How does encryption protect my data?
-
- SilverLounger
- Posts: 2416
- Joined: 28 Mar 2010, 01:49
How does encryption protect my data?
How does encryption protect my data?
What protection does encryption offer me that having a Windows password does not offer? Both of them require a user to enter a password in order to access my data. I understand that the Windows password offers limited protection as third parties may get around the password by removing my disk from my computer and reading the information on it without having my Windows password. Users cannot get around an encrypted password in this way; unless they have the password, they cannot read the data on my computer or on another computer by removing my hard disk. Is this true?
Suppose I have a data drive that is encrypted using Veracrypt. As I understand, all of the data in Veracrypt becomes accessible from the moment I log on to the encrypted drive using my password. If my laptop is stolen while I am logged on to my computer as well as into my encrypted hard drive at the time it is stolen, a user will have access to all of the data, correct? Windows will only lock if the computer is locked, goes to sleep, hibernates or is restarted. Otherwise, the Windows password will offer no protection. Moreover, the encryption will offer no protection if the data drive was open at the time the computer was stolen. Therefore, one should always take care to lock the data drive whenever leaving the computer in order to render the data on it unreadable and irretrievable in the event it is stolen. Is this correct?
Now suppose I have a computer where the entire hard drive (as opposed to a single data drive) is encrypted. All of the information on that computer will be accessible by a third party if he or she steals the computer while I am logged on to the computer, correct? In other words, the encryption will only offer protection if the computer is stolen before my encryption password is entered. Once my encryption password is entered, third parties can access all the data. Is this accurate?
What protection does encryption offer me that having a Windows password does not offer? Both of them require a user to enter a password in order to access my data. I understand that the Windows password offers limited protection as third parties may get around the password by removing my disk from my computer and reading the information on it without having my Windows password. Users cannot get around an encrypted password in this way; unless they have the password, they cannot read the data on my computer or on another computer by removing my hard disk. Is this true?
Suppose I have a data drive that is encrypted using Veracrypt. As I understand, all of the data in Veracrypt becomes accessible from the moment I log on to the encrypted drive using my password. If my laptop is stolen while I am logged on to my computer as well as into my encrypted hard drive at the time it is stolen, a user will have access to all of the data, correct? Windows will only lock if the computer is locked, goes to sleep, hibernates or is restarted. Otherwise, the Windows password will offer no protection. Moreover, the encryption will offer no protection if the data drive was open at the time the computer was stolen. Therefore, one should always take care to lock the data drive whenever leaving the computer in order to render the data on it unreadable and irretrievable in the event it is stolen. Is this correct?
Now suppose I have a computer where the entire hard drive (as opposed to a single data drive) is encrypted. All of the information on that computer will be accessible by a third party if he or she steals the computer while I am logged on to the computer, correct? In other words, the encryption will only offer protection if the computer is stolen before my encryption password is entered. Once my encryption password is entered, third parties can access all the data. Is this accurate?
Regards,
JMT
JMT
-
- Administrator
- Posts: 79287
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: How does encryption protect my data?
Yes to all, as far as I know.
If it is a desktop PC, it would be difficult to steal it without shutting it down.
If it is a laptop and if it is stolen while you were logged in and Windows was unlocked, the thief would have to be very careful to keep it on and unlocked...
If it is a desktop PC, it would be difficult to steal it without shutting it down.
If it is a laptop and if it is stolen while you were logged in and Windows was unlocked, the thief would have to be very careful to keep it on and unlocked...
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: How does encryption protect my data?
Encryption is an important security measure, but you need to do lots of different things to protect your data, not just encrypt it.
You can create a separate partition for very sensitive data, and only decrypt that partition when you need access to it.
You can shut your laptop down every time you walk away from it, or at the very minimum lock the screen so that your Windows password is needed to gain access.
You can create a separate partition for very sensitive data, and only decrypt that partition when you need access to it.
You can shut your laptop down every time you walk away from it, or at the very minimum lock the screen so that your Windows password is needed to gain access.
StuartR
-
- UraniumLounger
- Posts: 9474
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: How does encryption protect my data?
