[–] MrMongoose 0 points 1 point 1 point (+1|-0) ago
You can use hardware encryption, where a device sits between the computer and the drive and does all of the encryption on the fly. The drive is unreadable without the encryption device/key. However, AFAIK, all those systems use hardware keys and not passwords.
[–] ImSureImPerfect [S] ago
Hm. I'll have to read more about that. I'm fascinated by the idea.
If you install hardware encryption, the hardware key is...what...a physical, literal key of some sort? A piece of tech you slot in?
[–] MrMongoose 0 points 1 point 1 point (+1|-0) ago
Yep. Usually a small dongle. There may be other variations, though. Search for the Addonics Saturn series - that's what I ended up with.
[–] MrMongoose ago
Well, you can always apply whatever additional software encryption you want underneath it. It's just one more layer of security.
[–] [deleted] 0 points 5 points 5 points (+5|-0) ago
[–] [deleted] 0 points 1 point 1 point (+1|-0) ago
[–] e0steven 0 points 5 points 5 points (+5|-0) ago
Um that's bull, it was fully vetted.Audit Results And I highly doubt you have anything to back it up.
[–] GeorgeMichael 0 points 1 point 1 point (+1|-0) ago
you could check out VeraCrypt, it's a fork and IIRC some trueCrypt developers are involved in this project as well
[–] [deleted] ago
Alright as someone who actually uses whole disk encryption and has for years for HIPAA, here is my experience.
I've used TrueCrypt for a long long time, it's been vetted and found to be essentially unbreakable if you use a strong pass phrase. It will do exactly as you envision, it prompts you every time you boot and the disk itself will not work without that key. Next up we have, on newer machines BitLocker. We have, again, whole disk encryption and this time the key is actually kept for us. If the drive is removed it won't be mountable. You can read much more of how BitLocker works by googling it. Finally there is speed, ok there is a speed cost. However even on a very low spec laptop is was virtually unnoticeable. So in short, rock on your encryption.
As always please please please please make sure you keep your keys safe, both from people stealing them and just from loss. This encryption means your data is basically totally lost without that key. TrueCrypt will make you, or at least prompt you, to make a recovery disk. BitLocker will print you a copy of your key. Keep them safe.
[–] jumpingmac 0 points 7 points 7 points (+7|-0) ago
It's important to note that whole disk encryption, while a strong mechanism for protecting your data against physical theft, is ineffective at protecting data stolen from you electronically.
[–] just-my-2c ago
Even then, you better hope it was turned off when it was stolen or used by an unauthorized person...
[–] Kalectrix 0 points 15 points 15 points (+15|-0) ago (edited ago)
Ha-ha yes. Linux supports this with ease. You don't really notice it, you just have to type in your passphrase at boot. You can also put nukes on it aswell, so if someone tries brute forcing it the hard drive is as good as random gibberish. The other option is to just encrypt your home folder, which is the usual option. I used to run a persistent encrypted Kali Linux on a USB 3, was pretty good for a portable secure OS. Edit: correction
[–] NeverToday 0 points 1 point 1 point (+1|-0) ago
I do the whole disk thing and it's nice to know that if my laptop ever gets stolen, I really don't care that much. Go buy a new one, install my backup and never worry that my data will get pulled off the stolen machine.
I set it up via the Debian installer, if anyone's interested.
[–] xyzzy 2 points 1 point 3 points (+3|-2) ago
Full disk encryption is possible, but very bad for the performance.
Technically not everything is encrypted, the bootloader which asks for your passphrase and decrypts the filesystem is not.
[–] ImSureImPerfect [S] ago
So the bootloader is a potential vulnerable spot then? Interesting.
When you say bad for performance, do you mean it's not encrypted well enough? Or that it slows down the PC? What kind of bad are we looking at?
[–] xyzzy 0 points 2 points 2 points (+2|-0) ago
I wouldn't say it's vulnerable, but readable.
It slows down. Since every file read from disk has to be decrypted and only part of them remain cached in the RAM. So reading from disk is slow and uses CPU power.
[–] Fuckery 0 points 2 points 2 points (+2|-0) ago
Even with perfect full disk encryption there is this. For absolutely perfect protection, you are going to have to rig a thermite charge with a battery backup and auto ignition criteria.
[–] NinjaKitteh ago
You could have your /boot on a USB-stick, that way you can be sure it has not been tampered with.
[–] e0steven 0 points 4 points 4 points (+4|-0) ago
I don't think that is the case at all and I doubt you've ever actually used it.
[–] qiezidaifu 0 points 1 point 1 point (+1|-0) ago
Well then state why that's not the case, no need for chirping.
[–] VimTsar 0 points 6 points 6 points (+6|-0) ago
Not really. Most modern CPUs have AES support, so performance hit using this cipher on HDDs isn't so bad. And SSDs aren't recommended for encrypted data anyway, since they keep ciphertext blocks which were rewritten and also need marking empty blocks for better performance, which both weakens the encryption.
[–] Craftkorb 0 points 6 points 6 points (+6|-0) ago
I call bullshit. I have a Lenovo Thinkpad X201, which has a i5 520M as CPU and thus supports AES extension. A SSD is used as storage. Not the fastest one ever, still: 150MiB/s reading without encryption, ~125MiB/s with full disk encryption. I don't notice a thing whatever I do with it.