Today we should use encryption of disks for many situations.
I recommend at least encrypting disks of portable computers that contain the home directory and portable USB disks. They can easily get stolen or lost and it is better if the thief does not have easy access to the content. We should even consider encrypting swap partitions.
There are many ways to do this on different operating systems and actually I only know how to do it for Linux. A possible approach for Windows is to run MS-Windows in a virtual box inside Linux and just profit from the Linux-based encryption. That is what I do, but I do not use my MS-Windows very much. About Apple computers I have no knowledge, please go to the site of somebody else for encryption of disks for them. I know that there is an option available for this, but I do not know how to use it and how good it is.
I prefer to rely on open source solutions for security related issues, because it is harder (but not impossible) to put in malicious components into the software and it is easier to find and to fix them. This is a general point that serious security specialists tend to make that it is better to rely on good and well maintained open source software for security than on closed software of which we do not know the wanted and unwanted backdoors and vulnerabilities.
The way it works in Linux is that we encrypt a disk partition. It can then be accessed after providing a password. It is possible to provide several alternative passwords. The tools to use are dm-crypt, a kernel module, LUKS, cryptsetup, and cryptmount.
It can be done like this (example session) for an external drive that appears as /dev/sdc. Please be extremely careful not to erase any data that you still need or hide data behind a password that you do not know…
# check the partitions
$ fdisk -l /dev/sdc
# encrypt the partition and provide a password:
$ cryptsetup luksFormat /dev/sdc1
# access the partition
$ cryptsetup luksOpen /dev/sdc1 encrypted-external-drive-1
# format it with whatever file system you want to use
$ mkfs.ext4 /dev/mapper/encrypted-external-drive-1
# or
$ mkfs.btrfs /dev/mapper/encrypted-external-drive-1
# or whatever you prefer..
Now each time the disk is mounted, the password needs to be provided.
The issue which file system is best might be worth writing about in the future, it is not in this article.
Links
- Disk Encryption Theory (Wikipedia)
- dm-crypt
- LUKS
- cryptmount
- cryptsetup
- FAQ
- Encrypting an external drive using LUKS
- How to encrypt a hard drive using LUKS
- Encrypted external drive with LUKS
- Which filesystem should I use to format my external backup HDD
- The best file system for an external hard disk
- Best file system for your USB external drive
