IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [disk-encryption]

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

588 questions
106
votes
10 answers

Prevention measures against laptop seizure at US borders

Since laptop and other electronic device seizures at US borders became legal without a warrant (including making copies of data), 7% of ACTE's business travelers reported being subject to a seizure as far back as February 2008. What measures have IT…
Dan Dascalescu
  • 1,945
  • 2
  • 15
  • 23
91
votes
2 answers

How secure is Ubuntu's default full-disk encryption?

How secure is the encryption offered by ubuntu (using the disk utility)? What algorithm is used underneath it? If someone could at least provide a link to some documentation or article regarding that I would be very grateful. Reference:
Jonnathan Soares
  • 1,021
  • 1
  • 8
  • 7
83
votes
7 answers

What does Amazon's S3 Server-side encryption protect against?

Amazon's S3 storage service offers server-side encryption of objects, automatically managed for the user (Amazon's Documentation). It's easy to enable so I'm thinking "why not?", but what kind of security does this really provide? I guess it…
Hank
  • 933
  • 1
  • 6
  • 4
78
votes
7 answers

Are there actually any advantages to Android full-disk encryption?

So, since Android 3, devices can perform boot-time, on-the-fly encryption/decryption of the application storage area (NOT the SDcard/removable storage) - essentially full-disk encryption. This requires a password/passphrase/PIN to be set as the…
scuzzy-delta
  • 9,303
  • 3
  • 33
  • 54
66
votes
4 answers

Is there a reason to use TrueCrypt over VeraCrypt?

I am looking to encrypt a few drives of mine, and my ONLY interest is security. It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa. There is a lot of talk about "TrueCrypt is dead" and it seems there are two forks…
Radmilla Mustafa
  • 1,018
  • 3
  • 10
  • 12
51
votes
5 answers

Are there any reasonable TrueCrypt forks?

Unfortunately, TrueCrypt may have been discontinued yesterday. I use LUKS on Linux, but I liked the fact that with TrueCrypt I had a portable solution across Windows, Mac, & Linux. TrueCrypt has its own license, but it was Open Source. Are you…
Michał Šrajer
  • 4,154
  • 4
  • 18
  • 21
48
votes
4 answers

Aren't keyfiles defeating the purpose of encryption?

I just added a drive to my system which is basically a partition mounted for extra storage. I'd like to encrypt it to protect my data in case of god knows what, and by doing that I'd need to enter the passphrase every time to unlock the partition. I…
php_nub_qq
  • 787
  • 1
  • 6
  • 13
48
votes
5 answers

Is laptop "secure sleep" mode theoretically possible?

For laptops with full disk encryption or home folder encryption, one of the risks if it is stolen while in sleep mode is that the encryption key is stored in memory and can be read if an attacker knows how. To me, it seems that, in theory,…
Peter Rankin
  • 591
  • 4
  • 6
47
votes
9 answers

How to prevent a hosting company from accessing a VM's encryption keys?

I want to prevent potential theft of my web application (source code + database) by my local hosting company, that I don't fully trust for some reason (but have no other choice but to use as they give, by far, the best latency over here). I'm…
BenMorel
  • 909
  • 1
  • 7
  • 13
46
votes
10 answers

Is full disk encryption on a server in a secure data center pointless?

I am having a debate with several people regarding how much protection full disk encryption provides. dm-crypt is being used to encrypt data which is required by my company to be encrypted at rest. The Linux servers hosting the data reside in a…
user4755220
  • 619
  • 1
  • 6
  • 5
45
votes
3 answers

How can Android encryption be so fast?

Android uses full-disk encryption to encrypt files and decrypt them at startup. What I don't understand is that decrypting multiple gigabytes of files must take a lot of time, if nothing else then atleast the IO access time required to read all the…
Aayush Mahajan
  • 541
  • 1
  • 4
  • 6
43
votes
4 answers

How does Android L achieve strong encryption with a low entropy passphrase?

After upgrading to Android L on my Nexus 5, I was pleased to find that I can enable encryption using a pattern as the passphrase. However, it soon got me thinking. I'm guessing the encryption key is ultimately derived from the pattern which is very…
tangrs
  • 688
  • 5
  • 12
42
votes
4 answers

Is it possible to tell if hard drive is encrypted?

Is it possible to tell if a hard drive is encrypted, regardless of what software was used, i.e., Truecrypt / VeraCrypt / Bitlocker for AES-256? Just the other day, I thought it could be possible to tell if I scan the drive with "Sector View" to read…
cpx
  • 587
  • 1
  • 4
  • 8
33
votes
6 answers

How secure is NTFS encryption?

How secure is the data in a encrypted NTFS folder on Windows (XP, 7)? (The encryption option under file|folder -> properties -> advanced -> encrypt.) If the user uses a decent password, can this data be decrypted (easily?) if it, say, resides on a…
Martin
  • 1,247
  • 2
  • 12
  • 19
28
votes
5 answers

Is a password-protected stolen laptop safe?

Let's assume I have a Windows 10 computer and my login password has an entropy of infinity. If I did not encrypt my entire hard-drive, does it matter how secure my password is? Is it possible for someone to plug the hard-drive into another computer…
EML
  • 809
  • 5
  • 11
1
2 3
39 40