This article was written by Don VanSyckel, the club president, as a part of "The President's Pen". This article appeared in the April 2011 WYSIWYG newsletter.
Data Encryption
by Don VanSyckel
Something I've been discussing for a while is encrypting the hard disk of my laptop. I did what I thought was an extensive search a year or so ago and only found commercial packages, most of which wanted to sell multiple copies. Then last week by chance I came across a package that's open source named True Crypt. I intend to start testing it next week. I'm a little cautious in this because there's several different methods of setting up the encrypted section of disk. The method I'm going to use, or at least try first, is to encrypt the C: drive where windows is installed using what they call pre-boot authentication.
The way this works is when the PC boots up, the encryption password is requested before anything else is entered. This password is used to unlock the entire C drive. This differs from splitting the drive into two partitions with the Windows OS on one and data on the other partition; then encrypting the data partition. Whenever I partition a drive like this, after a while, I always seem to wish I had made the partition sizes different. By leaving the hard drive all one partition, I avoid making this decision. So once the password is put in the entire C: drive is available. Without the password the PC won't even boot up. This will also keep unwanted people from using the PC at all, which can be an added advantage of this method of encryption.
This method of encryption uses what the True Crypt web site calls automatic real-time (on the fly) and transparent encryption. Basically as you access files either to read them or write them the encryption is applied during the process. Depending on the speed of the PC's processor and the speed of the hard disk, you might not even notice any performance difference. I routinely use Windows disk compression and have not noticed any performance hit. In fact, I believe disk access might even be faster with the disk compression. This is because the PC processor is faster that the hard disk and with compression each file is 40% to 80% of its full uncompressed size. This means the slower hard drive access is only 40% to 80% of the time it used to be. I realize the encryption and the compression are two entirely different things but depending on how the encryption is hooked in, it could be virtually transparent, time wise.
I have a second laptop that I purchased as a backup because I am using my laptop more away from home for various things. It came with a 40 Gbyte hard disk which I upgrade to 160 Gbytes (IDE). Because of the age of the disk control I suspected it might not support larger disks. I could only get it to 'see' 128 Gbytes. Since 128 Gbytes is enough for what I intend to do I didn't press it. So now I have a laptop I can test the encryption on without losing anything, other than my time to load the OS.
More on the encryption adventure next month.
End of Article