Lately I have been pondering a lot about the data on my computers. There is a lot of private and more of less confidential information on those, specially on the one that I use the most.
All kind of documents with letters that I sent to people and companies… salary and tax forms… banking software…
But also more private things as mail threads with Marion and Sanne… photographs I made… so things that are of no concern to most people out there.
There is always the risk that a computer gets stolen. For mobile devices as laptop and tablets this risk is even rather high, but also desktops can be removed with a burglary.
And then there is something else where people hardly think about. What happens with a computer when someone passes away? Mostly they end up with someone in the family and that is basically okay with me, but not the data. The data should only be accessible by a very small group of people…
I have been overthinking how I protect this data that is so important to me.
Well, I had a BIOS password active on all computers (so you had to enter a password before the computer could boot). But this easy to pass by… remove the BIOS battery for two minutes… or play a bit with some dip-switches and this password is cleared. And how to do this exactly is freely available on the Internet. So not a real good solution.
The Windows password (especially on standalone computers) is a joke and gives only false sense of security. There are thousands of programs available on the Internet to reset a Windows password. Even more, it possible to boot with a special CD and bypass Windows completely and get full access to the file system directly.
So it was for someone who knows a little bit about computers not very hard to get past the two “security measures” I had in place. Of course I know this already all for a long time and I also knew the solution…. full disk encryption!
So what kept me from encrypting those hard disks? Performance of the computer… My previous experiences on this matter have not been very good. I have seen very fast computers turn into slow monsters by disk encryption.
And as I use my computer also for (online) gaming, performance is very important to me as well.
For some time have been using a solution in between. With TrueCrypt I created encrypted containers on my computers and stored in those the data I wanted to be safe. This worked well, as long you are aware where all the importanted data is located. TrueCrypt is an encrypting program that create encrypted containers, but can also encrypt devices as USB sticks and hard disks.
Why TrueCrypt? It has a very good reputation and above all, it is Open Source. This means that I can be sure that there are no back doors.
There are stories going around that people managed to hack TrueCrypt. But in all those cases TrueCrypt was not hacked, but the system where it was used on was compromised (as example, keylogger that registers a password that was entered).
Anyway, back to the performance issue. On many places I read that TrueCrypt encryption would have almost no effect on the performance. I saw many benchmarks to support this statement. Even for playing games it would not differ very much (after all much of gaming is done in memory).
So as test I encrypted the two hard disks in my “old” duo core machine (Intel Core 2CPU @ 1.86 GHz, AIT Radeon X1550 Graphic card, 2 Gb memory, running Windows 7 32 bits). Normally I use this computer only for things as MSN, Skype, IRC and such. And every now and then I use it for duo-boxing (playing on two computers with a character on each computer in a online game. Mostly the second characters is a healer-type to support the first character).
And yes, the difference in performance was very acceptable.
So after making a complete backup, I started yesterday early in the morning the encryption of the hard drive in my main computer (Intel I7 2600 CPU @ 3,40 GHz, ATI Radeon HD 5870 graphic card, 8Gb memory, running Windows 7 64 bits). During the day I had other things to do, so a nice opportunity to do this lengthy task. It took a bit over 13 hours to encrypt the 1.5 Terabyte hard disk.
Very nifty is the option of TrueCrypt that you can suspend the encryption process and use the computer as normal again or even to switch it completely off and resume the process later.
The end result? I am very happy with it.
The system is bit slower during booting, but that I will solve soon by installing a (encrypted) SSD (Solid State Disk) with the operation system on it.
But when it runs, it is as fast as it always was. Of course that the CPU in my main computer fully supports the hardware-accelerated AES encryption (Intel AES-IN instruction set) helps a lot. It boosts the encryption process to 4 to 8 times faster. This also explains that my duo-core computer shows a little decrease in performance as it doesn’t support this hardware-acceleration.
Even in heavy online games (as Everquest II) there is really no decrease in performance noticeable. Also not during the loading of new zones (and there I would have expected it).
To access this encrypted hard drive you need a password that is longer than 20 characters, contains uppercase, lowercase, numbers and reading signs…. It is nowhere written down and memorized by the 3 persons who should always have access to it.
If someone would consider a brute force attack on it (and no, I was not so stupid to enter the password on the website that made the calculation below, but entered a password that was constructed in a similar way):
Have fun with that…. *grins*