hard drive encryption is set to become more widely used and quicker (or something lol).

 

[lamedude]

Portables with sensitive info that can be easily stolen, yeah. Your porn stash, not so much.

 

[Mr. Pedantic]

It's getting quicker and therefore more practical because of hardware support for AES-NI in Intel's processors, which make on the fly encryption and decryption more practical. If you have financially or emotionally sensitive data that you don't want others to see, then go for it. Otherwise, I wouldn't really bother. Though if you're scared about your wife or kids seeing your porn...

 

[Modelworks]

do it if you need to because of work related or very personal data you have to worry about but don't for general stuff like family photos unless you have good backups. Encrypted drives can be very hard to recover from should they fail.

Example , I have a laptop I use for sensitive data that has a TPM chip for encryption and the drive is also encrypted by the laptops hardware. You can't even turn it on without using the fingerprint reader to identify the user.

 

[DesiPower]

My work LT, Lenovo T500 is encrypted, I don't fell in performance difference, I am quiet happy with it!

 

[lord_emperor]

The drawback is that if you are prone to losing your password the data is basically unrecoverable.

I would encrypt my laptop (if I owned one), but I would not bother with a desktop or other device that stays in my home.

 

[piasabird]

What did I do with my encryption password?

What Now?

 

[corkyg]

It really depends on your exposure. What are you protecting, and who are you protecting it from? In most cases it makes no sense - just adds a layer that can become an obstacle in the event of a drive failure.

 

[Athadeus]

Just a quick question that's fairly on topic:

Is the Windows EFS in XP, Vista, or 7 simple to break? I haven't used it before, but my friend was trying to argue that you could just crack the Windows password easy and that would grant access to the EFS encrypted files. I didn't believe EFS would exist if it was that simple, but I believe cracking Windows passwords is still simple and it does kind of make sense that you'd have access then...

 

[Mr. Pedantic]

What did I do with my encryption password?

What Now?

Instead of a password or phrase you can use a file as your password. Of course, you still have to remember what it is, and it always has to be present when you access the encrypted drive, so it's less useful for portable hard drives or flash drives.

 

[mfenn]

Just a quick question that's fairly on topic:

Is the Windows EFS in XP, Vista, or 7 simple to break? I haven't used it before, but my friend was trying to argue that you could just crack the Windows password easy and that would grant access to the EFS encrypted files. I didn't believe EFS would exist if it was that simple, but I believe cracking Windows passwords is still simple and it does kind of make sense that you'd have access then...

Well, there's really two different things at play here.

The first one is that it is really quite trivial to gain access to a Windows account by resetting the password with one of several offline utilities. However, these do not (to my knowledge) update the proper security credentials to be able to maintain access to EFS protected files.

The second is that actually cracking a Windows password (and thus not needing to reset it at all) is quite simple algorithmically. However, one would need access to a large amount of computing power or the assurance that the password was quite weak in order to crack it in any reasonable length of time.

 

[biostud]

If you don't need it, don't use it. If anything goes wrong I would guess that data recovery would be a pain in the a**, but if you really have the need for encryption, then my guess would be that you also have some kind of way to get your data back if anything goes wrong.

 

[Athadeus]

Well, there's really two different things at play here.

The first one is that it is really quite trivial to gain access to a Windows account by resetting the password with one of several offline utilities. However, these do not (to my knowledge) update the proper security credentials to be able to maintain access to EFS protected files.

The second is that actually cracking a Windows password (and thus not needing to reset it at all) is quite simple algorithmically. However, one would need access to a large amount of computing power or the assurance that the password was quite weak in order to crack it in any reasonable length of time.

Yeah, I know you can reset passwords from other Admin accounts or using free software off the internet without being able to log in at all, but I'm sure that would just cause the data to be inaccessible. I have a friend that does IT security in the military that says he can crack any Windows password relatively quickly without any supercomputing equipment.

What is a good way to encrypt backups? I think if you try to use EFS on an external backup, it only works on the one computer and one account it was setup on. Too bad there is not a company which makes this stuff easier for consumers.

 

[mfenn]

Yeah, I know you can reset passwords from other Admin accounts or using free software off the internet without being able to log in at all, but I'm sure that would just cause the data to be inaccessible. I have a friend that does IT security in the military that says he can crack any Windows password relatively quickly without any supercomputing equipment.

What is a good way to encrypt backups? I think if you try to use EFS on an external backup, it only works on the one computer and one account it was setup on. Too bad there is not a company which makes this stuff easier for consumers.

Well, I'm sure that the DoD has access to all sorts of nice backdoors that us mere mortals don't get to play with. To encrypt your backups, you'll need to use backup software which supports encrypting and decrypting its archives. Macrium Reflect is one example.

 

[bryanl]

What did I do with my encryption password?

It's the same as the 21-digit code the new Acting Manager assigned to you for the office copier machine.

 

[Athadeus]

Well, I'm sure that the DoD has access to all sorts of nice backdoors that us mere mortals don't get to play with. To encrypt your backups, you'll need to use backup software which supports encrypting and decrypting its archives. Macrium Reflect is one example.

I've used WinRAR with passwords before, but I'm not sure whether that encrypts or not.

I just did some checking and it looks like WinRAR used to use 128-bit DES and now uses 128-bit AES. That other software looks good too though, I'll have to compare.

 

[Mark R]

Just a quick question that's fairly on topic:

Is the Windows EFS in XP, Vista, or 7 simple to break? I haven't used it before, but my friend was trying to argue that you could just crack the Windows password easy and that would grant access to the EFS encrypted files. I didn't believe EFS would exist if it was that simple, but I believe cracking Windows passwords is still simple and it does kind of make sense that you'd have access then...

If you can guess the windows password, then you will get in. Win XP stores passwords insecurely, and it is possible for cracking software to find weak passwords in a few hours-days.

Vista/7 are very, very difficult to guess passwords for, as long as you use decent passwords. There are password cracking tools available, but they need HUGE databases and tons of RAM (134 GB for basic 8 character password cracking).

Using a hacking tool to change/reset the Windows logon password (or using the windows admin login to reset the password) won't help either . The EFS encryption is tied to the logon password, but via a different system. Simply resetting the logon password won't reset the EFS password. You will be able to login, but access to EFS encrypted data will still be denied.