Encrypting the Windows System Disk - good idea or not?

Page 2 of 2 FirstFirst 12
  1. zebal's Avatar
    Posts : 155
    Windows 10 Pro x64
       #11

    If there would likely be a conflict on a dual-boot system where both Windows and Linux were encrypted, then I'd go for just the Windows OS to be encrypted and the Linux OS not.
    There should be no conflict at all because boot loader will likely be grub, so you'll have to enter password for one of the OS's you choose to boot.

    However setting thing up may not be easy, you'll have to some research on that, dm-crypt is harder to set up than bit locker,
    dm-crypt syntax is same on all distributions, but setting it up may differ from one distro to other.
    Some installer allow to set it up right away during installation, which depends on distro you use.

    What is TPM and how do I know if my hardware has it (or is compatible)?
    TPM mean Trusted platform module, it's hardware device used for secure key storage.
    without TPM you will be use software based encryption which is less secure, you'll need to consult
    your motherboard manual to see if TPM is installed. or see in BIOS if there is one, could be disabled in BIOS.

    For more information about hardware requirements refer to bellow link:
    https://docs.microsoft.com/en-us/win...quirements-faq

    I'm really asking whether there is any merit to encrypting the OS where your data is on a separate disk and the disk is encrypted. Seems like overkill to me. Thoughts??
    It's not overkill if you need safe data in both operating systems, the point is if one OS get rooted, other one stays safe and locked down.
      My Computer

  2. Steve C's Avatar
    Posts : 5,461
    Windows 10 Pro 64 bit
       #12

    This will lead to pain and grief maintaining your PC unless you are seriously concerned someone is going to break in and walk away with you PC. If so concerned, you can encrypt any sensitive folders.
      My Computers

  3. ArthurDent's Avatar
    Posts : 133
    Windows 10 Pro (x64) 2004 (OS Build 19041.329)
    Thread Starter
       #13

    Steve C said:
    This will lead to pain and grief maintaining your PC unless you are seriously concerned someone is going to break in and walk away with you PC. If so concerned, you can encrypt any sensitive folders.
    Ey up Steve!

    Would you care to elaborate the highlighted section?

    Cheers,

    Art
      My Computers

  4. lx07's Avatar
    Posts : 5,478
    2004
       #14

    ArthurDent said:
    I'm really asking whether there is any merit to encrypting the OS where your data is on a separate disk and the disk is encrypted. Seems like overkill to me. Thoughts??
    I don't think it is overkill to encrypt the OS volumes at all. The main reason to do so is you don't know what temp files are going to be stored where (autosaved Word docs, pagefile/swap, caches etc). For sure your final document is not the only place containing sensitive information. Full disk encryption (full volume to be more accurate) means you don't have to worry about it.

    I run Linux/macOS and Windows and all OS volumes are encrypted with LUKS/FileVault/Bitlocker respectively and I wouldn't consider not using encryption on any device. For sure probably your PC won't get nicked and even if it does the thief probably won't bother to try to steal your identity but why risk it? CPUs have had built in encryption instructions for years so any performance overhead is minimal and I don't find entering a password to unlock the OS volume on boot too much of a hassle.

    It isn't particularly complicated - as you are using Windows 10 Pro you'll find Bitlocker particularly easy - if you find it is causing you performance issues (it doesn't for me - I do typical Office things, programming and light gaming) you can simply turn it off again. See Turn On or Off BitLocker for Operating System Drive in Windows 10
      My Computer

  5. Steve C's Avatar
    Posts : 5,461
    Windows 10 Pro 64 bit
       #15

    ArthurDent said:
    Ey up Steve!

    Would you care to elaborate the highlighted section?

    Cheers,

    Art
    I've seen various issues with Bitlocker reported on the forum, it adds a performance overhead and you might lose the key. I don't see the point of encrypting the whole drive rather than just any sensitive personal files.
      My Computers

  6. ArthurDent's Avatar
    Posts : 133
    Windows 10 Pro (x64) 2004 (OS Build 19041.329)
    Thread Starter
       #16

    Steve C said:
    I've seen various issues with Bitlocker reported on the forum, it adds a performance overhead and you might lose the key. I don't see the point of encrypting the whole drive rather than just any sensitive personal files.
    @Steve C

    So you'd recommend VeraCrypt over BitLocker if you were to encrypt either the drive or files?

    As for forgetting the key or passphrases/passwords I use a couple of methods which work well:

    1) Any old car I've owned, together with the registration number and colour, separated by slashes - eg 'Escort/DWB21F/Blue'

    or

    2) The initial letters of the first line or two of a favourite song - eg 'What a Wonderful World' becomes 'Istogrr2-istbfmay' with a dash between line 1 and line 2.

    Easy to remember (especially the favourite song) as you can sing along in your head whilst you type the password in! The bonus is that whilst both are lengthy (the car password has 18 characters and the song 17 characters) they are very easy to remember!

    The number of combinations (incl special characters) for the above car password is 1e+35 and for the song 1.1381655e+33 meaning that they would take quite a while to crack with a powerful PC (the car password is less secure containing two dictionary words 'Escort' and 'Blue' of course).

    You can even leave hints for yourself. For example, I had the Escort back in 1975 - so long ago, that nobody but me would remember it - so I can leave the hint 'Blue Escort' or with the favourite song I could put 'Wonderful World' - or even just the words 'Escort' or 'Wonderful'. That would be enough to remind me which password or passphrase to use as the format is the same each time for a car or song.

    Art
      My Computers



 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:21.
Find Us




Windows 10 Forums