7) Securing the Data on your Laptop

Let’s say someone steals your laptop. Could they see your data? Should you even care? Probably. First, there’s the issue of identity theft. (You *don’t* have all your passwords in an unsecured word processing file, do you? Please say no.) But what about private emails, identities of those working in secure places, and — who knows what else. But, you have a sign-on password, right? Actually, that might not help much. The brute-force solution is… they just take your laptop apart and move the hard drive over to THEIR machine. Rats. So what’s the best way to prevent prying eyes from seeing your data? It just might be VeraCrypt. Learn more at…
https://veracrypt.codeplex.com/

What’s he price? Free. Yup. It’s open source and very transparent. The smart guys among us can study the thing and see openly what makes it tick. That’s a good thing. But installed, it’s hard to beat. However, it does take some knowledge and time to get it working. What’s the second-best solution for the money? The one that might already be installed on your laptop. Some versions of Windows (mainly ‘pro’ versions) come with a VPN called Bitlocker.
https://technet.microsoft.com/en-us/library/cc732774(v=ws.11).aspx

It’s *pretty* good — partly because, if you’ve got it, it’s free. And it’s soooooooo easy. You mainly just turn it on. The *only* possible downside is that, since it’s Microsoft, it just *might* be back-doored by the countries with whom Microsoft wants a competitive edge. (They might have given away a secret combination to the countries they wanted to market.) Nobody knows this for sure — but we can’t possibly rule it out. Therefore, *somebody* might have a way to break Bitlocker.

Bottom line? Use Veracrypt if you can figure it out. But at least use Bitlocker. Do you have a different (better?) solution? Please comment below the web version this item. (And thanks for your input, Greg!)

One Response to 7) Securing the Data on your Laptop
  1. zed Reply

    Good stuff, but there’s some limitations, depending on how you use it.

    Veracrypt (a derivative of the now-abandoned TrueCrypt) works well, and the maintainers have added new functionality. However, one of the effects is that VeraCrypt takes longer to mount a volume than TrueCrypt did, and that’s an issue if you’re encrypting your entire hard disk.

    CipherShed is another derivative of TrueCrypt, not as well known, and the developers are focused on a product that’s as close to the original TrueCrypt as possible. No new features.

    The limitation of TrueCrypt (and derivatives) is that it doesn’t support the GPT partitioning that Microsoft requires on all new computers since Windows 8. It’s not a problem to run one of these on one of the newer Windows versions, but unless you rebuild your hard drive with the older MBR partitioning scheme, you can’t run full-disk encryption — only containers.

    The reason to run full-disk encryption is that beyond your user data, there’s a lot of places where Windows can leak sensitive data, including things like temporary files, browser caches, and the Windows Registry. If an opponent can grab your machine, and boot from alternate media (e.g., Linux), there’s a lot of sensitive data that can be extracted from your machine, including things like saved login credentials.

    BitLocker works well, but the limitation is that it’s available only in Pro versions of Windows. If you have a Home version, the only way of getting BitLocker is to upgrade to a Pro version (MSRP $199 US), and there’s no other way of adding it.

Leave a Reply

Your email address will not be published. Please enter your name, email and a comment.