IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [disk-encryption]

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

588 questions
28
votes
2 answers

How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)

There are built-in functionalities to encrypt a storage on OS X (FileVault) and Android. On OS X: to enable encryption current user must have a password protected account. After enabling the encryption, recovery key is generated (something like…
user164892
28
votes
2 answers

Right way to use the TPM for full disk encryption

I'm currently setting up a BitLocker equivalent using a TPM and LUKS. I've got the basics right and I'm able to measure the boot process and seal the FDE key using the TPM. Every time the sensitive parts (firmware, bootloader, kernel) are updated…
André Borie
  • 12,706
  • 3
  • 39
  • 76
27
votes
5 answers

How secure is FileVault 2 while the computer is in sleep mode?

How secure is Apples disk encryption FileVault 2 when someone has physical or network access while the computer in sleep mode or is running a screen saver? Are there ways to circumvent FileVault 2 when the computer is not turned off?
chiborg
  • 643
  • 1
  • 6
  • 12
26
votes
3 answers

For LUKS: The most preferable and safest cipher?

I'm about to encrypt two of my hard drives using LUKS, since I can't really do it myself I use the guide on the Arch Linux wiki (which can be found here). In an example in the guide the cipher specified is aes-xts-plain with a 512-bit key size. Is…
Peter
  • 261
  • 1
  • 3
  • 3
26
votes
4 answers

Multi-boot with full hard drive encryption and pre-boot authentication

How would I set up a multiboot system which supports full hard drive encryption and pre-boot authentication. I have a system with Ubuntu, Windows 7, Windows XP, and I would like to install Red Hat. I use grub 2 boot loader. What software would…
dabest1
  • 363
  • 1
  • 3
  • 6
26
votes
5 answers

What does LUKS header contain?

What is contained inside the LUKS header? I know, the header has size of 2MB. Also, cryptsetup supports "detached header", where the header can be stored in a separate file. Thus, for example, I can format luks device and specify detached header in…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
26
votes
4 answers

Is a file shredder/secure erase necessary when you have full disk encryption turned on?

The password manager that I use has instructions to migrate to a new file format: Export existing passwords to a temporary text file Change password manager to new format Import passwords from temporary text file Securely erase the temporary text…
JonnyWizz
  • 1,971
  • 1
  • 14
  • 34
24
votes
4 answers

Is it possible to boot an encrypted server remotely and securely?

Imagine you have a server that is at a location which is not trustworthy. People might have physical access to the machine who are not supposed to look at the data stored on it. In this scenario I thought about setting up a server with full disk…
Chris
  • 652
  • 6
  • 12
24
votes
6 answers

What are the good use cases for disk encryption?

I've been researching disk/file system encryption, and on the surface it seems like a good idea for a lot of things. But as I dig further, the security it offers seems more mirage like than real. For example, it seems like there is little point in…
user1971
  • 783
  • 6
  • 9
23
votes
3 answers

Free/Libre software to handle TCG OPAL 2.0-compliant Self-Encrypting Drives (SEDs)?

I'm in search of a free/libre software that is able to handle OPAL (2.0)-compliant SEDs (i.e. manage the setting of Pre-Boot Authentification (PBA) environment, encryption keys...). It could be a utility that runs as a live image (thus…
neitsab
  • 343
  • 1
  • 2
  • 7
23
votes
2 answers

Does File-Based Encryption offer comparable security to Full-Disk Encryption on Android?

Between version 4.4 and 9, Android supported Full-Disk Encryption (FDE). On Android 7, a new system called File-Based Encryption (FBE) was introduced, and was subsequently made mandatory on Android 10. The primary upside cited in the page for…
user163495
23
votes
3 answers

What happens when a TPM chip breaks or fails?

I read that a TPM (Trusted Platform Module) has some sort of burnt in key that it uses, along with the password you provide, to encrypt your data. The point is that you cannot decrypt your Hard Disk without the TPM (please correct me if I'm wrong).…
Fresco
  • 333
  • 1
  • 2
  • 4
22
votes
1 answer

Linux, TRESOR and XTS

I want to switch from using LUKS for full disk encryption to TRESOR. TRESOR tries to prevent cold boot attacks by storing the encryption key in the CPU's registers. It uses the kernel's crypto API for things like getting IVs and using a mode like…
twisted_pear
  • 321
  • 1
  • 3
21
votes
6 answers

Why use a Smartcard for (Two Factor) Auth instead of another medium?

I recently installed Bitlocker on my Windows 8.1 machine, using only a password. I was thinking of getting something other than just a password for my storage drive, something physical, like a USB, SD Card, or Smart Card! I've asked and poked…
Lighty
  • 2,368
  • 1
  • 23
  • 36
20
votes
2 answers

TrueCrypt vs BitLocker

I would like to ask which one of these TrueCrypt or BitLocker is safer to implement and encrypt the data in a small business environment (Windows 7, 8.1 and Windows Server 2012r) I read about BitLocker and I am confused. Many IT professionals…
Michal Koczwara
  • 1,580
  • 3
  • 15
  • 27
1
2
3
39 40