Protection through hard drive encryption –
not only for laptops!
The use of security software to protect you from online attacks is standard today, but what about physical threats to your hardware? What if your laptop goes missing while traveling or your workstation at the office is stolen during a burglary? Even on a password-protected OS, the data is saved to the hard drive unencrypted and can be read without any problems simply by reinstalling Windows over the top of the already existing installation.
Unfortunately, it's not always possible to protect yourself against theft. However, it is possible to prevent criminals from getting their hands on important work documents, snapshots from your last vacation or even critical passwords and online banking data. This type of protection involves a technology known as hard drive encryption.
It's often free and only takes a small amount of time and attention to set up correctly. For example, since the release of Windows Vista, Bitlocker Drive Encryption (aka "Bitlocker") ships as an integral part of the OS if you are using the Enterprise or Ultimate Edition of Windows. There are also freeware programs such as Truecrypt that allow you to encrypt your hard drive and that run on all versions of Windows from XP onwards as well as on Linux and MacOS.
How does encryption work exactly?
Encryption is part of the field of cryptology, a science which deals with the garbling of information. The term is derived from the Greek word "kryptós", which means "secret" or "hidden". While the cryptographic methods of over 2000 years ago were rather primitive and basically involved swapping or shifting characters of the alphabet, today's methods use very complex mathematical algorithms.
Advanced Encryption Standard (AES) is currently the most frequently used algorithm, due to its speed and extremely high level of security. There is currently no practical way of attacking AES even though the encryption method is of course well known. AES, also known as the "Rijndael algorithm" after its inventors, divides the information to be encrypted into 128 bit data blocks that are encoded with a key of 128, 192 or 256 bits in length. These blocks are written into a 2-D table that various mathematical transformations are then applied to.
The binary data can still be read from the hard drive once it has been encrypted, but it no longer makes any sense at all. It's not even possible to tell "what" was encrypted, i.e. whether it was pictures, text files or executable files. Moreover, even if the encryption algorithm itself is known, the data can't be decoded without having the correct key. It will therefore remain hidden from strangers.
Let's talk about the security of AES: Cracking (testing all possible combinations) of a 128 bit key would take several million years of computing time. However, coding and decoding using the correct key is so fast thanks to modern hardware, that the user is able to access their encrypted data almost instananeously. In other words, you won't notice any overhead when your data is encrypted while being saved and decrypted while being read, as your PC's CPU generally works much faster than the hard drive can read or write the data.
How to encrypt your hard drive
There are many encryption programs available, with the main differences being their level of complexity and whether they are free or paid software. In the following section, we will take a look at some of these programs.
Users of Windows 7 or Vista Ultimate or Enterprise Edition as well as Windows Server 2008 already have Bitlocker as part of their OS. Bitlocker is installed on a separate partition and runs before Windows is launched. As an alternative or in addition to using a password, booting can be made dependent on the presence of a USB stick containing a key file. If your PC doesn't have the necessary TPM chip, the use of a USB stick is usually required to unlock your PC.
Bitlocker's design is quite user-friendly and has few advanced options. If you use one of the corresponding Windows editions and don't need additional features, Bitlocker is a good solution at no further cost to you.
TrueCrypt is freeware and is one of the most frequently recommended encryption programs. It features a wealth of options and tends to be aimed mostly at experienced users. Encrypting the boot device is quite simple thanks to a step-by-step guide, however other features require more advanced knowledge.
TrueCrypt has almost everything you'd want for in an encryption program and is a very powerful tool. For instance, you can hide operating systems completely so that it's impossible to find them without knowing the correct password. TrueCrypt can be localized thanks to the numerous language packs available.
As the name suggests, Steganos Safe is like a virtual vault that you can "lock" your files inside. It's possible, for example, to secure your Office documents by saving them directly to the safe. The software is quite user-friendly and offers some special features such as the ability to hide data in images. Your data can be considered very secure thanks to the use of 264 bit AES.
The disadvantage: Steganos Safe isn't free; it's priced at 29.95 EUR.
Like TrueCrypt, DiskCryptor is open-source software, meaning you are free to download and modify its source code. You can also choose the encryption algorithm. Overall, DiskCryptor offers fewer options than TrueCrypt and is thus more suitable for beginners. The user interface is quite spartan, which makes it very easy to navigate through the menus.
In addition to hard drives, DiskCryptor is also capable of encrypting CD's. Like all good encryption programs, it loads before the OS. Windows will only boot if you enter the correct password, which then automatically grants you access to the data.
Conclusion and our recommendation
We recommend that laptop users in particular encrypt their data. It requires minimal time and effort, and even if you don't feel that your data is important enough to be stolen now, it's possible that in the future your personal and private data might be used against you by criminals. It's wise to take some time to learn about the technology though so you won't run the risk of losing your data by configuring the software incorrectly.
Important! Hard drive encryption is only designed to prevent access to your data in the event of an unauthorized person gaining physical access to the device. Malware can still infect your PC and access your saved data while Windows is running! While your OS is active, all data can be accessed normally. We therefore recommend that you use good anti-virus software with real-time protection such as Emsisoft Anti-Malware.