Protecting my hard drive?

Discussion in 'Computer Security' started by Mama Bear, Sep 15, 2005.

  1. Mama Bear

    nemo_outis Guest

    216.196.97.142:

    ....snip...


    Depending on how hot your CPU & HD are, figure 20-50 Meg/minute (more
    likely the low end) which puts the scale for first encryption of most hard
    drives at a "small integer" number of hours (small rational number?).

    With Safeboot Solo (and Compusec too as best I can remember) you can keep
    working on your HD while the first-time encryption proceeds in the
    background.

    Moreover - and this is impressive! (but don't try it without a good backup)
    - you can actually pull the power on SS (or Compusec?) while they are
    encrypting for the first time and, when power is restored, they will pick
    up seamlessly where they left off! Now that's robust encryption!

    Regards,

    PS I have never measured what the overhead actually is for full-HD
    encryption but I can say that it is not noticeable. My guess is less than
    10% for a decent combo of HD, memory, and CPU.
     
    nemo_outis, Sep 16, 2005
    #41
    1. Advertisements

  2. Ok I said I'll shut up but this is relevant, it should take no way near
    that sort of time. Forget I'm using linux cos times will be about the
    same regardless. The only thing that might vary the time a bit is the
    cipher used but even then it won't take anywhere near that long.

    For example on a 4.3gig drive of mine whole drive encryption takes just
    a matter of minutes. Set it going and go make a cup of tea. On a 10gig
    partition I tried it on it took slightly longer of course but again it's
    minutes and not hours to do. For a whole 40gig drive set it going and
    make a really hot cup of tea and a bite to eat and have a look through
    the paper. It really wont take as long as hours.

    And I have a slower machine than you at only 1ghz ;-(
     
    Ray Vingnutte, Sep 16, 2005
    #42
    1. Advertisements

  3. Mama Bear

    nemo_outis Guest

    Actually I think I'm guilty both of false precision and underestimation.
    Figure a few to a dozen gigs/hr.

    Regards,
     
    nemo_outis, Sep 16, 2005
    #43
  4. On Thu, 15 Sep 2005 17:19:58 -0500, Mama Bear wrote:


    [snippage]
    Ya' know, after reading Ari and Nemo, I'm inclined to agree that whole
    disk may be a big leap. No reflection on you, just an acknowledgment that
    I sometimes forget how things can be routine for some, and daunting for
    others. ;)

    I'd take Nemo's advice and look seriously at TrueCrypt.

    BACKUPS, BACKUPS, BACKUPS! Can't be stressed enough.

    Download, install, play. I think you'll find that you're smarter than you
    think, and the task of handling your encrypted containers is no more
    bothersome than working with data on a CD. Then if you decide down the
    road you need more, you'll have the confidence and experience to jump
    right in. And you'll have those backups... ;)
     
    Jeffrey F. Bloss, Sep 16, 2005
    #44
  5. Hours??,
    Is that using multiple layer encryption then, sounds like it, in that
    case yeah it will take much longer.
    On mine occasionally you might notice a split second pause as if the
    machine is saying hold on a mo but if you blink you'll miss it. But
    should point out I'm only using one layer encryption if you are using
    multi layer a slow down will be more noticeable.

    Is it really worth multi layer at this level of protection?.
     
    Ray Vingnutte, Sep 16, 2005
    #45
  6. Is that using multiple layer encryption then, sounds like it, in that
    case yeah it will take much longer.


    On mine occasionally you might notice a split second pause as if the
    machine is saying hold on a mo but if you blink you'll miss it. But
    should point out I'm only using one layer encryption if you are using
    multi layer a slow down will be more noticeable.

    Is it really worth multi layer at this level of protection?.
     
    Ray Vingnutte, Sep 16, 2005
    #46
  7. Mama Bear

    nemo_outis Guest


    Yep, for a 100 Gig plus HD - but only the first time. Even good drives
    read at, say, 30M/s average (OK 50 M/s for a really hot one) and
    something similar for a write. To read and write every sector on a 120
    Gig drive is going to take over 2 hours at that rate (1 read and 1 write
    for every sector) even assuming *no computational delay* to apply the
    encryption (and no delay to waiting for the sector to come round again to
    be written after the read - this assumes the buffering introduces no
    delays).



    I guessed 10% as an upper limit, since that might be my threshold of
    "just noticing." As I said, any delay is well below my threshold for
    noticing, but, of course, I can't say how much below without measuring.

