Is Google Drive Encrypted

[Bonny Battaglino]

Encryptedhard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives.

By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity.

When the operating system identifies an encrypted hard drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. The media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk.

There are three policy settings to manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:

Encrypted hard drives utilize two encryption keys on the device to control the locking and unlocking of data on the drive. These encryption keys are the Data Encryption Key (DEK) and the Authentication Key (AK):

When a device with an encrypted hard drive is in a powered-off state, the drive locks automatically. As a device powers on, the device remains in a locked state and is only unlocked after the AK decrypts the DEK. Once the AK decrypts the DEK, read-write operations can take place on the device.

When data is written to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. If the AK needs to be changed or erased, the data on the drive doesn't need to be re-encrypted. A new Authentication Key needs to be created and it re-encrypts the DEK. Once completed, the DEK can now be unlocked using the new AK, and read-writes to the volume can continue.

Many encrypted hard drive devices come preconfigured for use. If reconfiguration of the drive is required, use the following procedure after removing all available volumes and reverting the drive to an uninitialized state:

Portable, Affordable, and Reliable. The portable HDD line of Aegis Secure Drives keeps your sensitive data secure on the go, encrypting on the fly. Software-free, 256-bit AES encrypted, and USB port powered with on-board keypad or biometric authentication. These are the best secure encrypted portable hard drives on the market today!

If instead of fully encrypting the hard drive or encrypting the partition on which Windows is installed, I just encrypt a partition where I store my sensitive information, will it increase the chances of my data getting stolen(in comparison to the other alternatives) if my device gets stolen?

If you have a recovery partition in your disk, this one should not be encrypted, but you should encrypt all windows partition be them system or data if you want to be super safe, or only the sensitive data partition if you can accept that an attacker could find traces in temp or swap files.

The initial encryption time does not really matter IMHO. It happens only once. But 10 hours for 150 Gb seems rather weird. SATA disk io throughput should allow around 100Mb/s, so encrypting 150Gb should not exceed a couple of hours.

Encrypt the whole disk. The overhead is negligible, and you don't have to worry about someone stealing your computer and having all your data. And if you have to send your computer to repairs, you don't have to worry about stolen files or compromised applications.

Another benefit is that all data is encrypted by default, so you don't need to keep a mental process of copying sensitive data from the unprotected partition to the protected one. And if you need double protection, create a VeraCrypt volume and use it.

One benefit of encrypting only a partition vs the whole drive is that you can encrypt/decrypt the partition while using the system for other tasks, so you can encrypt it "on demand" so to say, but if you encrypt the whole disk it's decrypted every time you start up and authenticate the system.

In terms of security, as you say, if the machine gets stolen, I would say there isn't much difference between FDE and an encrypted partition in such a scenario. If you use strong encryption on your partition it's highly unlikely that your data will be compromised.

I'd say there is some benefit to using an encrypted partition / folder vs FDE if you only decrypt it when you need to access or store sensitive information and encrypt it again when you're done, so that you don't leave the filesystem in an unencrypted state all the time when you're logged in, as would be the case with only FDE.

Without having more information on the application, FDE is always the safest bet. However, for less critical data and unsophisticated attackers, an encrypted partition or virtual hard drive is probably enough.

The problem is that when you leave the Windows partition unencrypted, then you will also have an unencrypted pagefile (where Windows stores application memory when running out of RAM) and hibernation file (where Windows dumps the RAM when hibernating). When you are working with confidential data stored on your encrypted hard drive, then their content might end up in these files.

There are also other places on the system drive where confidential data might show up (depending on what information you consider confidential, of course). One thing I would always want to be encrypted is the C:\Users directory, because all kinds of applications use it to store temporary (and not so temporary) files. Whenever you view or edit a confidential file, the software you use for viewing might store information about that file in your user directory. When you are sure that you will only use programs to work with confidential files where you know that they won't ever do this, then this might not be a concern. But are you sure about this?

I cannot foresee any shortcomings with this method of encrypting a partition. I often use full disk encryption with encrypted containers within, 7z AES256 archives. So, layers of encryption. I would advise you review which AES-XTS bit size is used, and swap to AES256-XTS, as more rounds, is used. HowToGeek outlines how to use Local Group Policy Editor to change the encryption cipher used.

Kingston DataTraveler and Kingston IronKey USB flash drives provide on-the-go file storage for photos, music, video and more. They are available in both standard and encrypted security for home, school, office and enterprise organisations.

Apple recommends encrypting external drives that contain any personal information, and that's obviously for a good reason. Does Dropbox intend to support Encrypted APFS drives at some point? Other backup programs (e.g., Backblaze) have no problem with this.

Did this post help you? If so, give it a Like below to let us know.

Need help with something else? Ask me a question!

Find Tips & Tricks Discover more ways to use Dropbox here!

Interested in Community Groups? Click here to join!

That is ridiculous. It makes Dropbox massively less useful. But what makes me angry is that I had to spend hours messing about in settings and then an hour chatting to them on support before even they realised why my drives could not be added! If you are aware of this it should be stated in advance to save peopple all this hassle1

Did this post help you? If so, give it a Like below to let us know.

Need help with something else? Ask me a question!

Find Tips & Tricks Discover more ways to use Dropbox here!

Interested in Community Groups? Click here to join

Hello all , not sure if this is the correct community to post this into, the list did not mention anything with hard drives or encryption. a few weeks ago, my macbook pro broke, and I had used to to encrypt a 1.5TB external drive. Since I do not have a mac to use the external drive with, is there any way that I can access the information without another macbook, I used a friend's macbook air and I was able to access the drive the way I used to with my mac, is there a way the decryption can be taken off without deleting the encrypted data(in my understanding it cant be done). or is there any software that I can use to access the drive the way it is accessed in a macbook. Thank you for your time.

Yes, I now see how ambiguous my question is, to clarify, I do have a working computer, however this computer does not run Mac OS, therefore I cannot decrypt the drive because it is formatted in a way that is not understood by this operating system, so is there any way that I can run a decryption of the drive from another operating system. Thank you for your interest in helping me, I strongly appreciate your time.

Thank you for your response, I am working on ubuntu and the posts that I read either they could read from the drive and just needed write functionality or they removed the journaling on a mac before hand. I can see the drive from the disks app but if I mount either the EFI partition or the Apple boot partition I can see it on ubuntu's file explorer but when I access the mount partition it is blank. I will take a stab at simply decrypting the drive with a friend's mac, I tried all the commands on the askubuntu and superuser stackexchange forums but no success. Thank you both for your time and effort.

I do not have a spare hard drive to test it on but I know there are a lot of people that use encryption software built in to windows like bitlocker. I have personally never used it but I understand that you have to provide a PIN on boot or a USB key on boot.

3a8082e126