Encrypted hard drive in Windows. Reliable USB drive password without third-party software
In Windows Vista, Windows 7 and Windows 8 versions Pro and higher, developers have created a special technology to encrypt the contents of logical partitions on all types of external drives and USB flash drives - BitLocker.
What is it for? If you run BitLocker, then all files on the disk will be encrypted. Encryption occurs transparently, that is, you do not need to enter a password every time you save a file - the system does everything automatically and quietly. However, once you turn off this drive, the next time you turn it on you will need a special key (a special smart card, flash drive or password) to access it. That is, if you accidentally lose your laptop, you will not be able to read the contents of the encrypted disk on it, even if you remove the hard drive from this laptop and try to read it on another computer. The encryption key is so long that the time it takes to try all possible combinations to select the correct option on the most powerful computers will take decades. Of course, the password can be found out through torture or stolen in advance, but if the flash drive was lost by accident, or it was stolen without knowing that it was encrypted, then it will be impossible to read it.
Setting up BitLocker encryption using Windows 8 as an example: encrypting the system drive and encrypting flash drives and external USB drives.
Encrypting the system disk
A requirement for BitLocker to work to encrypt the logical drive on which the Windows operating system is installed is to have an unencrypted boot partition: the system must still start from somewhere. If you install Windows 8/7 correctly, then during installation two partitions are created - an invisible partition for the boot sector and initialization files and the main partition on which all files are stored. The first one is precisely the section that does not need to be encrypted. But the second partition, in which all files are located, is encrypted.
To check if you have these partitions, open Computer management
go to section Storage devices - Disk management.
In the screenshot, the partition created to boot the system is marked as SYSTEM RESERVED. If it is, then you can safely use the BitLocker system to encrypt the logical drive on which Windows is installed.
To do this, log into Windows with administrator rights, open Control Panel
go to section system and safety
and enter the section BitLocker Drive Encryption.
You will see in it all the drives that can be encrypted. Click on the link Enable BitLocker.
Setting up security policy templates
At this point, you may receive a message stating that disk encryption is not possible until security policy templates are configured.
The fact is that in order to run BitLocker, the system needs to allow this operation - only an administrator can do this and only with his own hands. This is much easier to do than it seems after reading incomprehensible messages.
Open Conductor, press Win+R- an input line will open.
Enter and execute:
gpedit.msc
Will open Local Group Policy Editor. Go to section
Administrative Templates
- Windows components
-- This policy setting allows you to select BitLocker drive encryption
--- Operating system disks
---- This policy setting allows you to configure the requirement for additional authentication at startup.
Set the parameter value Included.
After this, save all values and return to Control Panel- you can run BitLocker drive encryption.
Creating a key and saving it
The system will offer you two key options to choose from: password and flash drive.
When using a flash drive, you can use the hard drive only if you insert this flash drive - the key will be written on it in encrypted form. If you use a password, you will need to enter it every time you access the encrypted partition on this disk. In the case of a computer's system logical drive, a password will be needed during a cold boot (from scratch) or a full restart, or when trying to read the contents of a logical drive on another computer. To avoid any pitfalls, create a password using English letters and numbers.
After creating the key, you will be asked to save information to restore access if it is lost: you can save a special code in a text file, save it on a flash drive, save it in your Microsoft account, or print it.
Please note that it is not the key itself that is saved, but a special code required for the access restoration procedure.
Encryption of USB drives and flash drives
You can also encrypt external USB drives and flash drives - this feature first appeared in Windows 7 under the name BitLocker To Go. The procedure is the same: you create a password and save the recovery code.
When you mount a USB drive (connect it to a computer) or try to unlock it, the system will ask you for a password.
If you do not want to enter a password every time, because you are confident in the security when working on this computer, then you can indicate in the additional parameters when unlocking that you trust this computer - in this case, the password will always be entered automatically until you unconfigure the trust. Please note that on another computer the system will ask you to enter a password, since the trust setting on each computer works independently.
Once you've worked with the USB drive, unmount it, either by simply unplugging it or through the secure eject menu, and the encrypted drive will be protected from unauthorized access.
