Truecrypt - Full Disk Encryption Experiences please!

Makhaira · 25 May 2011 at 18:57

Evening guys!

I have a machine that is going to be holding some data I expect comes under the bounds of the UK Data Protection Act, so I'm intending to err on the side of caution.

The data is limited to a couple of files, but I want to be sure that any temp files etc are secure in the event that my PC is nicked by Mr Burglar.

I've used Truecrypt in the past for securing the odd zip file, but never as a pre-boot system to encrypt an entire system drive. Has anyone got any good/bad experiences, alternative recommendations, or tips for this?

The system drive in question is an 80Gb SSD on Windows 7 running over AHCI.

Oh, or if there's somewhere where I can find out ALL the possible temp locations that files could get put to, I could always just encrypt all the temp folders and the original files, which should be enough?

Cheers!

theheyes · 25 May 2011 at 19:43

I've used truecrypt full disk encryption for many years on many different computers and have yet to have a problem. You just need to think about backups i.e. start doing them and make sure you keep them safe (either encrypt those too or put them literally in a safe) because recovering stuff off an encrypted disk is a bit more difficult as you can imagine.

Macro · 25 May 2011 at 20:13

If you're using Windows 7 take a look at bitlocker http://technet.microsoft.com/en-us/library/dd548341(WS.10).aspx

whiskycycle · 25 May 2011 at 21:20

Athanor said:
If you're using Windows 7 take a look at bitlocker http://technet.microsoft.com/en-us/library/dd548341(WS.10).aspx

Only if it's Ultimate or Enterprise though. You can decrypt and read from disks and removable media encrypted with BL, but you can't encrypt using the bog standard "consumer" versions of Windows 7 (Pro and everything below).

Used Truecrypt full disk encryption on a standalone external disk, but not pre-boot on a machine. Doesn't look too hairy to do, but might be worth testing first if possible.

J.B · 25 May 2011 at 22:04

You realise the DPA is more than just keeping the data securely (principle 7 of 8).

Truecrypt is good although Im not sure how it will behave on an SSD. Had to recover a borked windows install recently which I thought was going to be a mission on an encrypted drive but the TrueCrypt boot CD was very useful

Makhaira · 25 May 2011 at 22:05

Yes thanks JB, valid point though! I'm covered in terms of the other DPA points since they can be dealt with by process and practice, it's having the tools to secure the electronic data that I needed to do some digging on.

Cheers

tom_e · 25 May 2011 at 22:08

I've been using it on my laptop for the last few months and had no problems

NickM · 25 May 2011 at 22:15

From what I've read/been told when I was looking into doing it you'll lose TRIM on the SSD if you use Whole Disk Encryption, don't know if that would bother you? Since its just a few files you might be better off using encrypted file containers.
Otherwise, I've got TC whole disk encryption working fine on my laptop (non SSD), just dont forget the password!