2
I'm having a new 8 TB hard drive and I would like to encrypt it. I know that encrypting the full space would take hours or days. Since it's new and there isn't data on it yet, I'm considering to encrypt the used space only.
How secure is that and what would you suggest me if there is a better option or alternative?
2It may be worth explicitly stating that Bitlocker is almost certainly the most appropriate method of FDE for Windows, just like LUKS is the standard for Linux, (and arguably Veracrypt for cross-platform/open source demands.) – davidgo – 2019-10-11T19:47:21.277
1
How is it less secure if it is a new drive? MS documentation (from the "More information" section of your link) says otherwise "*encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.*"
– lx07 – 2019-10-11T19:53:46.360@lx07 If encrypting an existing drive (particularly as SSD), it is possible some remnants will not be encrypted - for example bits surrounding bad sectors on hard drives. For SSD what the PC sees is an abstraction of the actual storage - SSD quietly remaps parts to level wear and mitigate write limits. Thus some data on an SSD won't actually be encrypted because the OS does not know its there. – davidgo – 2019-10-11T22:34:52.917