Two encryption methods
When encrypting, BitLocker offers two methods that have the same result, but different execution times: you can encrypt only the space occupied by information, skipping the processing of empty space, or go through the entire disk, encrypting the entire space of the logical partition, including unoccupied space. The first happens faster, but it remains possible to restore information from scratch. The fact is that with the help of special programs you can restore information, even if it was deleted from the Recycle Bin, and even if the disk was formatted. Of course, this is difficult to do practically, but the theoretical possibility is still there if you do not use special utilities for deletion that permanently delete information. When encrypting the entire logical drive, the space marked as empty will also be encrypted, and there will be no possibility of recovering information from it even with the help of special utilities. This method is absolutely reliable, but slower.
When encrypting a disk, it is advisable not to turn off the computer. It took me about 40 minutes to encrypt 300 gigabytes. What happens if the power suddenly goes out? I don’t know, I haven’t checked, but on the Internet they write that nothing bad will happen - you just need to start encryption again.
Conclusion
Thus, if you constantly use a flash drive on which you store important information, then with the help of BitLocker you can protect yourself from important information falling into the wrong hands. You can also protect information on computer hard drives, including system drives - just turn off the computer completely, and the information on the drives will become inaccessible to outsiders. Using BitLocker after setting up security policy templates does not cause any difficulties even for untrained users; I did not notice any slowdown when working with encrypted drives.
This is the fourth of five articles on our blog dedicated to VeraCrypt; it examines in detail and provides step-by-step instructions on how to use VeraCrypt to encrypt an entire system partition or disk with the Windows operating system installed.
If you are looking for how to encrypt a non-system hard drive, encrypt individual files or an entire USB flash drive, and also want to learn more about VeraCrypt, take a look at these links:
This encryption is the most secure since absolutely all files, including any temporary files, hibernation file (sleep mode), swap file and others are always encrypted (even in the event of an unexpected power outage). The operating system log and registry, which store a lot of important data, will be encrypted as well.
System encryption works through authentication before the system boots. Before your Windows starts booting, you will have to enter a password that will decrypt the system partition of the disk containing all the operating system files.
This functionality is implemented using the VeraCrypt bootloader, which replaces the standard system bootloader. You can boot the system if the boot sector of the hard drive, and therefore the bootloader itself, is damaged using VeraCrypt Rescue Disk.
Please note that the system partition is encrypted on the fly while the operating system is running. While the process is ongoing, you can use the computer as usual. The above is also true for decryption.
List of operating systems for which system disk encryption is supported:
- Windows 10
- Windows 8 and 8.1
- Windows 7
- Windows Vista (SP1 or later)
- Windows XP
- Windows Server 2012
- Windows Server 2008 and Windows Server 2008 R2 (64-bit)
- Windows Server 2003
Step 1 - Encrypt the system partition
Launch VeraCrypt, in the main program window go to the System tab and select the first menu item Encrypt system partition/drive (Encrypt system partition/disk).
Step 2 – Selecting Encryption Type
Leave the default type Normal (Ordinary) If you want to create a hidden partition or a hidden OS, then pay attention to the additional features of VeraCrypt. Click Next
Step 3 – Encryption Area
In our case, it is not fundamentally important to encrypt the entire disk or just the system partition, since we have only one partition on the disk that takes up all the free space. It is possible that your physical disk is divided into several partitions, for example C:\ And D:\. If this is the case and you want to encrypt both partitions, choose Encrypt the whole drive.
Please note that if you have several physical disks installed, you will have to encrypt each of them separately. Disk with a system partition using these instructions. How to encrypt a disk with data is written.
Select whether you want to encrypt the entire disk or just the system partition and click the button Next.
Step 4 – Encrypt Hidden Partitions
Select Yes If your device has hidden partitions with computer manufacturer utilities and you want to encrypt them, this is usually not necessary.
Step 5 – Number of Operating Systems
We will not analyze the case when several operating systems are installed on the computer at once. Select and press button Next.
Step 6 – Encryption Settings
Selection of encryption and hashing algorithms, if you are not sure what to choose, leave the values AES And SHA-512 default as the most powerful option.