    Regards,
     
    nemo_outis, Sep 16, 2005
    #47
  8. Mama Bear

    traveler Guest

    Hey nimo, what exactly is asp-centric?
     
    traveler, Sep 16, 2005
    #48
  9. Mama Bear

    thunderbird Guest

    The key feature (pay) is excellent. Drive crypt may be a little more
    secure? but that's more money.
     
    thunderbird, Sep 16, 2005
    #49
  10. As far as I'm aware ( I've never used this method ), you can either
    use an entire drive partition or a section of a partition that behaves
    like a separate drive.
    I should imagine the system overheads aren't too severe, but
    nonetheless noticeable with intensive disk activity each time a
    container was accessed.
    I've avoided this method because of the difficulty in backing up files
    stored on such drives. Files encrypted separately can be moved, copied
    and otherwise thrown about just like any other file...and once
    encrypted they stay that way no matter where you place them ( and you
    should always keep a copy of your passwords file...encrypted, of
    course! ).
    Blowfish Advanced can be set up in a 'two time' operation.
    Let's assume that you wanted to encrypt a set of folders that
    contained all your sensitive data.
    You simply open up the program and select the folders you wish to
    encrypt. You then encrypt then using your chosen password, and once
    the program has run it throw up a job file report - which tell you
    what it's done. You can save this as a job file.
    Repeat the operation, selecting decrypt this time - and the same will
    happen. You now have two job files saved. Simply drag them to the
    desktop or the start menu as shortcuts and thereafter all you need to
    do is click on the relevant icons and enter your password.
    Blowfish is one of the faster algorithms in use - my own routine that
    deals with upwards of 50Mb takes barely a minute to run.

    There are other options you can make use of, such as caching (
    remembering ) your password for as long as the computer is on - which
    acts rather like on-the-fly encryption/decryption etc.

    One of the handiest features is the progam's ability to securely
    overwrite ( or wipe ) any sensitive data, and good safety features in
    the event of a system power outage whilst performing any tasks.
    Other features include renaming of files, 'work with' and 'view'
    options, and a choice of encryption algorithms ( though I suspect the
    default Blowfish is more than good enough ).
    Drag and drop is supported too, if you want to use a more visual
    method of securing your data - and there's an option to put various
    tools on your right click context menus in explorer.

    From your later posts it seems that you really only need to protect a
    few files, and I would think this program ( or one like it ) would be
    the best balance between convenience and features.
    If you're at all savvy at mucking about with batch or .ini files then
    you can hand edit the program's job files to suit your own needs.
    I run just one pair of job files that encrypts or decrypts a number of
    separate files and folders scattered across several partitions..and
    even encrypts the job files themselves!

    One nice tip is that you can encrypt ANY file or folder - so if, for
    example, you had a folder in your browser favourites containing links
    to such seedy sites as world-of-pies.com, or Star-trek-geeks.co.uk -
    you could encrypt the entire folder and rename the files, which would
    then appear to be empty to anyone else who happened across that folder
    when browsing your favourites.

    I'm happy to recommend this particular freeware program on the basis
    that I've been using it for some years now without any problems
    whatsoever.

    Regards,
     
    Stephen Howard, Sep 16, 2005
    #50
  11. Mama Bear

    nemo_outis Guest

    Just my bitch about MS forcing its non-standards on the internet. I don't
    give a damn if it's just an engine behind the scenes - but I object to it
    at the interface level.

    Regards,
     
    nemo_outis, Sep 16, 2005
    #51
  12. Mama Bear

    Mama Bear Guest

    Yeah! Even harden it against EMP. :)
     
    Mama Bear, Sep 16, 2005
    #52
  13. Snakes in a circle.
     
    Ari Silversteinn, Sep 16, 2005
    #53
  14. This is what we proposed to a Business Partner, under consideration as a
    secured data center structure.

    http://www.monolithic.com/domenews/2005/dupont-katrina.html
     
    Ari Silversteinn, Sep 16, 2005
    #54
  15. Mama Bear

    Mama Bear Guest


    Another concern; if I do the whole disk, what about Norton Speedisk
    or their other utilities? Will things get royally hosed up?
     
    Mama Bear, Sep 18, 2005
    #55
  16. Mama Bear

    nemo_outis Guest

    216.196.97.142:

    There are two meanings regarding defragging wrt container files: defragging
    the contents of the virtual drive (the container) and defragging the
    partion/drive on which it resides. Both can be done.

    (Some systems require you to dismount the virtual drive before defragging
    the drive on which it resides. See, for instance:

    "http://www.microwell.com/data/prodotti/Utility per reti LAN%
    20WAN/drivecript/pdf/DriveCrypt.pdf")

    Truecrypt,says in its documentation there's no problem with defragging.

    Moving on to full (including the OS) HD/partitions there's only one defrag.
    It's been a gazillion years since I used speedisk, and I'm not a fan of
    Norton programs (except Ghost). However, I can say that Perfectdisk and
    Diskkeeper (defrag programs) work fine with full encrypted disks (but, yes,
    oddball defraggers that don't respect "immovable" files could cause
    trouble) and I would be leery of some of the "offline reboot" features
    (e.g. to defrag the MFT, consolidate directories, etc. - but even these
    might work). What definitely cause trouble are things that operate on
    partition tables, etc (like partitionmagic) or those that want to mess with
    the boot track (e.g., Goback, multiboot managers, etc.).

    If a defrag program accesses the drives (real or virtual) through Windows
    drivers (as it should) then there will be no problems (the encryption
    routines are essentially just drivers, spliced in)

    But, you'll have a backup anyway, right?, so you can experiment without
    fear :)

    Regards,
     
    nemo_outis, Sep 18, 2005
    #56
  17. Mama Bear

    Winged Guest

    Thanks mama bear, I actually enjoyed the links!
     
    Winged, Sep 18, 2005
    #57
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.