Search the Community

I have two external 4Tb SSDs. I was using it to store my memories, like photos, videos, etc. After the purchase both were initialized with Apple data encryption and filled with archive data, approximately 1.4 Tb of media files. One drive I kept in a secure place and the other I used for everyday work and kept adding files. After some time I run a test and realized that the read/write speed was incredibly slow. On a new drive and the one I kept separate, the read/write speed over the Thunderbolt connection was ~2000 Mb/s. But the one that I kept using from time to time, showed me ~200Mb write an ~100Mb read. I tested this using a different, USB 3.2 enclosure, but the speed was the same. The other SSD with the same data kept working as expected and the Thunderbolt enclosure was also working great with another SSD. So I decided the SSD was faulty. After filing for a return with Amazon, I erased the data and just in case, decided to test it one last time. To my surprise the read/write speed returned back to normal! In the 3.2 enclosure, it was less, than in the Thunderbolt, but still very respectable 900 Mb/s write and 1100 Mb/s read. OK, I thought, surely this is because the drive is nearly empty now. So I filled it with data, but nothing changed - the speed was still great. Now I do not understand - can Apple encryption be the cause of this issue? How can this be?

So, it has been about a full week since I have been trying to setup hardware encryption on a Samsung 990 Pro 1To as well as a Samsung 980 Pro 2To, both slotted in an ASUS ProArt Studiobook (H7600ZX). Please bear with me as I am aware of my very limited knowledge in this specific field of computer science... I have tried so many things that I pretty much lost count at this point, even while taking notes on the side: Some notes to lay down some known facts: My BIOS/UEFI is up to date My SSDs firmware is up to date My Windows 11 iso is the latest available I do not seem to have any "BlockSID" related options in the bios Whenever I used the PowerShell commands to disable BlockSID and rebooted I was never greeted by a screen acknowledging the commands unlike I've seen in various forum posts I did a "secure erase" of my drives too many times for me to even count by now (on Samsung Magician my OS drive health stats show a 2To written on what was a brand new drive last week and only had Windows installed multiple times and to then be erased again and again...) Whenever I tried to force BitLocker to use Hardware encryption by disabling Software Encryption fallback through either registry edits or group policies, it always gave me an error as it wasn't able to encrypt the drives Samsung Magician's "Encrypted Drive" is and has been stuck at "Ready to enable" no matter what I tried/did I tried several things that may have no correlation and didn't seem to change anything: Resetting TPM keys, my reasoning being that maybe something saved in it that kept the drive in "Ready to encrypt" even after a "secure erase" (might have been useless so I restored them) Trying to use the PowerShell commands to act on the "BlockSID" was a nightmare since as it allegedly resets after each reboot, how am I supposed to install Windows with it still disabled...? Any and every idea/advice/knowledge on the matter is deeply appreciated! N.B.: It's past 5am here and my brain is fried so I will complete and update the post after some rest... In the meantime here's a few of the source material I've come across trying to troubleshoot the issue: EDIT: I also read the following, which made me think that this may be an issue related to my laptop's motherboard: Source: Enable bitlocker hardware encryption without reinstalling Windows 10 pro - Super User How do I check if my laptop's motherboard supports this feature? The official manual doesn't seem to talk about encryption at all: 0409_E19193_W7600Z_H7600Z_A.pdf (asus.com) On the manufacturer's website the specs listed regarding security lack any meaningful related information:

So i tried installing antiX linux on my laptop, which had arch linux with an encrypted partition, i did delete the partition using gparted but it didn't help, then i tried formatting the entire drive using dd, but its still there, so i can't install anything. Every time i try to install antiX, it asks for password, but the encryption password i used on arch doesn't work, nor does the user and root password. Does anyone know how do i remove it? edit: i think antiX just sucks, since kali installed with no problems, and i don't regret doing so, because they made xfce look amazing, while using the amount of resources as the normal one

Will my home folder be encrypted again, after i go to the lock screen in linux mint, and if it wont, what can i do for it to encrypt each time i log out?

