Problems? See this thread at archive.org.
Hi,
I'm looking for a way to encrypt certain files and directories on my computer (things like Thunderbird & Firefox profile folders where passwords and browsing history is saved, a password index, tax returns, document scans etc.)
I have looked around, and as usual there are many related threads but none that answer my needs fully. The best info I found is here: http://forum.notebookreview.com/showthread.php?p=2672179#post2672179
What I need is:
1. Robustness. The encrypted data should be readable: in the event of Windows failure followed by reinstallation; in the event of hardware/motherboard failure, so with the HDD in another machine. All that should be needed in such an event would be remembering the password, and a reinstall of the software on the new OS/machine.
2. Robustness. See above.
3. Robustness.
4. Secure. Should be difficult enough to crack so that anyone gaining access to (e.g., stealing) the HDD is better off just wiping it.
5. File and directory-level encryption (because I don't want to rearrange my file structure so that I drop the files in a "vault" like with TrueCrypt. If truly necessary, I guess I'm willing to do this, but I'd rather not.)
6. Transparency (enter password once, then all encrypted data should be readable even though it may be sparsely distributed around the filesystem)
7. If possible, free, but I'm willing to pay some tens of dollars for the software if it's worth it.
That's about it. I guess what I'd really like is EFS without the shortcomings of EFS (which I gather is easy to crack and/or can render data unreadable in the event of OS breakdown).
Thanks in advance.
Edit: BTW on top of that I'm thinking of activating the HDD firmware password. Just to make things an extra bit more difficult in case of something. Will that work across computers, e.g. in the event of motherboard failure?
-
-
-
You mean EFS? They are different things. EFS is file-system level encryption, and Bitlocker is full disk encryption. I believe. I'm new to this stuff myself.
TrueCrypt is better because it can also encrypt only a portion of the HDD, and it works in XP as well as Vista; also has a version for MacOS. Also, it generates keys on the basis of password only, so no need to back up keys, like in Windows.
More to the topic. I have done a bit of research, and it seems that the ATA security is pretty good.
Source: http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#HDD_Passwords_and_Security
When the level is set to Maximum, the only way anyone is going to get access to your data without knowing the password, is remove the platters in a cleanroom, or perhaps with other specialized hardware only available at the HDD manufacturers' factories and probably to government security agencies. I certainly don't aim for the sort of security that would defeat these attempts, as well. I think James Bond would, though...
The only problem is, how to figure out the security level of the HDD? And if it's High, how to set it to Maximum? My BIOS does not support that, it only allows to set the user password. I also don't find a tool on the Western Digital site (I have a WD2500BEVE PATA/EIDE 2.5 HDD). Does anyone know such a tool?
(I found this BIOS extension http://www.fitzenreiter.de/ata/ata_eng.htm but I don't really trust it, last updated 2006 so it may not be compatible with my BIOS. Also I think it's mainly targeted at desktops)
WinXP Filesystem-level Encryption
Discussion in 'Windows OS and Software' started by E.B.E., Aug 29, 2008.