Step 7 - Password
This is an important step; here you need to create a strong password that will be used to access the encrypted system. We recommend that you carefully read the developers' recommendations in the Volume Creation Wizard window on how to choose a good password.
Step 8 – Collecting Random Data
This step is necessary to generate an encryption key based on the password entered earlier; the longer you move the mouse, the more secure the resulting keys will be. Move the mouse randomly at least until the indicator turns green, then click Next.
Step 9 - Generated Keys
This step informs you that the encryption keys, binding (salt) and other parameters have been successfully created. This is an information step, click Next.
Step 10 – Recovery Disk
Specify the path where the ISO image of the rescue disk will be saved. You may need this image if the VeraCrypt bootloader is damaged, but you will still need to enter the correct password.
Save the recovery disk image to removable media (for example a flash drive) or burn it to an optical disk (we recommend) and click Next.
Step 11 - The recovery disk is created
Note! Each encrypted system partition requires its own recovery disk. Be sure to create it and store it on removable media. Do not store the recovery disk on the same encrypted system drive.
Only a recovery disk can help you decrypt data in case of technical failures and hardware problems.
Step 12 – Clearing Free Space
Clearing free space allows you to permanently remove previously deleted data from a disk, which can be recovered using special techniques (especially important for traditional magnetic hard drives).
If you are encrypting an SSD drive, select 1 or 3 passes; for magnetic disks we recommend 7 or 35 passes.
Please note that this operation will affect the overall disk encryption time, for this reason, refuse it if your disk did not contain important deleted data before.
Do not choose 7 or 35 passes for SSD drives, magnetic force microscopy does not work in the case of SSDs, 1 pass is enough.
Step 13 – System Encryption Test
Perform a system encryption pre-test and see the message that the VeraCrypt boot loader interface is entirely in English.
Shan 14 – What to do if Windows does not boot
Read, or better yet, print out the recommendations in case what to do if Windows does not boot after a reboot (this happens).
Click OK if you have read and understood the message.
These days we constantly deal with information. Thanks to the development of information technology, work, creativity, and entertainment have now largely become processes for processing or consuming information. And among this huge amount of information, some of the data should not be publicly available. Examples of such information include files and data associated with business activities; private archives.
Some of this data is not intended for the general public simply because “they don’t need to know about it”; and some information is vital.
This article is devoted to the reliable protection of vital information, as well as any files that you want to protect from access by others, even if your computer or storage media (flash drive, hard drive) falls into the hands of unauthorized persons, including those who are technically advanced and have access to powerful computing resources.
Why you shouldn't trust closed-source encryption software
Closed-source programs can include “bookmarks” (and don’t hope they aren’t there!) and the ability to open encrypted files using a master key. Those. you can use any, even the most complex password, but your encrypted file can still be opened with ease, without brute-forcing passwords, using a “bookmark” or the owner of the master key. The size of the encryption software company and the name of the country do not matter in this matter, since this is part of the government policy of many countries. After all, we are surrounded by terrorists and drug dealers all the time (what can we do?).
Those. Truly strong encryption can be achieved by properly using popular open source software and a crack-resistant encryption algorithm.
Is it worth switching from TrueCrypt to VeraCrypt?
The reference program that has been providing very secure file encryption for many years is TrueCrypt. This program still works great. Unfortunately, development of the program has currently been discontinued.
Its best successor was the VeraCrypt program.
VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a.
VeraCrypt continues the best traditions of TrueCrypt, but adds enhanced security to the algorithms used to encrypt systems and partitions, making your encrypted files immune to new advances in brute-force attacks.
VeraCrypt has also fixed many of the vulnerabilities and security issues found in TrueCrypt. It can work with TrueCrypt volumes and offers the ability to convert TrueCrypt containers and non-system partitions to the VeraCrypt format.
This improved security only adds some latency to opening encrypted partitions, without any performance impact during the encrypted drive phase. For a legitimate user this is an almost imperceptible inconvenience, but for an attacker it becomes almost impossible to gain access to encrypted data, despite the presence of any computing power.