So, as somebody who isn't a cryptography expert, let me see if I understand something right. I hope y’all don’t mind me trying to educate myself, and would appreciate some high level/layman type feedback so that I can at least have a big picture idea of how the encryption is working, and what is or isn't safe against quantum computers. First off, I know that (or am pretty sure that), if all you have is an encrypted message, without its plain text original as a reference, then symmetric encryption algorithms like AES, Twofish, ChaCha20, etc. are quantum safe. I know that asymmetric algorithms like RSA, ElGamal or even asymmetric eliptic curve algorithms like X25519 are NOT quantum safe, and that variations of Shor's algorithm could theoretically break them, given a quantum computer with enough qbits. If you encrypt something with just a password using AGE or PGP, it uses symmetric encryption, and puts that password through a KDF to turn it into a private key to be used for that. The encrypted copy of that encryption key is stored with the data itself and can only be accessed when the correct password is put through the same KDF. So, this is quantum safe, correct? If you use asymmetric encryption, it generates a one time symmetric key for something like AES or ChaCha20, encrypts the data with that, then encrypts that symmetric key with the public half of the asymmetric key pair and stores it with the data. This is NOT quantum safe because even though the symmetric encryption is used on the data, the private key for that symmetric encryption is protected by an asymmetric algorithm, so attackers don’t need to break AES or ChaCha20, they just need to break the RSA/ElGamal/ECC that’s protecting the encryption key. If you use a password protected asymmetric key pair, does it use a KDF and symmetric algorithm to then protect your asymmetric key pair? Does entering the pass-phrase then decrypt and unlock that pair? So in effect, if you encrypt data with a password protected asymmetric key pair, it could essentially work like: SYM → ASYM → SYM So is it essentially going through 3 layers of encryption for this kind of scenario? One to unlock the asymmetric pair, then another to unlock the symmetric key, then another to unlock the data itself. So when it comes to quantum computers, would asymmetric cryptography be safe if it’s password protected, or not safe because the public key is still available and can be used to break it, regardless of the password protection on your private key?

Found this Solution for a weird Problem, so thought i would share by making a trouble shoot post so any unlucky friends can find this solution Computer says Bitlocker isn't on/Used Space Only Encrypted But it is active -Solution 1. Check status Open CMD/ Type: manage-bde -status 2. If says “ Decrypted “ or “ Used Space Only Encrypted “ but Bitlocker is enabled / blocking you from doing something to get it off…. Take these next steps……. 1. If it think bit locker is off, then enable it Control Panel/ System and Security/ BitLocker Drive Encryption/ Turn Bitlocker On/ ( Restart computer normally ) 2. Get the Bit locker key by repeating step 1 to get to the Bitlocker Menu in control panel Click Backup BitLocker Key/ Print or Save PDF/ Write down the Recovery Key ( Only Numbers No Letters ) 3. Boot Windows into Recovery Mode Hold Shift when click Restart 4. Once loaded follow goto Troubleshoot/ Command Prompt 5. Enter Recovery key when asked 6. Enter Command to Decrypt Enter: Manage-bde -off C: ( or whichever drive letter it is thats encrypted ) Notes: To check on Progress type manage-bde -status until encryption status is at 0.00% Then close CMD with the red X in top right and continue to boot into windows normally

