How does encryption protect my data?

jmt356
SilverLounger
Posts: 2371
Joined: 28 Mar 2010, 01:49

How does encryption protect my data?

Post by jmt356 »

How does encryption protect my data?

What protection does encryption offer me that having a Windows password does not offer? Both of them require a user to enter a password in order to access my data. I understand that the Windows password offers limited protection as third parties may get around the password by removing my disk from my computer and reading the information on it without having my Windows password. Users cannot get around an encrypted password in this way; unless they have the password, they cannot read the data on my computer or on another computer by removing my hard disk. Is this true?

Suppose I have a data drive that is encrypted using Veracrypt. As I understand, all of the data in Veracrypt becomes accessible from the moment I log on to the encrypted drive using my password. If my laptop is stolen while I am logged on to my computer as well as into my encrypted hard drive at the time it is stolen, a user will have access to all of the data, correct? Windows will only lock if the computer is locked, goes to sleep, hibernates or is restarted. Otherwise, the Windows password will offer no protection. Moreover, the encryption will offer no protection if the data drive was open at the time the computer was stolen. Therefore, one should always take care to lock the data drive whenever leaving the computer in order to render the data on it unreadable and irretrievable in the event it is stolen. Is this correct?

Now suppose I have a computer where the entire hard drive (as opposed to a single data drive) is encrypted. All of the information on that computer will be accessible by a third party if he or she steals the computer while I am logged on to the computer, correct? In other words, the encryption will only offer protection if the computer is stolen before my encryption password is entered. Once my encryption password is entered, third parties can access all the data. Is this accurate?
Regards,

JMT

User avatar
HansV
Administrator
Posts: 78237
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: How does encryption protect my data?

Post by HansV »

Yes to all, as far as I know.

If it is a desktop PC, it would be difficult to steal it without shutting it down.
If it is a laptop and if it is stolen while you were logged in and Windows was unlocked, the thief would have to be very careful to keep it on and unlocked...
Best wishes,
Hans

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How does encryption protect my data?

Post by StuartR »

Encryption is an important security measure, but you need to do lots of different things to protect your data, not just encrypt it.

You can create a separate partition for very sensitive data, and only decrypt that partition when you need access to it.
You can shut your laptop down every time you walk away from it, or at the very minimum lock the screen so that your Windows password is needed to gain access.
StuartR


User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: How does encryption protect my data?

Post by BobH »

Stuart, being that you are our maven for all things security related, would you care to educate us on securing files placed in a 'the cloud' (any of several).

I use long and complexly generated encryption keys. I use a different key for each file and have a single file that is encrypted which contains the keys for each file encrypted. If I place that file on a thumb drive and keep the thumb drive apart from my computers except when I am using one of them, I feel that I've done the best that I can. What do you think?
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

jmt356
SilverLounger
Posts: 2371
Joined: 28 Mar 2010, 01:49

Re: How does encryption protect my data?

Post by jmt356 »

StuartR wrote:Encryption is an important security measure, but you need to do lots of different things to protect your data, not just encrypt it.

You can create a separate partition for very sensitive data, and only decrypt that partition when you need access to it.
You can shut your laptop down every time you walk away from it, or at the very minimum lock the screen so that your Windows password is needed to gain access.
I think the safest thing to do is to always ensure that the computer is locked with at least a Windows password whenever away from the computer no matter for how little time. Once the thief obtains the system, he will need to shut down the computer in order to remove the disk and attempt to access the information. He will be unable to obtain any encrypted information, even if the encrypted drive was unlocked at the time the computer was stolen. This is because the disk will automatically encrypt itself when the thief shuts down the computer in order to bypass the Windows password.

In addition, VeraCrypt offers ghost drives that are not visible to third parties. Thus, if a thief forces you to give up a password, he will not be able to access the data if he cannot find the ghost drive.
Regards,

JMT

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How does encryption protect my data?

Post by StuartR »

BobH wrote:Stuart, being that you are our maven for all things security related, would you care to educate us on securing files placed in a 'the cloud' (any of several).