This can be clearly demonstrated by the following benchmarks for cracking (brute force) passwords in Hashcat:
For TrueCrypt:
Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev.#1.: 21957 H/s (96.78ms) Speed.Dev.#2.: 1175 H/s (99.79ms) Speed.Dev.#* .: 23131 H/s Hashtype: TrueCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev.#1.: 9222 H/s (74.13ms) Speed.Dev.#2.: 4556 H/s (95.92ms) Speed.Dev.#*.: 13778 H/s Hashtype: TrueCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev.#1.: 2429 H/s (95.69ms) Speed.Dev.#2.: 891 H /s (98.61ms) Speed.Dev.#*.: 3321 H/s Hashtype: TrueCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev.#1.: 43273 H/s (95.60ms) Speed.Dev.#2.: 2330 H/s (95.97ms) Speed.Dev.#*.: 45603 H/s
For VeraCrypt:
Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit Speed.Dev.#1.: 68 H/s (97.63ms) Speed.Dev.#2.: 3 H/s (100.62ms) Speed.Dev.#* .: 71 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA512 + XTS 512 bit Speed.Dev.#1.: 26 H/s (87.81ms) Speed.Dev.#2.: 9 H/s (98.83ms) Speed.Dev.#*.: 35 H/s Hashtype: VeraCrypt PBKDF2-HMAC-Whirlpool + XTS 512 bit Speed.Dev.#1.: 3 H/s (57.73ms) Speed.Dev.#2.: 2 H /s (94.90ms) Speed.Dev.#*.: 5 H/s Hashtype: VeraCrypt PBKDF2-HMAC-RipeMD160 + XTS 512 bit + boot-mode Speed.Dev.#1.: 154 H/s (93.62ms) Speed.Dev.#2.: 7 H/s (96.56ms) Speed.Dev.#*.: 161 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit Speed.Dev.#1.: 118 H /s (94.25ms) Speed.Dev.#2.: 5 H/s (95.50ms) Speed.Dev.#*.: 123 H/s Hashtype: VeraCrypt PBKDF2-HMAC-SHA256 + XTS 512 bit + boot-mode Speed.Dev.#1.: 306 H/s (94.26ms) Speed.Dev.#2.: 13 H/s (96.99ms) Speed.Dev.#*.: 319 H/s
As you can see, cracking encrypted VeraCrypt containers is several orders of magnitude more difficult than TrueCrypt containers (which are also not at all easy).
I published the full benchmark and description of the hardware in the article “”.
The second important issue is reliability. No one wants to lose valuable and important files and information due to a software error. I knew about VeraCrypt as soon as it appeared. I followed her development and constantly looked closely at her. Over the past year I have completely switched from TrueCrypt to VeraCrypt. Over the course of a year of daily use, VeraCrypt has never let me down.
Thus, in my opinion, it is now worth switching from TrueCrypt to VeraCrypt.
How VeraCrypt works
VeraCrypt creates a special file called a container. This container is encrypted and can only be connected if the correct password is entered. After entering the password, the container is displayed as an additional disk (like an inserted flash drive). Any files placed on this disk (i.e., in the container) are encrypted. As long as the container is connected, you can freely copy, delete, write new files, and open them. Once a container is disconnected, all files on it become completely inaccessible until it is connected again, i.e. until the password is entered.
Working with files in an encrypted container is no different from working with files on any other drive.
When opening a file or writing it to a container, there is no need to wait for decryption - everything happens very quickly, as if you were really working with a regular disk.
How to Install VeraCrypt on Windows
There was a half-spy story with TrueCrypt - sites were created to “download TrueCrypt”, on them the binary file (well, of course!) was infected with a virus/Trojan. Those who downloaded TrueCrypt from these unofficial sites infected their computers, allowing attackers to steal personal information and help spread malware.
In fact, all programs should be downloaded only from official websites. And this is even more true for programs that address security issues.
The official locations for VeraCrypt installation files are:
Installing VeraCrypt on Windows
There is an installation wizard, so the installation process for VeraCrypt is similar to that of other programs. Is it possible to clarify a few points?
