Selecting external hard drive

[Mtt]

I plan on buying an 2.5 inch external drive. I want to encrypt everything on the drive. Speed of the drive is not important.

Can someone recommend some software and storage device that met the requirement above?

Thanks

 

[Mtt]

I did some research and it seems hardware AES 256 bit is the best option available now.
Several products has this feature. The feature is rather rare.
For example,
http://www.buffalotech.com/products/portable-hard-drives/usb-30/ministation-extreme-hd-pzu3/
http://storage.toshiba.com/storagesolutions/pc-notebook/mkxx61gsyg-series

I am surprised not many manufacture offer good encryption,
Hitashi has 128 bit AES
Seagate 192 bit DES
Western digital does not mention what encryption is used

Are these the best option?

I read that for internal drive, you set the password in the BIOS. What about external drives?
I would prefer entering the password every time I connect the drive, if that is possible. Better if I don't need to install extra software with windows 7.

 

[Cr0nJ0b]

I don't do encryption, but couldn't you just use bitlocker from windows and any regular HDD?

 

[exdeath]

Seagate GoFlex Pro (or is it Turbo now? the 7200 RPM one in any case)

TrueCrypt

I like and recommend the GoFlex drives for 3 reasons:

1) Seagate doesn't force their software down your throat with VCD partitions you can't delete, etc, it's just a folder you can delete or format the drive normally.

2) The cables are not proprietary, they can be used with any SATA hard drive that is within the power limits of bus powered devices and don't require external power bricks (most all 2.5" SSDs)

3) 7200 RPM external 2.5"

 

[Topweasel]

The problem with external HDD's and encryption is that it defeats the purpose. A lot of full drive encryption options if they don't have a E3 type autostart password option (like IronKey) then they need a key or interface set up on the machine you are using it in. Which means its not really that portable logically even if its portable physically.

I don't know if Bitlocker would really work either. It uses a certificate on thumbdrive as a dongle. But if you plug the hard drive into a machine without Bitlocker I don't know how well that would work. I could be wrong. If so this would be a great option.

Windows encryption would work well. You could in theory save the key/certificate for this and import it into a log in for the machines you want to use it in (like a dongle but a little more annoying), problem is for temporary access as apposed to infinite access you would need to remove it from the certificate system of the machine when done.

TruImage full drive or virtual partitions would be the best solution. But again require that the software be set up on both of the systems.

Almost all drives have support for password locks. The problem is with out a back-end (like tpm) to support it, its useless in this scenario. It's main service at that point is to have the support there for security firms to develop their own interfaces that they can force on all the equipment. So for example Dell had hardware encrypted options for their latitudes for a while. In the BIOS that mean that setting a password lock would not only prevent the hard drive from spinning up but attempting to do a forensic recovery would only get you encrypted information. That is supported in the board and hdd through tpm (not sure if I am remembering the acronym right), without that kind of interface in the OS. You wouldn't be able to use that in an external drive (as most password systems in BIOS's only support the primary drive, and none that I know of out of the box would see and let you set the password for a USB drive).

Main point of all of this is, unless making aboslutely sure that you don't lose an ounce of performance. Software based encryption is the way to go. But with all of them, unless your sure of the compatibility and configuration of every system you are trying to plug it into there are pitfalls to all of them.