1

Encryption obviously helps with securing your data. On the other hand, auto unlocking seems to make it completely useless.

Does disk encryption grant any additional security over no encryption, when auto unlock option is enabled?

By auto unlock I mean key stored in the same place as date without passphrase.

charlie_pl
  • 111
  • 3
  • 1
    Please see https://security.stackexchange.com/questions/135158/at-what-point-is-a-bitlocker-drive-unlocked-and-how-does-additional-pre-boot-pin?rq=1 – Tim Brigham Nov 03 '17 at 21:12
  • well, if the OS crashes, you can imagine the benefits of whole-disk... – dandavis Nov 03 '17 at 21:29
  • 1
    A small security benefit is it makes disk disposal easier, as you won't need to wipe the entire disk off, just wipe the decryption key and you're done. But yes, auto unlock fde (in the second sense of user3280964's answer) is kinda useless otherwise. – Lie Ryan Nov 04 '17 at 09:08

1 Answers1

1

It depends on what you mean by auto unlocking.

Auto unlock once when the device boots: There are benefits because if your device is stolen when powered off then the attacker can not copy the data offline. Without encryption, they could (even if they didn't know your login)

Always auto unlock (no matter what state the device is in, it will always unlock itself automatically for anybody and at any time): I can't think of any benefits because by definition the device is unlocked and fully accessible. I guess one benefit might be that if the device has a restricted IO/GUI/API then this prevents reverse engineering or getting at the raw data.

user3280964
  • 1,130
  • 2
  • 7
  • 13
  • I just realized that auto unlock might help when data on disc is removed. Plaintext would be easy to restore, but encrypted, even if auto unlocked would be much harder. – charlie_pl Nov 04 '17 at 07:04