topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 5:54 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How to encrypt external hard drives using USB in Windows 7 Pro and Home?  (Read 7680 times)

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member
I would like to encrypt a few of my external hard drives (from 400GB to 1TB) that I connect to my machines via USB. I have never done this before, so I'd like to ask for advice on how to go about this.

These hard drives have family photos on them (no state secrets or anything illegal), and my main motivation is to protect my privacy, should I ever be burgled. So the encryption doesn't necessarily have to be industrial strength, just something for reasonable personal security.

I have searched around to see what kind of free solutions are out there. My PCs are running Win7 (Home and Pro). The online advice I came across so far I found somewhat confusing. E.g. some people said to use BitLocker, but for some reason my Windows 7 installations don't have BitLocker. The only thing I can find in my Win 7 Pro machine is called "Encrypting File System (EFS)." But it looks like it doesn't work on Win7 Home, so it would be a hassle to try to use an encrypted drive on both Pro and Home.

Any suggestions for a relatively hassle-free encryption solution for external hard drives for personal use that would work with both Win7 Home and Pro? Or does it mean that an external hard drive would only work with the machine that encrypted it? Sorry, I'm really clueless about how this is supposed to work. Ideally I'd like to be able to use such an encrypted hard drive across several machines using Win7 Home and Pro.

P.S. I'm also a bit worried about encrypting my drives and then losing the encryption keys or messing things up some other ways. It would be just as much of a disaster if I permanently lost access to our family photos by making the drives inaccessible. So what I'm saying is I need an idiot-proof solution.  ;)

P.P.S. It seems that since the Snowden revelations there are not many solutions out there that are generally trusted.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Bitlocker was/is only available on Pro or higher versions of Windows 7 or later.

VeraCrypt - an updated version of the no longer developed TrueCrypt

These hard drives have family photos on them (no state secrets or anything illegal), and my main motivation is to protect my privacy, should I ever be burgled. So the encryption doesn't necessarily have to be industrial strength, just something for reasonable personal security.

...

P.S. I'm also a bit worried about encrypting my drives and then losing the encryption keys or messing things up some other ways. It would be just as much of a disaster if I permanently lost access to our family photos by making the drives inaccessible. So what I'm saying is I need an idiot-proof solution.  ;)

Given the projected usage a better solution would be to use unencrypted drives, ("drives" because you should have at least one backup), and store them somewhere safe, ie. a safe or some other innocuous place, (you'd be surprised how many good hiding spots are in plain sight).

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
You should be able to download and run bitlocker on your Wpro machine, and then read encrypted drives on other computers. EFS will encrypt files and folders.

I wouldn't disagree with 4wd's suggestion either, although if you do use the drives regularly you'll probably leave them out sometimes.

Mostly I'd suggest multiple copies in multiple places. Including cloud.

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member
I'd suggest multiple copies in multiple places. Including cloud.

Thanks, I already do that. But that doesn't solve the privacy protection problem, i.e. if someone breaks in and steals the drives, they will have access to the photos, videos, and audio records, which is what I'd want to prevent.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Bitlocker was/is only available on Pro or higher versions of Windows 7 or later.

Unfortunately - since Bitlocker To Go would be great for this - Bitlocker isn't available in Win7 pro, as it's only available in the Enterprise and Ultimate editions.


EFS is best left to domain networks due to the level of complexity that is recovery key handling. So a third party solution is probably best for this.

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
TrueCrypt was the solution of choice for nearly everyone until its mysterious demise.

VeraCrypt is based on the TrueCrypt code and seems to be the preferred replacement among many former TrueCrypt users.  It seems to be actively developed and updated at this time.
 
Unusually for open source software, it has excellent documentation, including a tutorial for beginners.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
EFS is best left to domain networks due to the level of complexity that is recovery key handling. So a third party solution is probably best for this.
This!

EFS is super easy to use, but it's also super easy to forget about key management, and then you suddenly have no way of accessing your files after a Windows reinstall.

I'll add a +1 for VeraCrypt. There's several ways to use it, the simplest being a container file on a FAT or NTFS partition. For my cold-storage drives, I use an alternative method, though: first I use fdisk (or some other partitioning tool) to create a partition spanning the entire external drive, then set its type to "Linux". This has the advantage of not wasting space for a filesystem that only contains a container file, and setting the partition type to "Linux" makes Windows not complain about unrecognized filesystem and offer to format it for you...

Another advantage of VeraCrypt is that it's cross-platform so your data isn't locked to Windows. Oh, and then there's the whole open-source and peer-reviewed aspect, which is also kinda nice.

Yes, you still need to remember passphrases, and there's a bit of hassle in mounting your containers - but you don't get any kind of sensible security entirely transparent.
- carpe noctem

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Bitlocker was/is only available on Pro or higher versions of Windows 7 or later.

Unfortunately - since Bitlocker To Go would be great for this - Bitlocker isn't available in Win7 pro, as it's only available in the Enterprise and Ultimate editions.

Ah OK, must of only appeared in Pro versions since Windows 8.

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member
Thank you all, I'll investigate VeraCrypt then.

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
Bitlocker was/is only available on Pro or higher versions of Windows 7 or later.
Bitlocker isn't available in Win7 pro, as it's only available in the Enterprise and Ultimate editions.
Oops :-[. Sorry. I forgot I'd set it up originally on a W8 machine.

I must say that the unanimity of support for Veracrypt will take me in that direction. I much prefer multi-platform. I've still been using TrueCrypt.
« Last Edit: May 01, 2016, 03:07 AM by Dormouse »

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Another option: Fort File Encryption: protect individual files - gHacks Tech News
Note that a program like Fort is NOT a proper substitute for full-disk encryption! It requires you to work with a decrypt/modify/encrypt workflow, which leaves traces all over your harddrive.

It's probably OK for transferring moderately sensitive material to somebody else, but unless anonymity is involved, I'd personally prefer PGP/OpenGPG for that scenario. And this sentence from their website makes me cringe: "Well designed FortMachine.dll cryptography library available for developers" - you really shouldn't roll your own crypto primitives. Also, "Protect against keyloggers, supports on screen keyboard", while well-meaning, is security theatre - if you're at the point where you try to prevent keyloggers, you've already lost.

EDIT: I took a quick browse through the source code, and at least the FortMachine.dll is just some simple high-level wrappers around .NET crypto primitives, so it's not "rolling your own" level bad :)
- carpe noctem
« Last Edit: April 20, 2016, 01:51 PM by f0dder »