Encrypted Google Drive

[Francoise Witsell]

Ifinstead of fully encrypting the hard drive or encrypting the partition on which Windows is installed, I just encrypt a partition where I store my sensitive information, will it increase the chances of my data getting stolen(in comparison to the other alternatives) if my device gets stolen?

If you have a recovery partition in your disk, this one should not be encrypted, but you should encrypt all windows partition be them system or data if you want to be super safe, or only the sensitive data partition if you can accept that an attacker could find traces in temp or swap files.

The initial encryption time does not really matter IMHO. It happens only once. But 10 hours for 150 Gb seems rather weird. SATA disk io throughput should allow around 100Mb/s, so encrypting 150Gb should not exceed a couple of hours.

Encrypt the whole disk. The overhead is negligible, and you don't have to worry about someone stealing your computer and having all your data. And if you have to send your computer to repairs, you don't have to worry about stolen files or compromised applications.

Another benefit is that all data is encrypted by default, so you don't need to keep a mental process of copying sensitive data from the unprotected partition to the protected one. And if you need double protection, create a VeraCrypt volume and use it.

One benefit of encrypting only a partition vs the whole drive is that you can encrypt/decrypt the partition while using the system for other tasks, so you can encrypt it "on demand" so to say, but if you encrypt the whole disk it's decrypted every time you start up and authenticate the system.

In terms of security, as you say, if the machine gets stolen, I would say there isn't much difference between FDE and an encrypted partition in such a scenario. If you use strong encryption on your partition it's highly unlikely that your data will be compromised.

I'd say there is some benefit to using an encrypted partition / folder vs FDE if you only decrypt it when you need to access or store sensitive information and encrypt it again when you're done, so that you don't leave the filesystem in an unencrypted state all the time when you're logged in, as would be the case with only FDE.

Without having more information on the application, FDE is always the safest bet. However, for less critical data and unsophisticated attackers, an encrypted partition or virtual hard drive is probably enough.

The problem is that when you leave the Windows partition unencrypted, then you will also have an unencrypted pagefile (where Windows stores application memory when running out of RAM) and hibernation file (where Windows dumps the RAM when hibernating). When you are working with confidential data stored on your encrypted hard drive, then their content might end up in these files.

There are also other places on the system drive where confidential data might show up (depending on what information you consider confidential, of course). One thing I would always want to be encrypted is the C:\Users directory, because all kinds of applications use it to store temporary (and not so temporary) files. Whenever you view or edit a confidential file, the software you use for viewing might store information about that file in your user directory. When you are sure that you will only use programs to work with confidential files where you know that they won't ever do this, then this might not be a concern. But are you sure about this?

I cannot foresee any shortcomings with this method of encrypting a partition. I often use full disk encryption with encrypted containers within, 7z AES256 archives. So, layers of encryption. I would advise you review which AES-XTS bit size is used, and swap to AES256-XTS, as more rounds, is used. HowToGeek outlines how to use Local Group Policy Editor to change the encryption cipher used.

Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives.

By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity.

When the operating system identifies an encrypted hard drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. The media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk.

There are three policy settings to manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:

Encrypted hard drives utilize two encryption keys on the device to control the locking and unlocking of data on the drive. These encryption keys are the Data Encryption Key (DEK) and the Authentication Key (AK):

When a device with an encrypted hard drive is in a powered-off state, the drive locks automatically. As a device powers on, the device remains in a locked state and is only unlocked after the AK decrypts the DEK. Once the AK decrypts the DEK, read-write operations can take place on the device.

When data is written to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. If the AK needs to be changed or erased, the data on the drive doesn't need to be re-encrypted. A new Authentication Key needs to be created and it re-encrypts the DEK. Once completed, the DEK can now be unlocked using the new AK, and read-writes to the volume can continue.

Many encrypted hard drive devices come preconfigured for use. If reconfiguration of the drive is required, use the following procedure after removing all available volumes and reverting the drive to an uninitialized state:

Apple recommends encrypting external drives that contain any personal information, and that's obviously for a good reason. Does Dropbox intend to support Encrypted APFS drives at some point? Other backup programs (e.g., Backblaze) have no problem with this.

Did this post help you? If so, give it a Like below to let us know.

Need help with something else? Ask me a question!

Find Tips & Tricks Discover more ways to use Dropbox here!

Interested in Community Groups? Click here to join!

That is ridiculous. It makes Dropbox massively less useful. But what makes me angry is that I had to spend hours messing about in settings and then an hour chatting to them on support before even they realised why my drives could not be added! If you are aware of this it should be stated in advance to save peopple all this hassle1

Did this post help you? If so, give it a Like below to let us know.

Need help with something else? Ask me a question!

Find Tips & Tricks Discover more ways to use Dropbox here!

Interested in Community Groups? Click here to join

Portable, Affordable, and Reliable. The portable HDD line of Aegis Secure Drives keeps your sensitive data secure on the go, encrypting on the fly. Software-free, 256-bit AES encrypted, and USB port powered with on-board keypad or biometric authentication. These are the best secure encrypted portable hard drives on the market today!

Proton Drive's strong encryption goes beyond other secure cloud solutions.

End-to-end encryption ensures that no one, not even us, can access your files. Files, file names, folder names, and more are all fully encrypted at rest and in transit to your secure cloud.

We believe in trust through transparency. Proton Drive is open source, so anyone can verify that our encrypted cloud storage works as described. Proton Drive is also routinely audited for privacy and security by independent third-party experts.

Choosing Proton Drive is a step towards a better internet. Proton Drive is part of a wider ecosystem of privacy-first products. By using Drive and our other products, you are helping to create an internet where people, not Big Tech, hold the power.

The documents you create in Proton's Docs are end-to-end encrypted, ensuring your work can never be exposed in data breaches, subject to online surveillance, or used to train AI models. Docs is integrated into Proton Drive, meaning you have a unified and secure space for creating, collaborating, and storing your documents. We designed Docs to be a clean, simple experience. With Docs, you can:

Your files are more than just data. The photos and videos of time spent with your family and friends are a record of your life. These images, along with your other personal documents, deserve the highest protection and privacy.

Proton Drive is a secure and encrypted Swiss vault for your favorite moments.

Proton Drive secures the information of organizations all around the world. Our clients include journalists, activists, and businesses with high-security needs.

Drive empowers you to collaborate on documents, securely store and share files within your organization while maintaining control over permissions and data access.

We believe everyone has the right to privacy. Our free cloud storage plan includes all the security and privacy features of our paid subscriptions. You can access more storage and support our fight for a better internet, by upgrading to a paid account.

With Proton Drive, your files are accessible 24/7 from any device and secured with automatic backups in multiple datacenters. Your data remains safe even if you lose your phone or computer.

Our end-to-end encryption means that unlike other cloud storage solutions, you don't have to share access to your most intimate files with a third party. Unlike Big Tech, Proton can't access your files. Your data remains fully owned, accessible, and controlled by you.

3a8082e126