Is there an option in `/etc/exports` that I need to enable for that drive to be removable? I currently have this: /media/veracrypt1 192.168.122.0/24(rw,sync,no_root_squash,subtree_check,crossmnt) When I try to close it manually since I had to unmount with: $ sudo umount -l /media/veracrypt1 this is what happens $ sudo cryptsetup --debug luksClose veracrypt1 # cryptsetup 2.6.1 processing "cryptsetup --debug luksClose veracrypt1" # Verifying parameters for command close. # Running command close. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating crypt device context by device veracrypt1. # Initialising device-mapper backend library. # dm version [ opencount flush ] [16384] (*1) # dm versions [ opencount flush ] [16384] (*1) # Detected dm-ioctl version 4.47.0. # Detected dm-crypt version 1.24.0. # Device-mapper backend running with UDEV support enabled. # dm status veracrypt1 [ opencount noflush ] [16384] (*1) # Releasing device-mapper backend. # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # Allocating context for crypt device /dev/mapper/veracrypt1_0. # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # Initialising device-mapper backend library. # Active device has no UUID set, some parameters are not set. # dm versions [ opencount flush ] [16384] (*1) # dm table veracrypt1 [ opencount flush securedata ] [16384] (*1) # dm status (253:1) [ opencount noflush ] [16384] (*1) # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # Deactivating volume veracrypt1. # dm versions [ opencount flush ] [16384] (*1) # dm status veracrypt1 [ opencount noflush ] [16384] (*1) # dm versions [ opencount flush ] [16384] (*1) # dm table veracrypt1 [ opencount flush securedata ] [16384] (*1) # dm status (253:1) [ opencount noflush ] [16384] (*1) # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. Device veracrypt1 is still in use. # Releasing crypt device /dev/mapper/veracrypt1_0 context. # Releasing device-mapper backend. Command failed with code -5 (device already exists or device is busy). After stopping `nfs-server` and `nfs-kernel-server`: $ sudo cryptsetup --debug close veracrypt1 # cryptsetup 2.6.1 processing "cryptsetup --debug close veracrypt1" # Verifying parameters for command close. # Running command close. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating crypt device context by device veracrypt1. # Initialising device-mapper backend library. # dm version [ opencount flush ] [16384] (*1) # dm versions [ opencount flush ] [16384] (*1) # Detected dm-ioctl version 4.47.0. # Detected dm-crypt version 1.24.0. # Device-mapper backend running with UDEV support enabled. # dm status veracrypt1 [ opencount noflush ] [16384] (*1) # Releasing device-mapper backend. # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # Allocating context for crypt device /dev/mapper/veracrypt1_0. # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # Initialising device-mapper backend library. # Active device has no UUID set, some parameters are not set. # dm versions [ opencount flush ] [16384] (*1) # dm table veracrypt1 [ opencount flush securedata ] [16384] (*1) # dm status (253:1) [ opencount noflush ] [16384] (*1) # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # Deactivating volume veracrypt1. # dm versions [ opencount flush ] [16384] (*1) # dm status veracrypt1 [ opencount noflush ] [16384] (*1) # dm versions [ opencount flush ] [16384] (*1) # dm table veracrypt1 [ opencount flush securedata ] [16384] (*1) # dm status (253:1) [ opencount noflush ] [16384] (*1) # Trying to open and read device /dev/mapper/veracrypt1_0 with direct-io. # Trying to open device /dev/mapper/veracrypt1_0 without direct-io. # dm versions [ opencount flush ] [16384] (*1) # Udev cookie 0xd4dcb49 (semid 65574) created # Udev cookie 0xd4dcb49 (semid 65574) incremented to 1 # Udev cookie 0xd4dcb49 (semid 65574) incremented to 2 # Udev cookie 0xd4dcb49 (semid 65574) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK (0x20) # dm remove veracrypt1 [ opencount flush retryremove ] [16384] (*1) # Udev cookie 0xd4dcb49 (semid 65574) decremented to 0 # Udev cookie 0xd4dcb49 (semid 65574) waiting for zero # Udev cookie 0xd4dcb49 (semid 65574) destroyed # Releasing crypt device /dev/mapper/veracrypt1_0 context. # Releasing device-mapper backend. Command successful. Not sure how I can automatically unmount this via Veracrypt software without going through all this

Summary Ylva Johansson – the EU Commissioner in charge for the Chat Control Bill proposal basically does not understand how encryption works, when introducing the law for scanning the content of the encrypted communication for child sex material. Quotes My thoughts Well she has been into family and schools for a long time and maybe she meant good [The road to hell is paved with good intentions]. I think she sees encryption as something that only criminals use and has a bad attitude towards it. She does not understand how it works, or at least did not fully understand it when someone explained to her. Even if she knew how it works, such a law will not solve the problem. And why was only Signal attacked? Does it mean that Meta and Skype are already scanning? What will stop the people from sending password-protected zip files through any messengers? So wrong on so many levels. I do see it as another try to implement the total "surveillance for the masses". Sources the proposal: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2022%3A209%3AFIN article (SE): https://www.svd.se/a/wAVRkM/eu-s-chat-control-massovervakning-eller-trygghetsatgard comments: https://mullvad.net/en/blog/2023/3/28/the-european-commission-does-not-understand-what-is-written-in-its-own-chat-control-bill/ Louis Rossmann reaction:

I'm aware it isn't possible with the boot drive (so password is necessary), so I'm asking about the secondary drive. I found an old laptop (Toshiba Satellite P755 with 2nd Gen i7) from work, which doesn't have TPM along with a 128GB SSD. And I'm planning on making its 500GB hard drive the secondary drive. Company policy requires Bitlocker enabled on internal drives.

