IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [disk-encryption]

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

588 questions
0
votes
0 answers

TPM vs TCM - InTune and BitLcoker compliance in China

It appears that TPM is banned in China, therefore, Dell laptops shipped to China are equipped with TCM chips instead of TPM. How secure is TCM? gov backdoors? Wondering how does if devices with TCM are InTune & BitLocker compatible
Robert Joodat
  • 79
  • 1
  • 4
0
votes
1 answer

Why would FDE miss slack space, swap files and memory?

I'm reviewing a ISO27001 Gap Analysis workbook and under Control A.11.2.7 someone has left the note: If full disk encryption (FDE) is used on a device is there a policy in place to ensure the encryption is strong enough to cover the entire disk…
L23P
  • 103
  • 2
0
votes
2 answers

How to securely encrypt my computer and protect it from thieves and others

I did enabled Bitlocker encryption on my Windows 10 Pro Laptop. but it has TPM 2.0 chip installed and Because of that it DOES NOT actually Protecting me as someone JUST NEED TO CRACK 1 PASSWORD (windows login screen password) and Boom. THEY OWN MY…
iudhfgihdfigh
  • 1
0
votes
1 answer

Taking encrypted devices across borders

I am moving to a country where the government can compel you to reveal passwords for your devices at the border, rendering the full disk encryption on my linux laptop useless. Other than uploading everything to the cloud, what else can I do to take…
devilindetailz
  • 1
0
votes
1 answer

Encrypted drives and non-interactive use

I would like to protect the data on my backup system, in case it gets (physically) stolen. I would encrypt the hard drives where the data resides. Since the backup system typically acts non-interactive (wake-on-lan and rsync/ssh), I would like to…
user236012
  • 101
  • 1
0
votes
1 answer

Is there a danger of a data leak if a rotational SAS drive is encrypted after the fact?

If a rotational SAS drive (non-SSD) is encrypted after it has been in use for some time e.g. several years, is there a danger of a data leak? For example, if the drive is encrypted and subsequently formatted e.g. dd, can data be…
Motivated
  • 1,493
  • 1
  • 14
  • 25
0
votes
2 answers

What are the disadvantage of only encrypting the HDD compared to FDE with secure boot

I read How secure are most FDE implementations? What are the disadvantage of only encrypting the HDD compared to FDE with secure boot. If I encrypt a disk in a running server, and someone gain access to the machine (because login to the machine was…
Ahmad Ismail
  • 127
  • 5
0
votes
3 answers

How good/bad are these transparent Linux consumer FDE setup options? (e.g. for auto-unlocking LUKS)

UPDATED Summary: I'm looking at Linux FDE options that are transparent to the user (my parents) in that the user doesn't need to enter 2 passwords. I found/thought of several options and tried to think through the security implications of each...…
zpangwin
  • 321
  • 2
  • 9
0
votes
1 answer

Difference between Disk Encryption and Volume Encryption?

I'm trying to understand the different between disk encryption and volume encryption, more specifically as it relates to SAP HANA, link here. From my understanding Disk Encryption prevents the threat where someone physically disks your server/disk.…
user1876202
  • 159
  • 5
0
votes
1 answer

How does Bitlocker Drive encryption work and which info are sent?

I'm looking forward to discovering more about the way in which USB devices encrypted with BitLocker are protected. If I insert a USB key encrypted with BitLocker on a different device, I can access the storage only if I have the recovery key,…
franz1
  • 481
  • 1
  • 6
  • 13
0
votes
2 answers

Can a custom built CPU break hard drive encryption?

While a hard drive is decrypted on boot up, can the original phrase be intercepted at some comparison calculation step by a specially built CPU or is there some higher math involved? This would be blatant, so I guess not. But would like to make sure…
user236873
0
votes
1 answer

Why would you use random algorithm for CSFLE if you can't query the inserted data?

I think I really misunderstand something about data encryption. This guide (https://docs.mongodb.com/manual/core/security-client-side-encryption/#randomized-encryption) says the following: "Encrypting the personal_information and phone_numbers…
szeb
  • 3
  • 3
0
votes
1 answer

How to best prevent data recovery on a disk drive without physically destroying it?

The recommended way of ensuring that data on a hard disk cannot be recovered is to destroy it physically, for example using a hammer, drill or even thermite. Question When physical disk destruction is not an available option, what is the next best…
stevec
  • 1,214
  • 1
  • 7
  • 16
0
votes
0 answers

Asymmetric Encrypted Container

I'd like to set up a remote backup for my PC. I want to have it run at scheduled times, encrypting the data locally and then transmitting it to the server. I'd like to use something popular and open source (like veracrypt), but most of those seem to…
BeB00
  • 101
  • 2
0
votes
0 answers

How to have full drive encyption that is unlocked while a USB device is plugged in?

I'd like a solution that autounlocks Bitlocker, VeraCrypt or similar FDE on Windows 10 while I have a device plugged in. When it's not plugged in (or I lose/destroy the device) it should just ask for a password of considerable length (not just a…
Firsh - justifiedgrid.com
  • 131
  • 4
1 2 3
39 40