-
Whole hd encryption
I wonder if anyone can help me,i have windows xp he and i want a programme that will encrypt the whole hard drive.After countless searches on google i have found nothing,only products that claim to encrypt the whole hard drive and operating system like products from http://www.securstar.com.
This makes me really mad after downloading the trial programme from there site and finding out that this product doesent encrypt the whole operating system or hard drive which it says on there site that it does do (so if ur trying to help me by searching google please see if the programme will encrypt the whole hard drive).Please bare in mind that i will soon want to install other operating systems like unlix/linux and ms dos so it needs to work with all types of operating system thanks.
-
nothing that i know of in windows...
i know that Linux has a Kernel mod for an encryption level API for the filesystem (which is pretty cool ;) )
a good solution would be to store the operating systems on one drive, and keep the secure data on another drive that can easily be encrypted... when you want to encrypt the whole drive you run into the problem of the OS not being able to run while still encrypted...
You could use a boot disk OS and encryption software, that way you could decrypt the drive and reboot... but this would get quite tedious after a while, i'd imagine...
-
Basically what i want to do is encrypt the whole operating system,is there any progs that can encrypt a bootable partition with a operating system and also supporting all file systems?.
-
i'm not sure you'd be able to fit decent encryption software in the boot sector?
-
I doubt that there is anything that would give you a bootable encrypted hard drive, afterall, the PC would have to decrypt it inorder to do anything (i.e. boot the OS). In order for this to be done you would need a OS already running, to provide some sort of functionality for the encryption prog to work.
I know PGP disk can create an encrypted disk which can then be mounted as a virtual hard drive. Maybe you could download the command line version, and add it into the equivalent of the autoexec.bat file to decrypt it at bootup. This virtual disk could then contain the rest of the OS files (although this might need some heavy editing of the registry (depending on the files that you wanted encrypted)), and your data. I know it's not the whole disk, but if you can't find anything else...
-
Yeah or i would want something that would encrypt the operating system.This is how it would work, turn computer on the decryption prog runs from memory and asks what partitions i want to decrypt and asks for password.I know there are progs that do do this but i cant find any,so thats why i came here for help.The reason i want this type of security is i have my pc in my bedroom and is phsically accessable,i have added the syskey start up password and added a win xp user password but i dont wanna rely on windows security and i know encryption is secure.
-
There is no reason in principle why you can't encrypt *nearly* everything on the HD
The decryption program used during boot needs to be stored unencrypted. In practice this could be in a very small partition used for nothing else. I don't know of anything which does this - but there are bound to be some commercial ones.
You might considering running vmware, and store your vmware images on an encrypted volume. Then use the inner OS for anything sensitive.
The other OS could still be used for non-sensitive data.
Slarty
-
I've never seen nor heard of a utility that encrypts the entire harddrive including the OS. The main reason being that whatever software encrypted the data to begin with would have to always be running in memory so that it could decrypt any new information that is needed. Given the size of most current OS'es it would not be feasible to unencrypt the entire OS and all needed files into memory where they would all stay. It's just not possible... Also, the encryption software would have to be an OS itself and be capable of running on top of whatever operating system you were trying to decrypt. Which would then get you back to the point of the OS is still not encrypted.
If you cannot guarantee physical security of the system then there is no way to secure it regardless of OS.
I think you might be being a little to paranoid. Which depending on what you are doing on your system may or may not be appropriate. If it is appropriate, I would rethink what you are doing on your computer.
"This is how it would work, turn computer on the decryption prog runs from memory and asks what partitions i want to decrypt and asks for password."
When you turn the computer off, all RAM is cleared, so when you turn the computer back on, there is nothing in memory to run. What memory would run this? I could see this working with some dedicated encryption HARDWARE, but I can't see it working with just software.
-
I guess I am a speed freak because I don't understand what the benefit of this would be. I would think that doing this would significantly slow your computer down having to decrypt everything it loads. I am just thinking that I didn't look it up somewhere since I don't see myself ever needing to do this. Why would you want to encrypt everything anyway?
-
Seems like an awful lot of security for a computer in your bedroom. Who else do you share your bedroom with?
-
The main reason for wanting to use whole HD encryption is that operating systems often litter unrelated parts of the hard drive with bits of applications' data - this could be temporary files, swap files, or just about anything really.
So in order to be totally safe, encrypt the whole HD.
It is true that you would need to have some of the HD unencrypted to store the decryption software - otherwise the bios would have a hard time booting.
But not very much - only just enough to get the system going.
Also, the performance argument is largely irrelevant - modern CPUs can do encryption much faster than modern hard drives can read / write data. There would of course be a performance hit - but not much.
I've run stuff from encrypted volumes before, and it isn't noticably slow.
Also, the OS itself would not be encrypted in RAM, only on disc. Once it's loaded, it would run at full speed.
I can't see any reason why it would not be feasible.
Ok, on Windows it would be a bit tricky, because the software manufacturer would have to write some low-level drivers for use during boot. Also they would have to persuade Windows to install on an encrypted drive. But otherwise it should ok.
On Linux it *should* be a walk in the park, just use an initrd (as Red Hat already do) - which would be unencrypted on a small /boot partition - and store the encryption software in there.
The password would be prompted for at boot time before anything very much loads, and would be retained and used for the entire session.
Slarty
-
Reminds me of the HDLock from Authenex, you need their A-Key to use it, it does the encryption so there's "supposedly" no performance loss, though I'm not so sure that there would be absolutely none. Here's the website, more than likely a little more than what you were looking for but it's a thought.
http://www.authenex.com/products_hdl...ariable=hdlock
-
Just type in "cipher" at the command line and encrypt all ur folders. Eventually if u cipher all the folders then ur whole HD will be encrypted. If you do this command: cipher \s c:\windows then all the folders and subdirectories (the \s command does this) will be encrypted. So do that for all the folders on the C: drive and use the \s command to make it faster and after some tiem all ur folders/files shall be encrypted. Other users cannot see it and data put on a CD or floppy or emailed will not be able to read it.
-
Thanks for the answer slarty like I said I have never thought of doing that and don't see a reason why I personally would do it. I see why someone else might want to.