Hi there I’m looking to call a tiny command line program from a batch script that will take an encryption key, like “P&ssw0rd”, use it on some cypher text (that I prepared earlier) and output the decrypted phrase. The idea is that when encrypting an archive, I want to make sure that I am using the same key every single time I run my script. I expect it will go something like: 1. Enter encryptionKey 2. Decrypt cypherText 3. If decryptResult not equals expectedResult goto 1, else continue 4. Use encryptionKey to encrypt archive. Thanks in advance for any help given.

Does Ubuntu (and official flavors) support disk encryption that'll automatically unlock using the device's TPM module? Would it be possible to do that during install? What's the best, pain-free, tool to use if I wanna do it post-install (preferably GUI-based)? And what are the conditions required in order to require the user to unlock it with a password? With Windows, we got Bitlocker, and that has the option to use TPM to automatically unlock the drive at boot, unless there's a change in BIOS/UEFI. I have a 4th gen Lenovo X1 Yoga, running on Kubuntu. Planning on reinstalling it with Btrfs or ZFS as the primary file system.

Hi Question is the same as the title. I don't know a lot about this area, and all the purchase options look really sketchy. Should I even be purchasing them? Can I make my own or would that require some hardware or other service to run in the background (aka a server)? Purpose is for government contracting. Thanks

I've been using a random assortment of lower end low capacity storage from stuff like old laptops for years now and I decided it's time to upgrade. I have two new 4TB WD Blue drives I want to install and use as Raid 1 for redundancy. I also want to encrypt the drives with something like Veracrypt (or a better recommendation). Is there anything I should know about doing this? Is there a certain order I should do it? What issues can come from encrypting raid drives?

As the Five Eyes (the governments of Australia, Canada, New Zealand, the United Kingdom, and the US) continue to push for the abolishment of encryption, a group of companies and organisations are pushing back, under the collective called the Global Encryption Coalition. And October 21st is what they are calling Global Encryption Day. Partners of the Global Encryption Coalition include the EFF, American Civil Liberties Union, Cloudflare, Mozilla, Open Media, Digital Rights Watch, various VPN providers, Proton Mail, and many others. Global Encryption Day - Global Encryption Coalition EFF: On Global Encryption Day, Let's Stand Up for Privacy and Security Privacy and security are essential not just for technological reasons, but also for societal and personal ones, including mental health. And if you're not already using privacy-friendly means to do things online, maybe today's a good day to check out what the possibilities are. Open Media petition telling the Five Eyes to stop attacking encryption: https://action.openmedia.org/page/53247/petition/1

I have 2 USB portable drives that use Windows 10 BitLocker, which has worked pretty well for some time, but as of late I have found that I'll need those drives to read/transfer files from Windows 10 AND Linux, so bitlocker isn't going to cut it anymore. Can anyone recommend a good drive encryption software that I can use in both Windows and Linux?

I have a question about Raspberry pi Encryption. I am looking for a way/idea how can I have an encryption between my Raspberry and the SD card so if someone manage to get his hands on my SD card, he wont be able to read the files. Also if the Raspberry Pi has its encryption written in the RAM, the problem is that it will get deleted after a reboot. Thanks in advance.

Was hoping for the process to be complete within 5 or 6 hours, I was very wrong. Am I able to leave the computer in sleep mode and have the process continue? Would I lose the progress If It does not? Not sure if it's a start/stop sort of thing where logging back in would have the process just pick up from where it was without any error. Sorry if this is in the wrong topic/for the somewhat stupid question.

What makes Linus think DropBox can't view your files? DropBox has full access to the files you upload; it is NOT zero knowledge. All it takes is for them to make one dumb mistake and all of your private (not illegal) files are open to the public, like what happened in 2011.

