I am not sure if i understand everything but I need to backup a few drives and i would like them encrypted on disc. I know if a sector is scratched/corrupted there is a crc error. If i have a large file would a scratch on one part take down the entire disc?

What is a good program to encrypt files for DVD disc? (data disc, normal windows and linux files) The filenames must be encrypted as well. I prefer if no data was accessible or crackable until a password is used (i hear some bad databases keep the record amount and other data unencrypted...)

-edit- All of you, thanks. Those are some great answers and information :)

6 Answers6


According to Steven Gibson author of Spinrite and Host of Security Now, TrueCrypt is safe, he said he has done extensive testing, and a failure of a single sector would does not break the entire filesystem.

Steve: And so you're going to love what I have done to test this. I've even created bad sectors and watched how it handles unreadable and uncorrectable damage on the drive. And bottom line is they've nailed this whole aspect. I will use this without hesitation anywhere it would be useful to encrypt the entire system drive.

  • 128,755
  • 40
  • 271
  • 413
  • 5
    -1 Steve Gibson reference. He's the clown who claimed Windows XP was going to break the internet. When companies seek FIPS 140-2 certification for crypto products, that comprehensive review takes nearly a year with specialized experts. Gibson's ok means nothing -- if you lose someone's personal data, without a FIPS 140 validated solution, you'll need to publicly disclose the loss in most states. – duffbeer703 May 19 '09 at 03:50
  • 3
    @duffbeer703, the quote refers to the ability to recover data after partial HD failure, not how secure the product is. As for XP thing Steve overreacted. Just because a person can't predict the future accurately doesn't mean that everything they say or do is worthless. – Zoredache May 19 '09 at 04:41

I'm not sure I understand the problem but I have been using TrueCrypt to encrypt files and entire partitions

  • 183
  • 2
  • 7

On HDD media, scratches and other pallet based errors usually just effect the individual files/directories rather than the entire disk (actually for me, it was this way only on Linux; on Windows, the directories with affected files/directories were barely browsable). Normally for backups I would store each file in several different places (either physical media and/or buildings) along with some kind of checksum to verify the validity of the file.

Software: I'm with Edoode in that I highly recommend TrueCrypt for secure encryption of data on any media. In the case of DVDs, you can simply make a several Gig file which acts as the mountable encrypted Volume.

As to your last question, I personally would not trust DVDs as a long term backup solution. However, if you must, then I would recommend that you write at least 2 copies (one with you, and one in another safe area) each of which contain the volume file(s) and volume checksum(s) in the root directory. As the volume contains all your backup data in an encrypted form, the single checksum for the entire volume will suffice to ensure the validity of all data contained within. One last note: I would highly recommend that you confirm that the burn was successful either via your burning software or verify the checksum. And as with all encryptions, your data is only as secure as your password.

  • 404
  • 3
  • 7

Agree with Mike that DVD isn't necessarily the best choice -- HD space gets cheaper and more reliable every day. Having said that, regardless of the media, Truecrypt and GPG have both performed very well for me, are secure and reliable, and are both FOSS.

  • 5,610
  • 5
  • 30
  • 52

If you have basic knowledge of Linux systems, use rsynccrypto. It's a great piece of software open source code, which makes encrypted copies of your files on a remote server in a traffic-saving manner (which means it will only copy the differences between files, not the entire contents of the files, just like rsync). If a sector is scratched, only one specific file would be damaged.

There are many good techniques to add robustness without adding too much redundancy - adding your backup to a subversion repository, for example.

Adam Matan
  • 12,504
  • 19
  • 54
  • 73

Well, normally an encrypted file system will work similar to an unencrypted volume in this regard. Normally if there's an error, the data in that place is lost (if the drive cannot recover and relocate it).

If there's an error on an encrypted volume, the entire sector (say 512 bytes) where the error has occured (or possibly a few sectors with Bitlocker?) is lost with Truecrypt even if the data itself would not occupy that particular part of the sector if the volume was unencrypted.

If it's just data in that sector then that but only that data is gone. Chances are it's just a single file being damaged anyway. But if there's important disk header information - you may have bigger problems just as with a normal unencrypted volume.

With Truecrypt you can apparently backup the headers to be able to recover from this situation, and some later version seems to have some built-in redundancy in how it stores this information as well to further help with this problem.

Oskar Duveborn
  • 10,740
  • 3
  • 32
  • 48