Encryption — is it worth to encrypt your drive?
Why and when you should encrypt your data?
Nowadays it is a wise to hide your personal data because if you do not do this, you can fall into trouble. There are lots of bad people outside the world that can use your personal data to e.g. steal your money or take a loan as you. A list of threats is quite long and we’ll not go through them. The important thing is to be aware of these threats and do something to avoid them.
Encryption is partly a solution for data security problem. Partly because it would not protect you from software threats like viruses and so on. It will protect you from physical access to your data only when there is no active encryption session. By encryption session I mean the time that encrypting program unlocks files after you passed a correct password. So if your computer is turned on, hibernated, suspended or something like this, the encryption may not protect your data.
Encryption is a process of encoding the data in the way that it can be read only by decoding with encryption password. Special encoding algorithms are used for this. The most popular nowadays is AES.
If you encrypt your data on the device, the password can be cracked. There are some ways to do that. The most common is brute force — try all possible combinations. Brute force can use dictionary words and their combinations. Efficiency of brute force differs from your password and the computing power of the computer that will crack the password. Long, difficult password without words from the dictionary guarantees that it will not be cracked in the finite time. Let’s check some random password — https://howsecureismypassword.net/. It can take thousand years to crack it. Even if somebody would use supercomputer (which is costly), it can take years now and in the future. So basically good password can protect your data!
Passwords for services in the web e.g. Gmail, bank web-service can be much weaker. Gmail requires 8 characters for password, for disk encryption your password should have at least 20 of them. Why is that? Password brute forcing for disk does not have any limits. Gmail or any other well secured web service will block your account after some number of wrong login tries.
What and how should I encrypt my data?
You can encrypt the whole drive, system or just files that are personal, sensitive. You need to make a decision. Before that think about all pros and cons of those two ways. I will elaborate some of them.
Performance footprint
Encryption has tremendous impact on drive’s performance. As you see in the picture. It is much slower to read and write when there is some encryption process in the middle.
This test was made on my computer. I repeated the process and the results were similar. Other people’s results look similar, encryption makes reading and writing slower in some cases.
The conclusion is to encrypt as little as possible.
Convenience of usage
Encrypting the whole drive can be convenient because you type your password once, before turning on the OS. Everything is encrypted and you have 100% security.
When you encrypt some specific files, there is always some work that you need to do with tools. Also you need to be more conscious what you encrypt and what you do not encrypt.
Conclusions
Do we really need the protection of the whole system/drive? Are our data really so precious?
Encrypting the whole drive can be expensive in case of performance but it is the most convenient and the safest option.
Personally I encrypt specific files. The ones that are private, personal and sensitive. I create for these files disk container in VeraCrypt. I save my Firefox profile on this container to protect passwords and cookie sessions that are saved in it. You can move your Firefox profile directory to wherever you want with this instruction. You can see the VeraCrypt configuration in my another article.
Protecting encryption session is important because it can be hijacked by some other person. If you feel that your data can be in danger close encryption session.
Popularity of encryption
I found that almost all iPhones are encrypted but only few of Androids are. Probably most of the Windows computers are unencrypted as well (I did not find the exact data). The reason for this is mostly performance but also unawareness. Sometimes however, people just take a risk on themselves. Risk that small that they even do not think about it.
Do not fall into paranoia!
It is very important not to fall into paranoia. You don’t have to be constantly afraid about anything. Encryption is like insurance policy, it is some kind of the protection. It will not protect your from everything, it can be even redundant and unneeded, but “in case of something” it will do the job.
With encryption we protect our data from physical access by unauthorized people. If you trust people that you live with, nobody else has an access to your apartment and you do not go out with your computer, it is safe to not encrypt. Of course there are cases when somebody will have an access e.g. guy from the service in case of the broken computer. But this is a risk that you can decide to take. These situations are rare.
Anyway physical access to your computer can have different people — from family, coworkers, technicians to complete strangers e.g. thiefs. So let’s think about the protection of your data in case of risk management.
Summary
I hope now you know what is encryption, why and how you should use it.
If you have any questions or comments. Please let me know. Constructive feedback is appreciated.