Hi all, Apologies for a question that might seem dumb, but I'm not well-versed with system security and would like to start encrypting my files. Main question: Will VeraCrypt's full-disk encryption option delete my existing files on my external HDD partition? I have a lot of personal files I want to secure, and full-disk encryption seems like a good idea. However, VeraCrypt doesn't make it very clear if encrypting my disk partition will delete the files already there. Will it do this? Thanks! --- UPDATE: It does.

I recently got a Western Digital Black SN850 500 GB so I was wondering if it matters whether I install my OS (windows) and work files on it or use it for general storage/gaming. I also got a Samsung Evo 970 plus Evo 1TB which I wanted to use for general storage/gaming, but it's got a 256 bit hardware encryption unlike WD. I couldn't find a proper answer elsewhere so I'd really appreciate it if you can help me out.

Hi, long ago when I was a freshman at university, there was this rumor around which said that you couldnt enter the USA, if you had a laptop on you which was encrypted. Now, in the years working in the Industry, I've come across different variations about that story, some would be that it only applies when you are suspicios, or some would be that it only affects people going to china or russia. Is there any thruth to this ? or is it really just a urban legend ?

So I just finished upgrading the storage in my home server and I learned a few lessons that I thought I would share with you guys, so that hopefully some of you might find it useful at a later date. I recorded a lot of it and plan on writing it up in a blog and making a YouTube video about it. If/when I do, I'll edit this post with links to those items. First off, my server is running Debian 10 Linux in a headless state; no GUI installed, which means 99% of my management is done via SSH unless there's some kind of a problem that prevents it from booting so that I have to physically go connect a monitor to it, so everything I did was done via the command line. It "was" using two 12TB WD Gold drives in Linux software RAID 1 (mdadm). I created a partition with a specific sector count on each of those drives about 1GB less than the total capacity of the drives, and then added that partition as the RAID member. That way if I ever replaced a drive with one of a different model and the capacities were "slightly" off, it wouldn't be an issue. When creating the actual data partition on the RAID device, I encrypted the partition so that if I ever had to RMA a drive, nobody would be able to retrieve sensitive or personal information from the drive at a later date, especially since RAID 1 has a complete copy of everything on both drives, so one drive is enough to recover everything. The partition didn't used to be encrypted until I had my first drive failure and realized I was about to ship a drive with lots of personal files through the US Postal Service, and that in all likelihood they would refurbish the drive and resell it with the same platters inside since I'm pretty sure it was just the read head that died. I managed to get the drive working long enough to run shred on it for about 90% of the drive before it quit for good (which was fine because it wasn't 90% full) before shipping it off, but after that I decided to encrypt the partition. We started approaching the 12TB limit recently, and I decided that the easiest course of action would be to buy one additional drive and switch to RAID 5; which would double our storage capacity to 24TB and still allow us to lose one drive without losing any data. I have a separate off-site backup drive, so we're talking strictly about what's physically inside the server. My only concern was, I really didn't want to delete my RAID group and re-make it if I didn't have to. I have the backup, but it would have taken over 24 hours to restore from the backup since it's a USB external drive; and that would have left us without Nextcloud and Plex for that entire time (I make heavy use of Nextcloud and my kids and nieces/nephews love Plex), plus that would mean that until it was finished, I would only have one complete copy of my data, and I'd just have to hope my backup drive didn't die during the restoration. As it turns out, if you're using Linux software RAID (mdadm), a two disk RAID 1 can be directly converted to a degraded two disk RAID 5, at which point you just add the third disk so that it's no longer in a degraded state. All you have to do is run: mdadm /dev/mdfoo --grow --level=5 mdadm --grow /dev/mdfoo --add /dev/foo --raid-devices=3 The cool thing about this was that even though the reshape took almost two days, my data was accessible during that time, so we were still able to continue using the various services on the server. On top of that, once it was done, it automatically grew the array as a whole to the proper new size of 24TB, although I had read that in some cases you might need to do that part manually. The server obviously runs on an UPS, so if there had been a power outage or flicker during the process, it wouldn't have bothered anything. I even rebooted the server once during the reshaping process and it just picked up where it left off once it was back up and running. My next issue was that, even after the many hours it took to reshape the array into a proper RAID 5 that spanned all three disks, the actual data partition on it was still only 12TB. The partition was encrypted, so my next task was to resize that partition to take advantage of the increased capacity of the RAID pool. After doing some reading and experimenting in a VM, I discovered that once the reshape was done, all I had to do was unmount and luksClose the encrypted partition, then unlock it again with luksOpen, and LUKS automatically extended the LUKS device to fill the new capacity of the RAID array. Then I just had to do a filesystem check on the data partition within the LUKS device by running: e2fsck -f /dev/mapper/somedrive Then resize the partition with: resize2fs /dev/mapper/somedrive Resizing the partition itself only took a couple of minutes. So what I've learned from all this is that, if you don't care to do some reading, Linux disk management via the terminal is incredibly powerful and flexible. I was able to convert a software RAID 1 directly to a software RAID 5, and then resize an encrypted partition on that RAID 5 group, all without losing any data, and with minimal actual downtime. Obviously I updated my backup drive before starting the process, just in case. I'm just incredibly grateful that it all went off without a hitch, which isn't always the case when it comes to technology, so I thought I would share my little learning experience in case it helps or entertains some of you. The info I found about converting the RAID array was here: https://raid.wiki.kernel.org/index.php/A_guide_to_mdadm#Upgrading_a_mirror_raid_to_a_parity_raid And the help I got for resizing the encrypted partition came from "jelly" on the Debian IRC on Freenode.

