How to encrypt your disks

Seth Schoen at the EFF has a suggestion for an extra New Year's Resolution: Full-disk encryption on all your computers.



      Running real-time encryption on your system drive has a performance impact, whether you’re using Microsoft’s BitLocker or TrueCrypt 6.3a. However, the performance penalty is quite acceptable, and the hit is roughly the same whether you’re looking at a dual-core Core i5-600-series CPU or a quad-core Core i5-700-series chip. Still, we recommend being careful with older hardware, particularly on single-core systems where real-time encryption may noticeably slow down performance.

      I had my laptop stolen from my house last year (which was running full-disk encryption). On my (admittedly nice RAID SSD) system, I never noticed a performance cost, but for any performance hit, it’s a better use of your system resources than synthetic performance benchmarks ever will be.

    1. I reversed it out on my laptop because I had to in order to resize the partitions.  Haven’t bothered putting it back on since.  I would if my laptop ever left my house, or if I had anything on it I cared about.  Financial/health stuff is in a smaller, encrypted store on the NAS machine which is a very nondescript box sitting under a shelf in the basement where it never moves and is unlikely to be a theft target.

  1. Softwarewise? No. But on my SSD my disk i/o takes a TREMENDOUS hit when copying large files. I’m running Bitlocker on Windows Enterprise 64 bit.

  2. Like Michael said the only real issue I see is with a catastrophic disk failure.  Running any of the file encryption programs on a partition/whole disc level changes the partition type and configuration, most recovery programs are going to be useless.

    Of course if you are going as far as whole disc encryption, one might assume you also are backing up things on a regular basis, so if the drive went belly up it wouldn’t be much of a data loss…

  3. The whole-disk encryption on Mac OS X is, if I recall correctly, largely designed to be used with a single (primary/main) disk.  So, use Truecrypt (to compliment the built-in stuff) – it’s easy.

    BTW, if you’re not sure if it’s all worth it, just ask yourself if you would prefer to explain to the police/lawyers/judge/jury about how it was [an accident/not actually your stuff/you lost the license key or permission slip or whatever and that’s why you used a code you got from some scuzzy site/thought that it was ‘fair use’] …or whether you’d rather not because they don’t have anything because it’s encrypted.  Think about whether or not anyone will ever trust you after that or how it will affect your work, personal life, ability to get a loan, relationships with friends, etc.

    If you think it won’t or can’t happen to you or not in your freedom-loving country, think again.  It can, it does, and given enough time it will.

Comments are closed.