Hard Drive Encryption: PGP Disk, LUKS, BitLocker

Why encrypt a hard drive? It makes it safer to dispose of an old hard disk… your data won’t fall into the wrong hands. This only matters if you want data to remain confidential. Laptop owners should consider using hard disk encryption.

When is it a bad idea to encrypt a hard drive? First, if you have a dual-boot computer (Linux and Windows), and you want Linux to be able to access all of the data on the Windows drive. Second, when the data confidentiality is of low concern and the data availability is of high importance.

Bruce Schneier writes about Microsoft BitLocker, which will be available in Windows Vista:

BitLocker Drive Encryption is a new security feature in Windows Vista, designed to work with the Trusted Platform Module (TPM). Basically, it encrypts the C drive with a computer-generated key. In its basic mode, an attacker can still access the data on the drive by guessing the user’s password, but would not be able to get at the drive by booting the disk up using another operating system, or removing the drive and attaching it to another computer.

PGP Disk is a current solution — no need to wait for Vista. On Linux, there are many solutions. The most current is LUKS and dm-crypt:

Apparently, HAL in Fedora recognizes LUKS volumes. It’s also possible to encrypt only your home directory with LUKS.

Update 5 June 2006

See also http://www.truecrypt.org/ and Wikipedia’s guide to disk encryption software.

Security Myths and Passwords

Professor Eugene Spafford “is one of the most senior and recognized leaders in the field of computing.” Here’s what he has to say about password security.


In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. The result is a stale policy that may no longer be effective…or possibly even dangerous.

Policies requiring regular password changes (e.g., monthly) are an example of exactly this form of infosec folk wisdom.

Read the article for more details.