Stuart, being that you are our maven for all things security related, would you care to educate us on securing files placed in a 'the cloud' (any of several).
I use long and complexly generated encryption keys. I use a different key for each file and have a single file that is encrypted which contains the keys for each file encrypted. If I place that file on a thumb drive and keep the thumb drive apart from my computers except when I am using one of them, I feel that I've done the best that I can. What do you think?
I use long and complexly generated encryption keys. I use a different key for each file and have a single file that is encrypted which contains the keys for each file encrypted. If I place that file on a thumb drive and keep the thumb drive apart from my computers except when I am using one of them, I feel that I've done the best that I can. What do you think?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- SilverLounger
- Posts: 2416
- Joined: 28 Mar 2010, 01:49
Re: How does encryption protect my data?
I think the safest thing to do is to always ensure that the computer is locked with at least a Windows password whenever away from the computer no matter for how little time. Once the thief obtains the system, he will need to shut down the computer in order to remove the disk and attempt to access the information. He will be unable to obtain any encrypted information, even if the encrypted drive was unlocked at the time the computer was stolen. This is because the disk will automatically encrypt itself when the thief shuts down the computer in order to bypass the Windows password.StuartR wrote:Encryption is an important security measure, but you need to do lots of different things to protect your data, not just encrypt it.
You can create a separate partition for very sensitive data, and only decrypt that partition when you need access to it.
You can shut your laptop down every time you walk away from it, or at the very minimum lock the screen so that your Windows password is needed to gain access.
In addition, VeraCrypt offers ghost drives that are not visible to third parties. Thus, if a thief forces you to give up a password, he will not be able to access the data if he cannot find the ghost drive.
Regards,
JMT
JMT
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: How does encryption protect my data?
It's hard to comment without knowing a lot more. What cloud service are you using? What type of encryption are you using? Why do the files all need to have different passwords? Do you encrypt and decrypt them locally, or do you use them from the cloud? What is the worst that could happen if someone were to see the file contents, or to change it without your knowledge?BobH wrote:Stuart, being that you are our maven for all things security related, would you care to educate us on securing files placed in a 'the cloud' (any of several).
I use long and complexly generated encryption keys. I use a different key for each file and have a single file that is encrypted which contains the keys for each file encrypted. If I place that file on a thumb drive and keep the thumb drive apart from my computers except when I am using one of them, I feel that I've done the best that I can. What do you think?
StuartR
-
- PlutoniumLounger
- Posts: 16070
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: How does encryption protect my data?
As well as all that has been stated above ...jmt356 wrote:How does encryption protect my data? ...
I use Truecrypt - a predecessor of Veracrypt, and the Truecrypt manual describes something called "Plausible Deniability". I have never tried it.
This web page claims that "TrueCrypt's Plausible Deniability is Theoretically Useless".
My laptop hard drive is partitioned into two volumes, "C" and "F".
Drive F is a TrueCrypt Volume.
I fire up Truecrypt and use T: as my data drive.
I have thought about what happens if I fall unconscious in the library. Someone could take my laptop and maybe work out which file holds all my bank account passwords.
But once the power fails or the laptop shuts off, they are out of luck.
Of course, NOT running with the battery in place, that is, running solely off the AC power makes it harder for a thief to use the data once they have unplugged the laptop.
I assume, always, that the FBI et al. are not interested in my data. Nor anyone who is running one of those quantum computers that can crack passwords faster than a ...
Cheers
Chris
The most expensive thing a man can own is ignorance.
-
- UraniumLounger
- Posts: 9474
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: How does encryption protect my data?
Apologies, Stuart. I lost track of this thread.
Unlike Aldrich Ames I have no national secrets and do not engage in secret plots of any kind.
Dropbox and iCloudWhat cloud service are you using?
It varies. I keep notes about how files were encrypted in my key managment files.What type of encryption are you using?
My logic has been that if each website login deserves a different password to protect against a single hack wreaking havoc, then each encrypted file should be treated likewise.Why do the files all need to have different passwords?
