I have an external drive which is entirely encrypted.
#USING TRUECRYPT WINDOWS#
I'm not sure where you heard about Windows automagically trying to initialize a second drive on its own, because if that were the case then tons of people out there who duel boot via multiple disks would be screwed. This isn't a disk vs partition issue, this is a "where does the OS reside" issue. If you're concerned about certain folders in your OS being compromised then remap those to folders on the encrypted partition instead. Jago, I wouldn't encrypt your OS partition unless you had a very, very compelling reason to, and if you do, the TrueCrypt website has detailed documentation on the procedure and all the risks/rewards. Just because you can't fathom an idea doesn't mean there aren't plenty of good ones out there. Your lack of an imagination has no bearing on the OPs request for information. I am trying to imagine why I would ever need 320 GBs of encrypted drive space. That in itself wouldn't be a problem as I am careful enough not to do that (especially running as a non-admin with UAC turned on), but I am hearing rumors that in some cases Windows might decide to initialise your encrypted drive completely on it's own, without user intervention, an example of this would be having a system drive disk and a 2nd encrypted drive, you reinstall the OS on the system drive disk and Windows supposedly will (on it's own) attempt to initialise your 2nd drive and wipe out all data in the process.
#USING TRUECRYPT FULL#
What are the pros and cons? What happens if I encrypt an entire disk that contains multiple partitions? I've heard some horror stories regarding the fact that when you have a full encrypted disk and Windows is running, it considering it an "uninitialised" device and apparently suggests you to initialise it (similar to how Windows suggests formatting an unmounted encrypted partition), if you do that, then Windows will wipe out all the data on the encrypted drive.
Upon logging on the system, can I have Truecrypt automatically attempt to mount the encrypted partition and prompt me for a password? Additionally, can I just go ahead and hide the the actual encrypted partition (Z) so it wouldn't show up in explorer (using some TweakUI-alike utilities there are) without that causing any issues?Īnother question I have is regarding encrypting partitions vs encrypting entire disks. Here is my layout:įor starters, I renamed E to Z (for practical purposes), encrypted the entire partition and now upon a fresh bootup, the Z drive shows up in Explorer, but Windows cannot read it (and funnily enough suggests to format it, good thing I run as non-admin and with UAC enabled, for good measure) and I gain access to my data by launching Truecrypt and mounting this encrypted partition as an E drive. At first I played around with containers, but now I am playing around with partition/device-based encryption.
#USING TRUECRYPT PC#
If you want to use a DRM scheme (which you are actually asking for), use a DRM product.I've been long interested in encrypting data on my personal PC and now I finally decided to dive in and read up and learn about Truecrypt as that seems to be the most popular free solution for Windows machines.
#USING TRUECRYPT PASSWORD#
Besides, even in this case, short of using a hardware module, the data is not trully protected since the application cannot embed any encryption key in a secret fashion (any key embeded in the app, no matter how obfuscated it is, can be retrieved, always) and relying on the user to provide a secret password means the user can simply decrypt the data. This approach looses any advantage a relational database offers (data cannot be searched, queried, indexed, foreign relations and constraints cannot be enforced etc) rendering the SQL Server absolutely useless for your application. There is no cryptographic/encryption or authorization/permission mechanism you can set in place to prevent a legitimate administrator from seeing and using the data as it sees fit, including granting other applications permission to use your application data.Īt worst you can encrypt all the data in the client and store only the encrypted blobs, thus rendering it unusable to any other application.
This is asked repeatedly and the answer is the same: protecting the data so that is only usable from one application is DRM and SQL Server does not do DRM.
0 kommentar(er)