The VeraCrypt installer will offer two options:
- Install(Install VeraCrypt on your system)
- Extract(Extract. If you select this option, all files in this package will be extracted, but nothing will be installed on your system. Do not select this if you intend to encrypt the system partition or system drive. Selecting this option may be useful, for example, if you want to run VeraCrypt in the so-called portable mode. VeraCrypt does not require installation on the operating system in which it will run. After extracting all the files, you can directly run the extracted file "VeraCrypt.exe" (VeraCrypt will open in portable mode))
If you select the checked option, i.e. file association .hc, then this will add convenience. Because if you create a container with the .hc extension, then double-clicking on this file will launch VeraCrypt. But the downside is that third parties may know that .hc are encrypted VeraCrypt containers.
The program reminds you to donate:
If you are not short of money, of course, be sure to help the author of this program (he is alone) I would not want to lose him, like we lost the author of TrueCrypt...
VeraCrypt Instructions for Beginners
VeraCrypt has many different features and advanced features. But the most popular feature is file encryption. The following shows step by step how to encrypt one or more files.
Let's start by switching to Russian. Russian language is already built into VeraCrypt. You just need to turn it on. To do this in the menu Settings select Language…:
There, select Russian, after which the program language will immediately change.
As already mentioned, files are stored in encrypted containers (also called “volumes”). Those. you need to start by creating such a container; to do this, in the main interface of the program, click on the button “ Create Volume».
The VeraCrypt Volume Creation Wizard appears:
We are interested in the first option (“ Create an encrypted file container"), so we, without changing anything, press Further,
VeraCrypt has a very interesting feature - the ability to create a hidden volume. The point is that not one, but two containers are created in the file. Everyone knows that there is an encrypted partition, including possible ill-wishers. And if you are forced to give out your password, then it is difficult to say that “there is no encrypted disk.” When creating a hidden partition, two encrypted containers are created, which are located in the same file, but are opened with different passwords. Those. you can place files that look “sensitive” in one of the containers. And in the second container there are really important files. For your needs, you enter a password to open an important section. If you cannot refuse, you reveal the password for a not very important disk. There is no way to prove that there is a second disk.
For many cases (hiding not very critical files from prying eyes) it will be enough to create a regular volume, so I just click Further.
Select file location:
The VeraCrypt volume can be located in a file (VeraCrypt container) on a hard drive, USB flash drive, etc. A VeraCrypt container is no different from any other regular file (for example, it can be moved or deleted like other files). Click the "File" button to specify the name and path to the container file to be created to store the new volume.
NOTE: If you select an existing file, VeraCrypt will NOT encrypt it; this file will be deleted and replaced with the newly created VeraCrypt container. You can encrypt existing files (later) by moving them to the VeraCrypt container you are creating now.
You can choose any file extension; this does not affect the operation of the encrypted volume in any way. If you select the extension .hc, and also if you associated VeraCrypt with this extension during installation, then double-clicking on this file will launch VeraCrypt.
The history of recently opened files allows you to quickly access these files. However, entries in your history like “H:\My offshore accounts of stolen dollars worth of dollars.doc” may raise doubts in the minds of outsiders about your integrity. To prevent files opened from an encrypted disk from going into history, check the box next to “ Don't save history».
Selecting encryption and hashing algorithms. If you are not sure what to choose, then leave the default values:
Enter the volume size and select units of measurement (kilobytes, megabytes, gigabytes, terabytes):
A very important step is setting a password for your encrypted disk:
A good password is very important. Avoid passwords with one or more words found in the dictionary (or combinations of 2, 3 or 4 such words). The password must not contain names or dates of birth. It should be difficult to guess. A good password is a random combination of upper and lower case letters, numbers and special characters (@ ^ = $ * + etc.).
Now you can again use Russian letters as passwords.
We help the program collect random data:
Note that here you can check the box to create a dynamic disk. Those. it will expand as it is filled with information.