Summary A German born photographer living in San Francisco feels like he’s going crazy because he can’t access his Bitcoin wallet worth $220 million because he has forgotten his password My thoughts And then there’s me thinking how I wish to myself I was an early adopter of Bitcoin just like Mr. Stefan Thomas. Just like the rest of the Bitcoin millionaires in the news, he’s also an early adopter way back in 2011 when he was living in Switzerland but it was given to him as a reward. He kept it in an encrypted, password protected wallet which he can’t recover due to his lost password. Just imagine how much richer he could’ve been. Now he can’t stop thinking about it, as if he’s going crazy. Now the take away from the story is to use a password manager to remember those passwords for you, especially for those stored years ago. I do not recommend using pen and paper to write those down just like Mr. Thomas. But remember that when investing whether it’s stocks, bonds, or even crypto, do not put your eggs on a single basket or else nothing will be left. Unlike bonds, stocks and investment funds that is protected and regulated, cryptocurrency is decentralized hence you’re on your own. Also, unlike banks with depositor insurance mandated by the like of FDIC ($250,000), crypto has none. But the guy in the story doesn’t seem to have gone poor because has put all his money to BTC more of regret and disappointment because he cannot remember his password. Let’s also not forget that crypto is a favorite of cybercriminals as if it’s a low hanging fruit. Ransomware authors often demand monetary ransom in a form of crypto and hackers exploit vulnerabilities in public ledgers. So, banks are still the best place to store money and for safer investments, talk to a legit financial adviser about investment choices with varying aggressiveness in earnings. Nonetheless, this is not the last person in the news about forgotten Bitcoin passwords as their values become even higher. Sources New York Times

Hey I'm currently thinking of encryption my HDD on my laptop. But as we all know, encryption (no matter standard) is only as powerful as the password used. I would absolutely hate to have to put in (and try to remember) a long password every time, therefore I want to know if there is any great (preferably freeware/opensource) software that lets me encrypt my laptop, but then lets my unlock it with my phone? Like its known for many two step auth.

Hello i recently got my Personal Computer back up and running from being tired for personal/medical reasons.. Anyway i set-up Bitlocker Drive Encryption for Windows 10 Pro x64 (64-Bit) Activated 2004 OS Build 19041.572 Windows Feature Experience Pack 120.2212.31.0 However i was stupid enough because it's a USB Mass Storage Device (Removeable) Docking Station with DISK 1&2 as shown I finished the Bitlocker Drive Encryption and it FAILED! Now something went wrong during restart/startup/boot that caused Windows to corrupt the entire encryption procces/drives 1&2 I am NOT going to format data and risk my DATA!! all is untouched after the failed encryption attempt now Windows 10 prompts me this Screens: FAILED TO MAKE A BACKUP ... AM a regular consumer so dont blame me pls I want all my data back and recovered i have BOTH encryption keys all keys are back up and on USB/BACKUP keys Any help is much apreciated and Thanks!