I use long and complexly generated encryption keys. I use a different key for each file and have a single file that is encrypted which contains the keys for each file encrypted. If I place that file on a thumb drive and keep the thumb drive apart from my computers except when I am using one of them, I feel that I've done the best that I can. What do you think?
It's hard to comment without knowing a lot more. What cloud service are you using? What type of encryption are you using? Why do the files all need to have different passwords? Do you encrypt and decrypt them locally, or do you use them from the cloud? What is the worst that could happen if someone were to see the file contents, or to change it without your knowledge?
StuartR


User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: How does encryption protect my data?

Post by ChrisGreaves »

jmt356 wrote:How does encryption protect my data? ...
As well as all that has been stated above ...
I use Truecrypt - a predecessor of Veracrypt, and the Truecrypt manual describes something called "Plausible Deniability". I have never tried it.

This web page claims that "TrueCrypt's Plausible Deniability is Theoretically Useless".

My laptop hard drive is partitioned into two volumes, "C" and "F".
Drive F is a TrueCrypt Volume.
I fire up Truecrypt and use T: as my data drive.

I have thought about what happens if I fall unconscious in the library. Someone could take my laptop and maybe work out which file holds all my bank account passwords.
But once the power fails or the laptop shuts off, they are out of luck.

Of course, NOT running with the battery in place, that is, running solely off the AC power makes it harder for a thief to use the data once they have unplugged the laptop.

I assume, always, that the FBI et al. are not interested in my data. Nor anyone who is running one of those quantum computers that can crack passwords faster than a ...
Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: How does encryption protect my data?

Post by BobH »

Apologies, Stuart. I lost track of this thread.
What cloud service are you using?
Dropbox and iCloud
What type of encryption are you using?
It varies. I keep notes about how files were encrypted in my key managment files.
Why do the files all need to have different passwords?
My logic has been that if each website login deserves a different password to protect against a single hack wreaking havoc, then each encrypted file should be treated likewise.
Do you encrypt and decrypt them locally, or do you use them from the cloud?
I don't know how to answer this question, I guess. It's my (mis?)understanding that reading a file from the cloud into a local app is equivalent of reading a local file. I think I'm encrypting and decrypting locally and saving to the cloud, unless, of course, I'm lost in the process.
What is the worst that could happen if someone were to see the file contents, or to change it without your knowledge?
Some of the files are my manuscripts, intellectual property, which I don't want exposed unless or until they are published. The others are just for privacy including some financial data that, I suppose, could be hacked somehow but is otherwise protected institutionally.

Unlike Aldrich Ames I have no national secrets and do not engage in secret plots of any kind.
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How does encryption protect my data?

Post by StuartR »

You're probably OK with that Bob. There is no need to put so much effort into protecting your data that it makes it impossible for you to use it. You just need enough for the threats that you think are likely. There is little you can do to protect your data from attack by a major government, but that is not your issue, so just take reasonable precautions.

I'm happy to use a very limited number of passwords for protecting documents that I don't share. It's not the same as web site passwords that can be breached by carelessness on someone else's part. If I share documents with someone else then I have one password for each person that I share with. For example I have a password that I use to encrypt spreadsheets before sending them to my accountant, but I always use the same password for that.
StuartR


jmt356
SilverLounger
Posts: 2371
Joined: 28 Mar 2010, 01:49

Re: How does encryption protect my data?

Post by jmt356 »

ChrisGreaves wrote: I have thought about what happens if I fall unconscious in the library. Someone could take my laptop and maybe work out which file holds all my bank account passwords.
But once the power fails or the laptop shuts off, they are out of luck.
A thief could steal both the laptop and the power adapter, plug in the laptop and then set the computer to Always On. In this instance, he would be able to access all of your data without the time pressure of the battery's reserve draining.
Regards,

JMT

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: How does encryption protect my data?

Post by BobH »

Thank you for the thoughtful information, Stuart!
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

jmt356
SilverLounger
Posts: 2371
Joined: 28 Mar 2010, 01:49

Re: How does encryption protect my data?

Post by jmt356 »

Does anyone both encrypt their data and run backups? If so, you must always be sure that your volume is mounted before you run a backup, correct? Otherwise, you will end up with a backup of an inaccessible encrypted disk, an inaccessible encrypted partition or an inaccessible encrypted folder, correct? I imagine this could be a serious issue for someone who has incremental backups automatically scheduled but who does not have his or her encrypted disks, partitions and volumes always mounted.
Regards,

JMT

User avatar
John Gray
PlatinumLounger
Posts: 5401
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: How does encryption protect my data?

