Your Free Virus Removal

Find Your Tools for Free Virus Removal and Free Spyware Removal

Protecting your data with hard drive encryption

Before you try ANYTHING in this document back up your files.

There are numerous reasons for wanting to protect your hard drive with encryption. I will cover both Windows and Linux topics in this article. An important thing to remember is that hard drive encryption only and I mean ONLY protects idle data, that means if your computer is loaded up into Windows or Linux, your data in insecure. Alright, so, Windows and Linux go about encrypting drives different ways. Windows computers (Windows 2000 and up support this, NOT XP Home though), use EFS, or Encrypting File System. Linux computers accomplish the task by means of either loop-aes or LUKS/Dm-Crypt.

Windows users use EFS if they wish to use a Windows proprietary solution. EFS uses a password or a smart card to secure the file system. EFS is hinged on password security as the password that the user keys in is used for the encryption of the disks. The method of configuring your disks for EFS is as follows:

  1. Open My Computer
  2. Right Click on the Folder or Hard Drive
  3. Select Properties
  4. Under Properties, select Advanced
  5. Under Advanced, select “Encrypt contents…”

Additionally, Microsoft provides a cipher command: cipher /e /a and cipher /e /d this command will encrypt a directory’s contents and the second will decrypt a directory’s contents.

The Linux folk have it a little tougher, but in my opinion the security is MUCH better. For this, I am assuming a kernel that is 2.6.24 or better, with the modules AES-$ARCH and xts. You will also need the modules dm-crypt and sha512. You will also need to be familiar with cryptsetup and “dd”.  We will be creating a very secure configuration with a USB key file. I assume you know how to configure grub and work with Linux if something breaks. Here are the commands, I prefer to do them before I load a Linux operating system, but you can just move your Linux distribution from one drive to another while you do this! Alright, so first things first, we need a key file consisting of random junk with which to secure our computer’s hard drives with:

dd if=/dev/urandom of=my.key.file bs=1M count =1

Okay good, we have created a one megabyte file of garbage, next we have to load some modules:


modprobe aes-i586 && modprobe sha512 && modprobe xts && modprobe dm-crypt

Okay, now we will set up the actual disk encryption and mount it. You can take the rest from there!

cryptsetup –c aes-xts-benbi –h sha512 –s 512 luksFormat <hard drive> my.key.file && \

cryptsetup –d my.key.file luksOpen <hard drive> root && mount /dev/mapper/root /<mount/point>

Well, I hope you’ve enjoyed this introduction into disk encryption; there is a lot to learn!

Share