I don't know how to answer this question, I guess. It's my (mis?)understanding that reading a file from the cloud into a local app is equivalent of reading a local file. I think I'm encrypting and decrypting locally and saving to the cloud, unless, of course, I'm lost in the process.Do you encrypt and decrypt them locally, or do you use them from the cloud?
Some of the files are my manuscripts, intellectual property, which I don't want exposed unless or until they are published. The others are just for privacy including some financial data that, I suppose, could be hacked somehow but is otherwise protected institutionally.What is the worst that could happen if someone were to see the file contents, or to change it without your knowledge?
Unlike Aldrich Ames I have no national secrets and do not engage in secret plots of any kind.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: How does encryption protect my data?
You're probably OK with that Bob. There is no need to put so much effort into protecting your data that it makes it impossible for you to use it. You just need enough for the threats that you think are likely. There is little you can do to protect your data from attack by a major government, but that is not your issue, so just take reasonable precautions.
I'm happy to use a very limited number of passwords for protecting documents that I don't share. It's not the same as web site passwords that can be breached by carelessness on someone else's part. If I share documents with someone else then I have one password for each person that I share with. For example I have a password that I use to encrypt spreadsheets before sending them to my accountant, but I always use the same password for that.
I'm happy to use a very limited number of passwords for protecting documents that I don't share. It's not the same as web site passwords that can be breached by carelessness on someone else's part. If I share documents with someone else then I have one password for each person that I share with. For example I have a password that I use to encrypt spreadsheets before sending them to my accountant, but I always use the same password for that.
StuartR
-
- SilverLounger
- Posts: 2416
- Joined: 28 Mar 2010, 01:49
Re: How does encryption protect my data?
A thief could steal both the laptop and the power adapter, plug in the laptop and then set the computer to Always On. In this instance, he would be able to access all of your data without the time pressure of the battery's reserve draining.ChrisGreaves wrote: I have thought about what happens if I fall unconscious in the library. Someone could take my laptop and maybe work out which file holds all my bank account passwords.
But once the power fails or the laptop shuts off, they are out of luck.
Regards,
JMT
JMT
-
- UraniumLounger
- Posts: 9474
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: How does encryption protect my data?
Thank you for the thoughtful information, Stuart!
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- SilverLounger
- Posts: 2416
- Joined: 28 Mar 2010, 01:49
Re: How does encryption protect my data?
Does anyone both encrypt their data and run backups? If so, you must always be sure that your volume is mounted before you run a backup, correct? Otherwise, you will end up with a backup of an inaccessible encrypted disk, an inaccessible encrypted partition or an inaccessible encrypted folder, correct? I imagine this could be a serious issue for someone who has incremental backups automatically scheduled but who does not have his or her encrypted disks, partitions and volumes always mounted.
Regards,
JMT
JMT
-
- PlatinumLounger
- Posts: 5483
- Joined: 24 Jan 2010, 08:33
- Location: A cathedral city in England
Re: How does encryption protect my data?
I am in this situation.
I have a VeraCrypt container (which looks just like an ordinary but large file to NTFS) on my D: drive, and the D: drive gets backed up incrementally using Macrium Reflect.
I have no problems.
If I wanted to restore something from within the VeraCrypt container I would simply restore the file from Reflect and mount the container to a different drive letter using VeraCrypt.
I have a VeraCrypt container (which looks just like an ordinary but large file to NTFS) on my D: drive, and the D: drive gets backed up incrementally using Macrium Reflect.
I have no problems.
If I wanted to restore something from within the VeraCrypt container I would simply restore the file from Reflect and mount the container to a different drive letter using VeraCrypt.
John Gray
I advise you not to follow my advice.
I advise you not to follow my advice.
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: How does encryption protect my data?
I do this both ways. I mount the container and backup the files every day. I also backup the container file once a week.
StuartR
-
- PlutoniumLounger
- Posts: 16070
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: How does encryption protect my data?
My hard drive is partioned into the Windows portion (identified as "C:") and a TrueCrypt portion (would show up as "F:").jmt356 wrote:Does anyone both encrypt their data and run backups? If so, you must always be sure that your volume is mounted before you run a backup, correct? Otherwise, you will end up with a backup of an inaccessible encrypted disk, an inaccessible encrypted partition or an inaccessible encrypted folder, correct? I imagine this could be a serious issue for someone who has incremental backups automatically scheduled but who does not have his or her encrypted disks, partitions and volumes always mounted.
