Recommendations for encryption software

jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Recommendations for encryption software

Post by jmt356 »

Can anyone recommend encryption software for a laptop running Windows 10?

Some online articles suggest that BitLocker comes with some versions of Windows (see, for example, this article: https://docs.microsoft.com/en-us/window ... r-overview" onclick="window.open(this.href);return false;), but it appears that my version of Windows 10 Home does not come with Bitlocker or other encryption software.
Regards,

JMT

User avatar
HansV
Administrator
Posts: 78229
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Recommendations for encryption software

Post by HansV »

Indeed, Windows 10 Home does not come with BitLocker, only the Pro and Enterprise editions do.

VeraCrypt is a free open source disk encryption software.
Best wishes,
Hans

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

I have used Veracrypt for some years now. I used to just use it for my data partition, but I have now started using it for the system partition too. It works very well and has never given me any problems.
StuartR


jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

I heard Veracrypt was so powerful that it causes a noticeable slowdown. Is this true?
Regards,

JMT

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

jmt356 wrote:I heard Veracrypt was so powerful that it causes a noticeable slowdown. Is this true?
This is not true. During normal running Veracrypt has no noticeable performance impact. When you mount an encrypted volume there is a delay that can feel quite long, but this is an intentional part of the Veracrypt design to prevent someone from trying different keys very fast.
StuartR


jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

If you move files to an encrypted Veracrypt drive and then back up those files on an external drive using ShadowProtect, will you be able to access them on the external drive backup using ShadowProtect? Or will you lose access to them on the external drive backup once they are encrypted?

Can Outlook PST and OST files be stored to VeraCrypt volumes or will doing so interfere with their functionality?

How does the encryption of the entire hard drive work? Is the only difference that I will notice that I have to enter a password upon first starting up the laptop and before entering the Windows log-in page? Are there any other differences I will notice?
Regards,

JMT

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

When the encrypted partition is mounted it behaves EXACTLY like any other partition. You can move files freely to and from other locations as if they were never encrypted. You can store any file that you would normally store, including PST and OST files.

It is easiest if you encrypt the entire system drive, and then you just have to enter your password very early in the boot sequence.

I did notice one small difference. If you have an encrypted partition which is NOT automatically mounted during system startup, then Windows Search may have difficulty indexing it. I run a scheduled task that stops and restarts the wsearch service to deal with this.
StuartR


jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

Suppose the encrypted partition is not mounted and it contains my Outlook PSTs and OSTs. Will these be unreadable unless I first mount the encrypted partitions? In other words, do I need to mount the encrypted partitions that contain my Outlook files every time I launch Outlook?
Regards,

JMT

User avatar
HansV
Administrator
Posts: 78229
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Recommendations for encryption software

Post by HansV »

Yes, if that partition hasn't been mounted, you won't be able to use Outlook.
Best wishes,
Hans

JoeP
SilverLounger
Posts: 2048
Joined: 25 Jan 2010, 02:12

Re: Recommendations for encryption software

Post by JoeP »

If a partition is unmounted it is unusable regardless of encryption.
Joe

User avatar
AlanMiller
BronzeLounger
Posts: 1545
Joined: 26 Jan 2010, 11:36
Location: Melbourne, Australia

Re: Recommendations for encryption software

Post by AlanMiller »

Stuart,

With your extensive experience, it seems it might be worthwhile for you to write a sticky "How To" post on using Veracrypt. ... if you get the time of course.
There seem to be quite a few "tips & tricks" involved, that are not so obvious from the outset.

Alan

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

Good idea Alan. I will try to find time to do this.
StuartR


jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

If I have an online cloud service set to synchronize the files in My Documents, but I have some files in My Documents in an unmounted encrypted Veracrypt drive, will the cloud service be unable to read these files and synchronize changes made to their counterparts on the cloud? In other words, do I always have to have my Veracrypt drives mounted to ensure that my cloud service is properly able to read and backup my files?
Regards,

JMT

User avatar
HansV
Administrator
Posts: 78229
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Recommendations for encryption software

Post by HansV »

Any drive/partition that you want to use has to be mounted, whether it is encrypted or not. An unmounted drive is not accessible - not to you, not to your applications, not to your cloud service.
Best wishes,
Hans

jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

Creating and encrypting a File Container in Veracrypt appears to be impractical as it always requires having the File Container mounted in order to use the files in any way.

I believe encrypting the entire hard disk is less cumbersome as it mounts everything on the drive upon start-up, while also securing data on the hard drive.

I tried encrypting the entire hard drive and received this message:

Before you can proceed, you must have at least 32 kilobytes of free space at the beginning of the system drive (the VeraCrypt Boot Loader needs to be stored in that area). You must repartition the disk and leave the first 32 kilobytes of the disk free (in most cases, you must delete and recreate the first partition).

Can you recommend a program to repartition the disk to leave the first 32 kb free? My current set up has the following partitions:
- C drive
- HP Tools
- MBR and Track0

I believe I need to wipe the entire hard drive and repartition it as follows:
- VeraCrypt
- C drive
- HP Tools
- MBR and Track0

What is the best way to achieve this? Is ShadowProtect acceptable software? If so, do I need the recovery disk to do this?
Regards,

JMT

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

Is there something unusual about how your hard drive was created? Do you have more than one operating system on this drive?
StuartR


jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

I believe my hard drive setup is standard. It only runs Windows 10.
Regards,

JMT

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

That's strange. I haven't seen this issue and I've used VeraCrypt on a few system drives.
StuartR


jmt356
SilverLounger
Posts: 2370
Joined: 28 Mar 2010, 01:49

Re: Recommendations for encryption software

Post by jmt356 »

Don't you have the VeraCrypt Boot Loader stored at the beginning of your hard disk?
Regards,

JMT

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Recommendations for encryption software

Post by StuartR »

Here is what disk manager shows for the partitions on the only disk drive on this laptop.

The system partition is encrypted by VeraCrypt, and this is mounted as the system is booting.
The large RAW partition is another VeraCrypt encrypted partition that I mount manually to access my data.
You do not have the required permissions to view the files attached to this post.
StuartR