Alternatives To Encryption Re: Prying Eyes

phaedruspress · 23 Apr 2021

After some consideration and practicing on (slow) 16GB USB flash drives I believe I have abandoned my idea to use VeraCrypt on Western Digital 12 and 14TB external USB drives. I have come to the conclusion that encryption is not really designed for drives this large using FDE (Full Disk Encryption since the drives will be filled up and/ or a container with an 11TB file is just as cumbersome ). If I get hit by a bus then I would prefer that my relatives not know what I am hoarding (adult, tv and movies). I am familiar with hiding a folder from the ribbon, as well as from the CMD prompt using something like this (are they the same)

attrib +s +h “C:\Users\Resident 4\a” hiddenattrib -s +h “C:\Users\Resident 4\a” unhide

or simple password protecting folders.

But I am not sure how secure those "tricks" are should someone say boot off of a Linux ISO or just hook up the external USB drives to another computer or make an image of the drive etc. etc. I have come across WD Security but I am unfamiliar with it and don't know if it is any better then the options I ticked off.

So if I don't want to use VeraCrypt or BitLocker are there any alternatives that will force someone to have to format the 12TB drive rather then having them be able to divine the contents using some means to do so? TIA.

Ghot · 23 Apr 2021

I don't know of any way, short of physically destroying the drive.
Modern forensics can do just about anything.

hsehestedt · 23 Apr 2021

Yeah, those tricks are very rudimentary and easily discoverable. Personally, I really prefer encryption.

I'm not familiar with VeraCrypt - I know of it but have never used it. However, why the opposition to BitLocker? You had mentioned a container of 11TB in size, but BitLocker does not operate with a "container". It operates at the block level. If you started with a new or empty 16TB HD, you would find that BitLocker will finish it's initial setup on the drive in mere seconds even if it is a 16GB HDD. It simply encrypts new data being written to the drive then on the fly. If you already have a lot of data on the drive, then, yes, it may take a long time to encrypt that much data. The good thing is that you can pause the encryption and resume at any time, even rebooting or shutting down the system, so the amount of time that the encryption takes shouldn't be a problem.

On the other hand, if your DID want to create a smaller container on your large HDD and encrypt it with BitLocker, that is an extremely easy process to accomplish. You would simply create a Virtual Disk on your HDD and then BitLocker that virtual disk. By doing this you have an encrypted container with the remaining space on the HDD being unencrypted.

Another trick: When you create a Virtual Disk, you have the option of allocating all space up front or making it an expanding virtual disk. As an example, assume you have a 16TB disk. Create an virtual disk of 16TB in size. The virtual disk starts out tiny but expands as you copy data to it. In this way, it has the option to grow all the way to the entire capacity of the drive, but until such time, all the remaining space is available to stuff that you do not want to encrypt.

Just thought I'd toss all this out there to show you some options and flexibility that you have with BitLocker.

One last option: I'm not at all a fan of this one, just wanted to let you know that it exists, and that is EFS (Encrypting File System). I really hate this method because it means having to maintain an EFS certificate in case your computer dies, and it has some network compatibility issues, just be aware that it does exist should you want to research it further. EFS works on individual files but you can set folders for encryption so that any data dropped into them encrypt automatically.

phaedruspress · 23 Apr 2021

Ghot said:

I don't know of any way short of literally destroying the drive.
Modern forensics can do just about anything.

Thanks. Bummer. Do you have an opinion on whether or not the WD Security option is more robust then just hiding the folders?

- - - Updated - - -

[QUOTE=hsehestedt;2206079]Yeah, those tricks are very rudimentary and easily discoverable. Personally, I really prefer encryption.
(Big Snip)
Thanks for replying but you are confusing me with what I perceived you to be intermittently using TB and GB. Kindly keep in mind that I am only talking about external removable USB drives.

"If you started with a new or empty 16TB HD, you would find that BitLocker will finish it's initial setup on the drive in mere seconds even if it is a 16GB HDD...You would simply create a Virtual Disk on your HDD and then BitLocker that virtual disk..."

These are external USB 12 TB drives and 14TB drives.

>Another trick: When you create a Virtual Disk

I am unfamiliar with creating a virtual disk on a removable USB drive or on any drive for that matter. Can virtual disks be created on external removable media? Are they password protected and available each time I plug in the drive? If a smart ass nephew got ahold of the drive could he clone it and have access to it's contents? TIA.

Ghot · 23 Apr 2021

[QUOTE=phaedruspress;2206084]Thanks. Bummer. Do you have an opinion on whether or not the WD Security option is more robust then just hiding the folders?