As a result, I have created a test.hc file on my desktop:
If you created a file with the extension .hc, then you can double-click on it, the main program window will open, and the path to the container will already be inserted:
In any case, you can open VeraCrypt and select the path to the file manually (To do this, click the "File" button).
If the password is entered correctly, a new disk will appear in your system:
You can copy/move any files to it. You can also create folders there, copy files from there, delete them, etc.
To close the container from outsiders, press the button Unmount:
To regain access to your secret files, remount the encrypted drive.
Setting up VeraCrypt
VeraCrypt has quite a few settings that you can change for your convenience. I highly recommend checking the " Automatically unmount volumes when inactive for a period»:
And also set a hotkey for " Immediately unmount everything, clear the cache and exit»:
This can be very... VERY useful...
Portable version of VeraCrypt on Windows
As of version 1.22 (which is in beta at the time of writing), a portable option was added for Windows. If you read the installation section, you should remember that the program is already portable and allows you to simply extract your files. However, the standalone portable package has its own peculiarities: you need administrator rights to run the installer (even if you just want to unpack the archive), and the portable version can be unpacked without administrator rights - that's the only difference.
Official beta versions are only available. In the VeraCrypt Nightly Builds folder, the portable version file is VeraCrypt Portable 1.22-BETA4.exe.
The container file can be placed on a flash drive. You can copy a portable version of VeraCrypt onto the same flash drive - this will allow you to open the encrypted partition on any computer, including those without VeraCrypt installed. But be aware of the dangers of keystroke hijacking - an on-screen keyboard could probably help in this situation.
How to Use Encryption Software Properly
Some tips to help you keep your secrets better:
- Try to prevent unauthorized persons from accessing your computer, including not checking laptops in luggage at airports; if possible, send computers for repair without a system hard drive, etc.
- Use a complex password. Don't use the same password you use for mail etc.
- Don't forget your password! Otherwise, the data will be impossible to recover.
- Download all programs only from official sites.
- Use free or purchased programs (do not use hacked software). And also do not download or run dubious files, since all such programs, among other malicious elements, may have kilologgers (keystroke interceptors), which will allow an attacker to find out the password from your encrypted container.
- Sometimes it is recommended to use an on-screen keyboard as a means of preventing keystrokes from being intercepted - I think this makes sense.
We bring to your attention an overview of the most popular hardware and software for encrypting data on an external hard drive.
Let's start with the simplest. Mac OS X has a built-in Disk Utility that allows you to create an encrypted disk image. You can also use third-party software to encrypt files or folders, such as Espionage, FileWard, StuffIt Deluxe. In addition, some backup applications offer encryption of backups out of the box.
These methods are good. But sometimes using software encryption is not the best option. For example, when you need to encrypt Time Machine backups. To protect such backups, you will have to do some tricky manipulations, because Time Machine does not support encryption. Conventional software will not help when you need to create an encrypted copy of the boot disk so that it remains bootable. Encrypted disks also have another limitation: they cannot be used on other computers (Mac or PC) without special software.
PGP Whole Disk Encryption for the Mac is one of those applications that allows you to encrypt the contents of a disk, which remains bootable and usable on Mac and PC. This is a great application, but to access information, PGP must be installed on each computer to which such a drive is connected. Also, if the disk is damaged, encryption may prevent data recovery.
If you need a universal solution that does not impose restrictions on disk usage, you should purchase a HDD with built-in encryption. The drive encrypts and decrypts data on its own, so there is no need to install additional software. In this case, the disk can be used as a boot volume or for Time Machine. One caveat: if the drive's controller or other electronics fail, you will not be able to transfer data from the device (even with fully working mechanics) until the HDD is fully restored.
Encryption-enabled hard drives come in several types, depending on the decryption mechanism:
Hardware keys
Some manufacturers offer encrypting HDD boxes that are locked using a physical device. As long as the key is present (connected or near the disk), the disk can be read.
HDDs of this type: RadTech's Encrypted Impact Enclosures ($95), RocStor Rocbit FXKT drives and several devices from SecureDISK ($50+). All boxes have two or three compatible keys, which are connected to a special port on the device. SecureDISK offers RFID Security External Enclosure with an infrared key (the media must be nearby to use the drive).
