-1
I am in the process of encrypting data on a thumb drive. I plan to add and remove data from this drive often. Will it always be protected from outside access, or will I be required to re-encrypt every time I change the content on the drive in any way?
GodJohnson
Posted 2017-04-28T17:17:38.727
Reputation: 13
0
The key is that this type of encryption is always encrypted on disk, it's never really decrypted to disk, and only decrypted in RAM a few blocks at a time as required for reading.
archlinux has a nice wiki page on Disk encryption with good overview info, like:
All disk encryption methods operate in such a way that even though the disk actually holds encrypted data, the operating system and applications "see" it as the corresponding normal readable data as long as the cryptographic container (i.e. the logical part of the disk that holds the encrypted data) has been "unlocked" and mounted.
Stacked filesystem encryption solutions are implemented as a layer that stacks on top of an existing filesystem, causing all files written to an encryption-enabled folder to be encrypted on-the-fly before the underlying filesystem writes them to disk, and decrypted whenever the filesystem reads them from disk.
Block device encryption methods, on the other hand, operate below the filesystem layer and make sure that everything written to a certain block device (i.e. a whole disk, or a partition, or a file acting as a virtual loop-back device) is encrypted. This means that while the block device is offline, its whole content looks like a large blob of random data, with no way of determining what kind of filesystem and data it contains. Accessing the data happens, again, by mounting the protected container (in this case the block device) to an arbitrary location in a special way.
... a high-level introduction to the concepts and processes which are at the heart of usual disk encryption setups.
It does not go into technical or mathematical details (consult the appropriate literature for that), but should provide a system administrator with a rough understanding of how different setup choices (especially regarding key management) can affect usability and security.
Xen2050
Posted 2017-04-28T17:17:38.727
Reputation: 12 097
1
Bitlocker encrypts the entire file system, so any new/modified files will be written encrypted on-the-fly. Similarly, they will be decrypted on-the-fly when accessed by the OS.
However, the volume containing the file system will need to be unlocked before the file system can be mounted by the OS. Depending upon your specific requirements, this can be configured to happen transparently to the user, if needed.
Brian
Posted 2017-04-28T17:17:38.727
Reputation: 671
reasons behind down votes would be nice...mailbox heads – GodJohnson – 2017-04-29T20:58:27.040
I'm not sure, there are sometimes "drive-by downvoters" that seem to downvote things they just don't like...? Or maybe it seems like the question's essentially "how does bitlocker generally work? Are my files always encrypted?" is that accurate? PS what's "mailbox heads" mean? – Xen2050 – 2017-05-01T11:31:05.417
I agree its a very simple question, however I firmly believe that discouraging questions takes away from learning for all people by making them afraid to ask questions they don't know the answer to ("No such thing as a dumb question"). The most important part of this question was to verify that modifying an encrypted drive does not require that you re-encrypt it. Based on any cursory research this question is not answered, and to me does not have an intuitive answer. Mailbox head was a term used by Captain Murphy in a show called Sealab 2021. A very funny show I recommend you check out ^_^. – GodJohnson – 2017-05-01T14:07:32.247
The key's probably that this sort of encryption is always encrypted on disk, it's only decrypted a few blocks at a time in RAM to read it. (I suspect there are similar Q's somewhere, but maybe none identical... might as well make that line into an "official answer" I guess). PS I saw a few episodes of Sealab, it was a little too weird. I did enjoy Jon Hamm's version in Archer though – Xen2050 – 2017-05-03T11:35:28.737