Hard drive encryption is a process of converting your readable data into something unreadable to protect it.
With hard drive encryption, you will prevent unauthorized access to your data. There are two types of hard drive encryption:
- Software-based encryption
- Hardware-based encryption
In this post, we will talk about software-based solutions.
Most implementations of hard drive encryption encrypt the whole disk except the bootable part like the Master Boot Record (MBR) or GPT.
Some hardware-based encryption programs encrypt the whole disk, including the booting part.
Table of Contents
Benefits of full disk encryption
Compared to a single file or folder encryption, full disk encryption has many advantages:
- Encrypting everything, including the Temp files and runtime generated files, which may contain sensitive data.
- There is no chance for the user to forget files to encrypt. This is important because the user may forget to encrypt some sensitive files.
- Instant data destruction, the user can simply destroy the encryption keys, so the encrypted data becomes useless. However, if this is your concern, destroy physical media is the best option.
Full disk encryption is not 100% safe
Most of the full disk encryption programs are vulnerable to many attacks like:
Cold boot attack: when the attacker has physical access to the computer, he can retrieve the encryption keys from the system after rebooting the system using a cold reboot technique, and the data remains in the RAM for minutes after shutting down the system.
If the decryption password is not strong enough, the attacker may brute force your password and find your password easily.
Also, the disk encryption programs are vulnerable to acoustic cryptanalysis, which is the sound emitted by the computer keyboard and internal computer pieces.
Another risky issue is data tampering, so if the attacker tampers your encrypted data, your data will become useless.
There are many free and commercial hard drive encryption implementations available for you to use; we will discuss the best of them.
- Check Point Full Disk Encryption
- McAfee Drive Encryption
If you are using Windows 10 pro, you can use BitLocker by enabling it from Start > PC Settings > System > About > BitLocker Settings, then you can turn on BitLocker on the partition you want.
Anyway, if you try to turn BitLocker on for the operating system partition, you will see an error that says that the administrator MUST allow BitLocker without TPM (Trusted Platform Module).
Most modern PCs contain this TPM chip, or if you are building your PC, you can put a TPM chip and integrate it on your PC.
That’s because the encryption keys are stored on that chip. It decrypts your data automatically once you enter your Windows password.
If somebody tries to remove your drive from the computer to decrypt it, he can’t, since the decryption keys are on the TPM chip.
TPM is hardware-based encryption which is more powerful and protected against Cold boot attack and brute force attacks
However, you can bypass this requirement and use BitLocker without TPM.
Use BitLocker without TPM
Click Start > Run and type gpedit.msc and hit enter.
Go to Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives
Open the “Requires additional authentication at startup” and Enable it and make sure that BitLocker without TPM is enabled as shown and click OK.
Now it will work.
CipherShed is a free open source encryption program. It’s a continuation of the Truecrypt program.
CipherShed works on Windows, Linux, and Mac OS X. and the encryption goes on the fly.
You can use CipherShed to encrypt individual files or entire drives. After you encrypt the drive, you can mount that drive through CipherShed.
Notice that there are no packages for Linux and OS X, but you can compile the source code and make your package.
For Windows users, you can download it from here.
So for the people who missed Truecrypt, you should try this one.
DriveCrypt is a paid program. It uses 1344-Bit string encryption.
It uses the same technologies as used by the FBI and CIA.
There is a special feature called Steganographic, where you hide your sensitive files into music files.
You can have many users with different privileges.
You can try DriveCrypt for free for 30 days from here.
Check Point full disk encryption
Check Point Full Disk Encryption encrypts all of your files, data, temp files, system files, and even erased files for maximum security. It’s certified for FIPS 140-2.
Logical partitions are encrypted sector by sector. Any attempt to copy single files is blocked even if the drive is attached to another system.
Your system will boot with multi-factor authentication to ensure maximum security. That’s the pre-boot authentication.
There is a central panel for administration for managing policies, users, and options.
You can try a free trial from here.
McAfee drive encryption
McAfee drive encryption forces strong access control with pre-boot authentication.
It offers strong encryption.
Supports multiple device environments, including solid-state drives.
You can download it from here.
VeraCrypt is another free open-source disk encryption program that is based on Truecrypt.
It can open Truecrypt encrypted drives, and also you can convert Truecrypt drives to VeraCrypt format.
It works on multiple platforms like Windows, Linux, and Mac OSX.
You can choose between many encryption algorithms to encrypt your drives.
One of the cool features for Raspberry Pi users, there is a VeraCrypt for Raspberry Pi.
You can download it from here.
There is a lot of hard drive encryption programs available on the web; we choose the best and the most used programs.