Fingerprint scanners
If you are worried about losing physical media, then you can look towards HDD boxes with a fingerprint scanner. A few examples: MXI Security Outbacker MXI Bio ($419-$599) and LaCie SAFE hard drives ($400 for a 2GB model). (Some older models of LaCie boxes, 2.5″ format, do not encrypt data, but use less reliable locking in the firmware). These drives are easy to use and can store fingerprints of up to five people. It is worth noting that there are several techniques for deceiving the finger scanner (without the presence of the original finger).
Keyboard
($230-480) – encrypting disk boxes that do not require physical keys or biometric readers. Instead, the keyboard is used to enter a password (up to 18 characters). Using a keyboard instead of a physical key is convenient when the disk often passes between hands. The drives support a “self-destruct” feature that deletes all stored information after several unsuccessful password attempts.
Encrypt a hard drive or one of its partitions without programs or much effort
Today we’ll look at the question of how you can encrypt a hard drive or its individual partitions without using complex programs or special efforts.
Well, the question of why to encrypt a hard drive (hard drive) is rhetorical.
The goals for encryption may vary slightly among users, but in general, everyone strives to deny access to a partition or the entire hard drive to unauthorized people.
This is understandable in our time of rampant cyber crime, and in general small computer mischief-makers, you can lose important personal files.
So, let's look at the simplest way to encrypt a hard drive or one of its partitions.
The method we will use:
Bitlocker encryption (built into Windows 7 Ultimate and Enterprise)
So, let's get started. This method of “encoding” a hard drive is built into Windows and is called Bitlocker. The advantages of this method:
- There is no need for any third-party programs, everything we need is already in the operating system (OS)
- If the hard drive was stolen, then connecting it to another computer will still require a password
Also, at the final stage, when saving the access key, one of the ways is to write it to a flash drive, so you should decide on it in advance.
This method itself was included in Windows Vista. In "Seven" it has an improved version.
Many may have observed that when installing Windows OS, a small partition of 100 megabytes in size is created in front of the local drive “C”, now you know what it is needed for.
Yes, just for Bitlocker encryption (in Vista it was 1.5 gigabytes in size).
To enable it, go to “Control Panel” - “System and Security” - “Bitlocker Disk Encryption”.
We decide on the disk to be encrypted and select “Enable Bitlocker”.
If a message appears, as in the image below, then you need to make small changes in the system settings:
To do this, in “Start” we enter “policy” in the search bar, and search options appear.
Select “Change Group Policy”:
We find ourselves in the editor, in which we need to follow: Computer Configuration - Administrative Templates - Windows Components - Bitlocker Disk Encryption - Operating System Disks. On the right, double-click on “Required additional authentication”:
In the menu that appears, select “Enable”, plus you need to check the “Allow the use of Bitlocker without a compatible TPM” - confirm our settings - OK.
You also need to decide on the encryption method. We need to put the most complex method possible.
To do this, we follow the same path as in the previous paragraph, only we stop at the “Bitlocker Disk Encryption” folder; on the right we see the file - “Select the disk encryption method and encryption strength.”
The most reliable here is AES with 256-bit encryption, select it, click “Apply” and “OK”.
Everything can now be freely used with encryption.
As at the beginning of the article, go to “Control Panel” - “System and Security” - “Bitlocker Disk Encryption”. Click “Enable”.
We will have access to the only method that requires a key. It will be on a flash drive.
The resulting key is written in a plain text file. Then you will be asked to enable the check, check the box and “continue”.
Let's reboot. If everything went well, then the next time you turn it on, the process of encrypting the hard drive partition will begin.
In terms of time, the process will last depending on the power of the system - usually from several minutes to several hours (if it is a several hundred gigabyte partition).
Upon completion, we receive a message - Encryption completed. Don't forget about access keys, check them.
We looked at a very simple way to encrypt a hard drive without any third-party programs and deep knowledge in the field of cryptography.
This method is very effective and convenient, you can also use it to encrypt a flash drive; this issue will be discussed in the next article.