Jump to content

Which Encryption to use?

Shahin
 Share
Posted

Hello,

 

So I would like to encrypt my PC drives. It's all well and good to have secure passwords but you can easily take out a drive and plug it into another PC, load up linux and see everything. I'm trying to avoid that scenario. What types of protection do you use for your drives? 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

If you have a Pro edition of Windows and a TPM chip, you can use BitLocker. It does a pretty good job.

Intel® Core™ i7-12700 | GIGABYTE B660 AORUS MASTER DDR4 | Gigabyte Radeon™ RX 6650 XT Gaming OC | 32GB Corsair Vengeance® RGB Pro SL DDR4 | Samsung 990 Pro 1TB | WD Green 1.5TB | Windows 11 Pro | NZXT H510 Flow White
Sony MDR-V250 | GNT-500 | Logitech G610 Orion Brown | Logitech G402 | Samsung C27JG5 | ASUS ProArt PA238QR
iPhone 12 Mini (iOS 17.2.1) | iPhone XR (iOS 17.2.1) | iPad Mini (iOS 9.3.5) | KZ AZ09 Pro x KZ ZSN Pro X | Sennheiser HD450bt
Intel® Core™ i7-1265U | Kioxia KBG50ZNV512G | 16GB DDR4 | Windows 11 Enterprise | HP EliteBook 650 G9
Intel® Core™ i5-8520U | WD Blue M.2 250GB | 1TB Seagate FireCuda | 16GB DDR4 | Windows 11 Home | ASUS Vivobook 15 
Intel® Core™ i7-3520M | GT 630M | 16 GB Corsair Vengeance® DDR3 | Samsung 850 EVO 250GB | macOS Catalina | Lenovo IdeaPad P580

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

+1 to @BlueChinchillaEatingDorito , All Zen based AMD chips, AFAIK (Ryzen 1200, 1700X) include a firmware based TPM. The biggest downfall of these is that you won't be able to upgrade your CPU while keeping the TPM.

Main: AMD Ryzen 7 5800X3D, Nvidia GTX 1080 Ti, 16 GB 4400 MHz DDR4 Fedora 38 x86_64

Secondary: AMD Ryzen 5 5600G, 16 GB 2667 MHz DDR4, Fedora 38 x86_64

Server: AMD Athlon PRO 3125GE, 32 GB 2667 MHz DDR4 ECC, TrueNAS Core 13.0-U5.1

Home Laptop: Intel Core i5-L16G7, 8 GB 4267 MHz LPDDR4x, Windows 11 Home 22H2 x86_64

Work Laptop: Intel Core i7-10510U, NVIDIA Quadro P520, 8 GB 2667 MHz DDR4, Windows 10 Pro 22H2 x86_64

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, Shahin said:

Hello,

 

So I would like to encrypt my PC drives. It's all well and good to have secure passwords but you can easily take out a drive and plug it into another PC, load up linux and see everything. I'm trying to avoid that scenario. What types of protection do you use for your drives? 

Take it from me: DO NOT use any encryption tied to the hardware of your system. If it's Windows, try Veracrypt. If you're on linux, Ubuntu has a nice installer that will use dm-crypt and LUKS to secure your drives. This is good enough to keep script kiddies and the random police officer at the local police house out of your files. If you're trying to hide from the NSA, you're asking in the wrong place. That said, if you're trying to hide from the NSA, you're also willing to do a lot of things that are just plain a pain in the ass to live with.

 

So, in short, stick with dm-crypt/LUKS, or veracrypt. These are software based encryption methods that will allow you to move your drive from computer to computer, so long as you remember the unlock password for the drive. When a motherboard or CPU die, your drive doesn't become inaccessible.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, asquirrel said:

Take it from me: DO NOT use any encryption tied to the hardware of your system. If it's Windows, try Veracrypt. If you're on linux, Ubuntu has a nice installer that will use dm-crypt and LUKS to secure your drives. This is good enough to keep script kiddies and the random police officer at the local police house out of your files. If you're trying to hide from the NSA, you're asking in the wrong place. That said, if you're trying to hide from the NSA, you're also willing to do a lot of things that are just plain a pain in the ass to live with.

 

So, in short, stick with dm-crypt/LUKS, or veracrypt. These are software based encryption methods that will allow you to move your drive from computer to computer, so long as you remember the unlock password for the drive. When a motherboard or CPU die, your drive doesn't become inaccessible.

With BitLocker, you still have a backup password available to decrypt the drive if your motherboard dies for instance if you cleared the TPM by accident for whatever reason. 

Intel® Core™ i7-12700 | GIGABYTE B660 AORUS MASTER DDR4 | Gigabyte Radeon™ RX 6650 XT Gaming OC | 32GB Corsair Vengeance® RGB Pro SL DDR4 | Samsung 990 Pro 1TB | WD Green 1.5TB | Windows 11 Pro | NZXT H510 Flow White
Sony MDR-V250 | GNT-500 | Logitech G610 Orion Brown | Logitech G402 | Samsung C27JG5 | ASUS ProArt PA238QR
iPhone 12 Mini (iOS 17.2.1) | iPhone XR (iOS 17.2.1) | iPad Mini (iOS 9.3.5) | KZ AZ09 Pro x KZ ZSN Pro X | Sennheiser HD450bt
Intel® Core™ i7-1265U | Kioxia KBG50ZNV512G | 16GB DDR4 | Windows 11 Enterprise | HP EliteBook 650 G9
Intel® Core™ i5-8520U | WD Blue M.2 250GB | 1TB Seagate FireCuda | 16GB DDR4 | Windows 11 Home | ASUS Vivobook 15 
Intel® Core™ i7-3520M | GT 630M | 16 GB Corsair Vengeance® DDR3 | Samsung 850 EVO 250GB | macOS Catalina | Lenovo IdeaPad P580

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

-> Moved to Programs, Apps and Websites

^^^^ That's my post ^^^^
<-- This is me --- That's your scrollbar -->
vvvv Who's there? vvvv

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

My motherboard is this - https://www.msi.com/Motherboard/support/H110M-PRO-VD.html

Where do I check whether it has a TPM chip? 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×