Seth Schoen at the EFF has a suggestion for an extra New Year's Resolution: Full-disk encryption on all your computers.

  • http://riazm.tumblr.com riazm

    Is this worth it?

    • James Ledley

      http://www.tomshardware.com/reviews/bitlocker-truecrypt-encryption,2587.html

      Running real-time encryption on your system drive has a performance impact, whether you’re using Microsoft’s BitLocker or TrueCrypt 6.3a. However, the performance penalty is quite acceptable, and the hit is roughly the same whether you’re looking at a dual-core Core i5-600-series CPU or a quad-core Core i5-700-series chip. Still, we recommend being careful with older hardware, particularly on single-core systems where real-time encryption may noticeably slow down performance.

      I had my laptop stolen from my house last year (which was running full-disk encryption). On my (admittedly nice RAID SSD) system, I never noticed a performance cost, but for any performance hit, it’s a better use of your system resources than synthetic performance benchmarks ever will be.

      • Paul Renault

        If your system is using specific x86 processors, some of AES encryption instructions are hard-coded into the chip and give a significant speek boost. TrueCrypt v7 and later make use of this expanding x86 Intruction Set.

        http://www.truecrypt.org/docs/?s=hardware-acceleration

        I’m so jealous, my Core i7 doesn’t have ‘em…

  • http://twitter.com/michaeltibbsjr Michael Tibbs Jr

    How does this complicate backups, and recovery, of data after a catastrophic failure?

    • traalfaz

      I reversed it out on my laptop because I had to in order to resize the partitions.  Haven’t bothered putting it back on since.  I would if my laptop ever left my house, or if I had anything on it I cared about.  Financial/health stuff is in a smaller, encrypted store on the NAS machine which is a very nondescript box sitting under a shelf in the basement where it never moves and is unlikely to be a theft target.

  • James Ledley

    Michael, no complication to either my cloud or NAS backups.

  • rasputinaxp

    Softwarewise? No. But on my SSD my disk i/o takes a TREMENDOUS hit when copying large files. I’m running Bitlocker on Windows Enterprise 64 bit.

  • bcsizemo

    Like Michael said the only real issue I see is with a catastrophic disk failure.  Running any of the file encryption programs on a partition/whole disc level changes the partition type and configuration, most recovery programs are going to be useless.

    Of course if you are going as far as whole disc encryption, one might assume you also are backing up things on a regular basis, so if the drive went belly up it wouldn’t be much of a data loss…

  • http://twitter.com/bazimmerman Brad Zimmerman

    The whole-disk encryption on Mac OS X is, if I recall correctly, largely designed to be used with a single (primary/main) disk.  So, use Truecrypt (to compliment the built-in stuff) – it’s easy.

    BTW, if you’re not sure if it’s all worth it, just ask yourself if you would prefer to explain to the police/lawyers/judge/jury about how it was [an accident/not actually your stuff/you lost the license key or permission slip or whatever and that's why you used a code you got from some scuzzy site/thought that it was 'fair use'] …or whether you’d rather not because they don’t have anything because it’s encrypted.  Think about whether or not anyone will ever trust you after that or how it will affect your work, personal life, ability to get a loan, relationships with friends, etc.

    If you think it won’t or can’t happen to you or not in your freedom-loving country, think again.  It can, it does, and given enough time it will.

    • http://plankhead.com Zacqary Adam Green

      Furthermore, it’s only actually FDE in Lion. Snow Leopard and earlier only encrypt the Home folder in an easily crackable manner.