- - - Updated - - -

hsehestedt said:

Yeah, those tricks are very rudimentary and easily discoverable. Personally, I really prefer encryption.
(Big Snip)
Thanks for replying but you are confusing me with what I perceived you to be intermittently using TB and GB. Kindly keep in mind that I am only talking about external removable USB drives.

"If you started with a new or empty 16TB HD, you would find that BitLocker will finish it's initial setup on the drive in mere seconds even if it is a 16GB HDD...You would simply create a Virtual Disk on your HDD and then BitLocker that virtual disk..."

These are external USB 12 TB drives and 14TB drives.

>Another trick: When you create a Virtual Disk

I am unfamiliar with creating a virtual disk on a removable USB drive or on any drive for that matter. Can virtual disks be created on external removable media? Are they password protected and available each time I plug in the drive? If a smart ass nephew got ahold of the drive could he clone it and have access to it's contents? TIA.

A lot of people password protect a drive.
These days that's fairly easy to crack. If someone really wants to get into your drive... they will be able to do it.

It's why we told the poster that wanted to protect his drives from "spying eyes" at the repair shop... take the drives out, then take the computer to the repair shop.

Hard drives are hard to completely destroy. Even drilling holes in them, won't protect ALL your data from a forensics expert. You'd have to "melt" the drive entirely... like at the end of Terminator 1.

Encryption is probably your best bet to stop prying eyes while you're alive.

hsehestedt · 23 Apr 2021

My apologies. In all cases I mean TB. Brain not gear

.

Below is a tutorial on creating a virtual disk. Super easy! Yes, they can be created on external media. In fact, I do it all the time (I have a very specific purpose that).

A virtual disk is not password protected. That's why I suggested BitLocker, just as with any other disk.

Create and Set Up New VHD or VHDX File in Windows 10

Should you have any other questions, don't hesitate to ask!

Ghot · 23 Apr 2021

This is seriously overkill, but...

Set up a task in Task Scheduler to write zeroes to the entire drive, every night at say 3am.
The you just have to remember to disable that Task... every day, before it is scheduled to run.

That way, if for w/e reason, you aren't around to stop it... your drive will be wiped.

And even that isn't foolproof. It would take about 24 hours minimum, to write zeroes to a drive that size.
So anyone that came in, and just unhooked the drive from the computer, would have the whole drive intact.

phaedruspress · 23 Apr 2021

hsehestedt said:

My apologies. In all cases I mean TB. Brain not gear

.

Below is a tutorial on creating a virtual disk. Super easy! Yes, they can be created on external media. In fact, I do it all the time (I have a very specific purpose that).

A virtual disk is not password protected. That's why I suggested BitLocker, just as with any other disk.

Create and Set Up New VHD or VHDX File in Windows 10

Should you have any other questions, don't hesitate to ask!

>My apologies. In all cases I mean TB

I will take a look at BitLocker To Go which I believe is the flavor that I want, right? Previously I was lumping BitLocker and VeraCrypt all together. You did mention that you are unfamiliar with VC. If you are so inclined and wish to take a look see at it, it is highly respected and quite robust but not as I mentioned designed I believe for 12TB drives.

VeraCrypt

Documentation

Anibor · 23 Apr 2021

phaedruspress said:

After some consideration and practicing on (slow) 16GB USB flash drives I believe I have abandoned my idea to use VeraCrypt on Western Digital 12 and 14TB external USB drives. I have come to the conclusion that encryption is not really designed for drives this large using FDE (Full Disk Encryption since the drives will be filled up and/ or a container with an 11TB file is just as cumbersome ).

Is the disk "fast" when not encrypted and "slow" when encrypted?
The problem may be not related to VeraCrypt itself, but to some special characteristics of the disk, for example it may be a SMR disk.
There isn´t any explicit restriction related to disk size in the VeraCrypt documentation.

phaedruspress · 23 Apr 2021

[QUOTE=Ghot;2206105]This is seriously overkill, but...

Snip

>This is seriously overkill

Ya, think : ) Yeah, I'm not that ambitious and I believe what you are describing is going to be too labor intensive.

>Set up a task in Task Scheduler to write zeroes to the entire drive, every night at say 3am

Do you know how long that would take on an external USB 12TB drive? Days, I would think. I know it took over 24 hours to verify the empty drive when I first received it looking for errors.

Like I said above I think I'm going to give BitLocker To Go a look see. Thanks.