I mount the data partition through TrueCrypt and can then refer to my data on drive "T:".
My nightly backup run RoboCopys drives c: and T:, as if my laptop had two independent hard drives (C: and T:).
Does this make sense to you?
Cheers
Chris
The most expensive thing a man can own is ignorance.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: How does encryption protect my data?
Absolutely!ChrisGreaves wrote:My hard drive is partioned into the Windows portion (identified as "C:") and a TrueCrypt portion (would show up as "F:").jmt356 wrote:Does anyone both encrypt their data and run backups? If so, you must always be sure that your volume is mounted before you run a backup, correct? Otherwise, you will end up with a backup of an inaccessible encrypted disk, an inaccessible encrypted partition or an inaccessible encrypted folder, correct? I imagine this could be a serious issue for someone who has incremental backups automatically scheduled but who does not have his or her encrypted disks, partitions and volumes always mounted.
I mount the data partition through TrueCrypt and can then refer to my data on drive "T:".
My nightly backup run RoboCopys drives c: and T:, as if my laptop had two independent hard drives (C: and T:).
Does this make sense to you?
Cheers
Chris
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- PlutoniumLounger
- Posts: 16070
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: How does encryption protect my data?
And my guess is that if you PKZIPped the container you'd not save much space, right?StuartR wrote:...I also backup the container file once a week.
Cheers
Chris
The most expensive thing a man can own is ignorance.
-
- Administrator
- Posts: 12758
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: How does encryption protect my data?
When data has been encrypted it generally loses the repetitive features that enable compression algorithms to do a good job.
StuartR
-
- GoldLounger
- Posts: 2599
- Joined: 24 Jan 2010, 15:26
- Location: Olympia, WA
Re: How does encryption protect my data?
It is NOT a backup program but a program to prevent others getting into the data.Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext.
One needs to also BACKUP their data including the encrypted file(s).
I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living
Genealogy....confusing the dead and annoying the living
-
- SilverLounger
- Posts: 2416
- Joined: 28 Mar 2010, 01:49
Re: How does encryption protect my data?
John Gray: Does your method work even if you have backed up your D drive VeraCrypt container before mounting it?
StuartR: In your backups, are you selecting individual files (i.e., the container and mounted drive or files) rather than your entire hard disk? I imagine that if you are backing up the entire computer, you will run into serious problems if you are running incremental backups of the system one day with an unmounted encrypted partition and another day with a mounted encrypted partition. On the day when the partition is not mounted, the backup software would only see the C drive and unencrypted partition. On the day when the partition is mounted, the backup software would see the C drive, the encrypted partition and the mounted partition, believing there is an additional partition/drive that was not present during the last backup. Then the next time a backup is taken, if the encrypted partition is not mounted, the software would believe the third drive was deleted, and would need to rewrite all those sectors. In the end, you would wind up with enormous backup files as the software would constantly be thrown off, believing at one moment that you have 3 drives and at other moments that you have 2.
Chris: You always have T: mounted when you run your backups?
StuartR: In your backups, are you selecting individual files (i.e., the container and mounted drive or files) rather than your entire hard disk? I imagine that if you are backing up the entire computer, you will run into serious problems if you are running incremental backups of the system one day with an unmounted encrypted partition and another day with a mounted encrypted partition. On the day when the partition is not mounted, the backup software would only see the C drive and unencrypted partition. On the day when the partition is mounted, the backup software would see the C drive, the encrypted partition and the mounted partition, believing there is an additional partition/drive that was not present during the last backup. Then the next time a backup is taken, if the encrypted partition is not mounted, the software would believe the third drive was deleted, and would need to rewrite all those sectors. In the end, you would wind up with enormous backup files as the software would constantly be thrown off, believing at one moment that you have 3 drives and at other moments that you have 2.
Chris: You always have T: mounted when you run your backups?
Regards,
JMT
JMT