Cryptography is the ultimate form of non-violent direct action. While nuclear weapons states can exert unlimited violence over even millions of individuals, strong cryptography means that a state, even by exercising unlimited violence, cannot violate the intent of individuals to keep secrets from them. Strong cryptography can resist an unlimited application of violence. No amount of coercive force will ever solve a math problem.Julian Assange
Comprehensive encryption of operating system or hard disk drive
We call this chapter “Encryption of operating system or hard disk drive” as this expression can be interpreted differently. Encrypting an operating system doesn’t always mean full disk encryption as the hard disk may have a few operating systems. You may also happen to have a few hard disks…
To avoid confusion here, the majority of users would see disk encryption and system encryption as two synonymous definitions. The term “full disk encryption” or “whole disk encryption” signifies the encryption of the entire disk, including the operating system and system files.
This course caters to people with all levels of technical knowledge so I would like to give you a clear example of how encryption of hard disk with operating system works.
Without encryption your hard drive resembles a box with data that can be retrieved by anyone if this person gains physical access to it. But unlike the real box, this perpetrator can find the files that have been deleted or stored on it before. That is why law enforcement would seize and tag a hard drive, then send it to a lab where the computer forensic experts will proceed to extract the information stored on it.
You can find similar offers on the Internet:
Comprehensive encryption can’t prevent unauthorized access to the “box”, however, the perpetrator will see instead not the documents he targeted but a set of shredded paper useless even for forensic experts.
I already use encrypted file-hosted volumes to store my sensitive data. Therefore, I don’t have to use full disk encryption.
Well, you still have to. Full disk encryption protects all the files of the system: system files, home directory, temporary files, swap file, deleted information.
All modern operating systems come with a built-in hard disk encryption capability. In some cases it is recommended you use alternate tools – you are going to learn about them in the next sections of this chapter.
Of course, in this introduction we are dispelling another common security related myth.
Encryption of operating systems or comprehensive encryption of hard disk can be easily defeated.
Nowadays proper encryption and secure storage of your key make defeating an encrypted hard disk impossible.
This myth is mainly perpetuated by the users who make rash conclusions. For instance, even macOS by default offers to keep the encryption key in the cloud storage iCloud if you choose to make comprehensive hard disk encryption. Of course, you shouldn’t do that, just as you wouldn’t want to use a simple password or fingerprint when entering the system. In the final chapter of this part, we will dwell on two ways of defeating an encrypted disk.
If you an ardent enthusiast of new technologies, I have to point out the fact that it is extremely easy to overpower you and press your finger to a sensor. So if breaking the encryption of your disk is as easy as putting a finger to the sensor, you can hardly call such encryption unbreakable, can’t you?
Suppose, there are Peter and Jack. Peter chose to use full disk encryption while Jack didn’t. One day Peter and Jack’s premises were invaded by some perpetrators who seized their hard drives and equipment. All Jack’s data, his browser history, correspondence, documents were accessed within twenty-four hours in a lab while Peter’s hard disk remained undefeated.
Well, I lied to you, Peter’s finger was accidentally caught by the door so the pain he endured made him give up the password, but that would be a completely different story. To protect yourself against such attacks, take advantage of our solution – emergency data erasure system.
Let’s look at a slightly different situation. Peter and Jack had their laptops stolen from them by their competitors. All Jack’s data were extracted: a history of visited sites and viewed videos, passwords, deleted files, correspondence, personal and family photos. The competitors discovered that he favors gay adult content and interacts with young men. While Peter had full disk encryption and the only inconvenience he endured was buying a new laptop.
Peter and Jack lost their laptops, and, unfortunately, they fell into some scammers’ lap. They extracted all the data from Jack’s laptop and discovered his cheatings with men on his wife. They started blackmailing him. Jack paid them once, but the blackmailers didn’t go away and asked twice as much. Poor Jack had to pay them three times, but the scammers still exposed all his compromising information on social networks by sending it to his friends. While Peter just got away with buying himself a new laptop. Even the meanest scammers are unable to defeat strong encryption.
Make sure your hard disks are encrypted. Don’t follow Jack’s example.
By the way, Peter did lose three laptops, but he didn’t lose one megabyte of his sensitive information because he made backup copies.
Let me warn everyone who is going to regularly use disk encryption. You can always recover data from your hard drive even if you lose your password to the system, but with disk encryption the loss of the key will make your data unrecoverable. Neither special applications nor forensic experts will be able to help you.
Losing your key renders your data on the encrypted disk irretrievable. Store the key in a reliable place and don’t forget to regularly make backup copies.