Post by John Gray »

I am in this situation.
I have a VeraCrypt container (which looks just like an ordinary but large file to NTFS) on my D: drive, and the D: drive gets backed up incrementally using Macrium Reflect.
I have no problems.

If I wanted to restore something from within the VeraCrypt container I would simply restore the file from Reflect and mount the container to a different drive letter using VeraCrypt.
John Gray

Venison is quiet deer, and quite dear.

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How does encryption protect my data?

Post by StuartR »

I do this both ways. I mount the container and backup the files every day. I also backup the container file once a week.
StuartR


User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: How does encryption protect my data?

Post by ChrisGreaves »

jmt356 wrote:Does anyone both encrypt their data and run backups? If so, you must always be sure that your volume is mounted before you run a backup, correct? Otherwise, you will end up with a backup of an inaccessible encrypted disk, an inaccessible encrypted partition or an inaccessible encrypted folder, correct? I imagine this could be a serious issue for someone who has incremental backups automatically scheduled but who does not have his or her encrypted disks, partitions and volumes always mounted.
My hard drive is partioned into the Windows portion (identified as "C:") and a TrueCrypt portion (would show up as "F:").
I mount the data partition through TrueCrypt and can then refer to my data on drive "T:".

My nightly backup run RoboCopys drives c: and T:, as if my laptop had two independent hard drives (C: and T:).

Does this make sense to you?

Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: How does encryption protect my data?

Post by viking33 »

ChrisGreaves wrote:
jmt356 wrote:Does anyone both encrypt their data and run backups? If so, you must always be sure that your volume is mounted before you run a backup, correct? Otherwise, you will end up with a backup of an inaccessible encrypted disk, an inaccessible encrypted partition or an inaccessible encrypted folder, correct? I imagine this could be a serious issue for someone who has incremental backups automatically scheduled but who does not have his or her encrypted disks, partitions and volumes always mounted.
My hard drive is partioned into the Windows portion (identified as "C:") and a TrueCrypt portion (would show up as "F:").
I mount the data partition through TrueCrypt and can then refer to my data on drive "T:".

My nightly backup run RoboCopys drives c: and T:, as if my laptop had two independent hard drives (C: and T:).

Does this make sense to you?

Cheers
Chris
Absolutely! :thumbup:
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: How does encryption protect my data?

Post by ChrisGreaves »

StuartR wrote:...I also backup the container file once a week.
And my guess is that if you PKZIPped the container you'd not save much space, right?

Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How does encryption protect my data?

Post by StuartR »

When data has been encrypted it generally loses the repetitive features that enable compression algorithms to do a good job.
StuartR


User avatar
DaveA
GoldLounger
Posts: 2599
Joined: 24 Jan 2010, 15:26
Location: Olympia, WA

Re: How does encryption protect my data?

Post by DaveA »

Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext.
It is NOT a backup program but a program to prevent others getting into the data.
One needs to also BACKUP their data including the encrypted file(s).
I am so far behind, I think I am First :evilgrin:
Genealogy....confusing the dead and annoying the living

jmt356
SilverLounger
Posts: 2371
Joined: 28 Mar 2010, 01:49

Re: How does encryption protect my data?

Post by jmt356 »

John Gray: Does your method work even if you have backed up your D drive VeraCrypt container before mounting it?

StuartR: In your backups, are you selecting individual files (i.e., the container and mounted drive or files) rather than your entire hard disk? I imagine that if you are backing up the entire computer, you will run into serious problems if you are running incremental backups of the system one day with an unmounted encrypted partition and another day with a mounted encrypted partition. On the day when the partition is not mounted, the backup software would only see the C drive and unencrypted partition. On the day when the partition is mounted, the backup software would see the C drive, the encrypted partition and the mounted partition, believing there is an additional partition/drive that was not present during the last backup. Then the next time a backup is taken, if the encrypted partition is not mounted, the software would believe the third drive was deleted, and would need to rewrite all those sectors. In the end, you would wind up with enormous backup files as the software would constantly be thrown off, believing at one moment that you have 3 drives and at other moments that you have 2.

Chris: You always have T: mounted when you run your backups?
Regards,

JMT