Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Best way to encrypt my windows 7?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Best way to encrypt my windows 7?

Hello,

I want to encrypt my windows 7 ultimate in case my laptop is lost or stolen, and I'm wondering what's the best encryption tool out there?

Is it safe to use bitlocker, or maybe VeraCrypt?

Or any other suggestions?

Thanks

«1

Comments

  • Falco33Falco33 Member
    edited February 2015

    TrueCrypt 7.1a

  • it is safe to use bitlocker, infact its the defacto encryption for win.laptops where i work.
    make sure you write the keys incase you locked yourself.

    Thanked by 2Hybrid Mark_R
    • do not prepay > 1 year and check for reviews/support
    • only use monthly from a provider operating < 1 year 🍆
  • Thanked by 3geekalot Hybrid netomx

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • I'm alway using BestCrypt Volume Encryption from jetico.com, not free, best one of the best out there. :D Before I mixed with BC and TrueCrypt. But now, only BC.

    Thanked by 1Hybrid

    Kenneth Myhre
    WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

    Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

  • Truecrypt or EncFS (I like EncFS because it encrypts each file individually).

    Thanked by 1Hybrid

    (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

    ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

  • BitLocker is the way to go. While it is possible that some 3 letter agency has a backdoor in it, common criminals and police can't break it.

    Thanked by 1Mark_R
  • MaouniqueMaounique Member
    edited February 2015

    gsrdgrdghd said: common criminals and police can't break it.

    If there is a backdoor, both police and criminals as well as regular people with some effort will manage to get hold of it, it is not like MS has a spotless record there, not to mention the agencies where people work and people make mistakes or can be bought. Anything trojaned or backdoored is not safe, no matter how small is the number of the people which officially have access to it.
    OTOH, using windows and other closed source applications even on linux is even less safe, so, OP may not care for this vector of attack.

    Thanked by 2Hybrid 0xdragon

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • @Falco33 said:
    TrueCrypt 7.1a

    You know TrueCrypt development halted and their website states it is not considered secure and contains unfixed security issues. Many people took this to mean one of the 3 letter agencies forced them to weaken the software in some way and issued a gag order, so they couldn't say "Hey this shit is backdoored" but they could quit working on it and say it has unfixed issues and is no longer maintained. just something to keep in mind.

    I don't use Windows as a primary OS so I can't offer any advice, just wanted ot make sure people are aware of TrueCrypt. If it's just your average petty crooks you're worried about it's probably safe enough. Or run Linux with LUKS/LVM and keep Windows inside a VM where it belongs :)

  • WilliamWilliam Member, Provider

    im_jmz said: You know TrueCrypt development halted and their website states it is not considered secure and contains unfixed security issues

    TC 7.1a was independently verified as secure and can be obtained on https://truecrypt.ch/ . We don't know what happened to TC as company but it's likely a gag order from someone.

    Thanked by 1netomx
  • k0nslk0nsl Member, Member without signature

    Another vote for DiskCryptor.

    Thanked by 1Hybrid
  • @im_jmz said:

    Like William said. 7.1a is been verified and is secure.

  • im_jmz said: You know TrueCrypt development halted and their website states it is not considered secure and contains unfixed security issues.

    No. It states that it MAY contain unfixed security issues. Truecrypt was audited and found to be secure.

    (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

    ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

  • Thanks guys,

    I think I'm gonna try DiskCryptor and see how it goes.

  • Good choice, I'm using DiskCryptor on several machines and even servers - it works flawless.

    Thanked by 1geekalot

    RC5 cracker since 1998!

  • You also have to think, why do you encrypt your computer and for who?
    If it just to secure your content if a common thief steal your computer, almost every encryption software will work, since a common thief, don't use time to try to hack your drive. They just want to delete the content on the disk, and sell the computer for a few bucks.

    If you have company or other sensitive data on your computer, are you afraid of the government stealing your computer and try to get access to them? If yes, you need to get a really good encryption software, maybe several.

    Kenneth Myhre
    WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

    Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

  • i use linux dmcrypt and vmware or vbox for windows 7


    Nexus 6 - Great Phone!

  • howardsl2howardsl2 Member
    edited February 2015

    FYI, Bitlocker is ONLY available for the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and Windows 8.1, and Windows Server 2008 and later. (from Wikipedia)

    If you are using Windows 7 "Home Premium" which comes pre-installed on most new computers, then you are out of luck - the Bitlocker option won't show in the control panel.

    Edit: Just noticed that the OP uses Win7 Ultimate - Bitlocker is available.

  • @bashed said:
    i use linux dmcrypt and vmware or vbox for windows 7

    ^^ This. LUKS + Linux on baremetal with unencrypted Windows as a VM -only- ... (whether Linux desktop or server, i.e. Proxmox / whether Windows desktop or Server) ........ FTW.

    Thanked by 1im_jmz
  • Maybe get one of those new'ish Samsung EVO SSD's - they have built in hardware encryption that integrates into Bitlocker (much faster than software encryption, some would say more secure). Alternatively, if your BIOS supports it, these drives can use Class 0 encryption (before the bootloader is even loaded).

  • NeoonNeoon Member
    edited February 2015

    Do you believe in closed Source entcryption tools owned from a Company which has the NSA in there but? How the fuck can you use BitLocker.

    Thanked by 1TarZZ92
  • im_jmzim_jmz Member
    edited February 2015

    @4n0nx said: No. It states that it MAY contain unfixed security issues. Truecrypt was audited and found to be secure.

    It flat out says "Truecrypt is not secure" on the website, as it "may" contain unfixed security issues. The key part here is where the people who wrote the fucking software begin with "Truecrypt is not secure"... And I do believe they only completed Phase I of the audit, but to be honest I could care less.

    I'm not going to use software when the developer's flat out say "This is not secure" and abandon the project. That's a big red flag in my book, but feel free to use whatever you like.

  • im_jmz said: It flat out says "Truecrypt is not secure" on the website, as it "may" contain unfixed security issues. The key part here is where the people who wrote the fucking software begin

    it was all strange how it happened probably got a us govt special order. Truecrypt is quite safe.

    where they could not tell of such an order (similiar to lavabit)

    I AM BACK :)
    Working Windows Server 2012 R2 on 6GB! Beat that!

  • Infinity580 said: Do you believe in closed Source entcryption tools owned from a Company which has the NSA in there but? How the fuck can you use BitLocker.

    If you have the NSA after you, there's some other variables you should consider - like who did you kill?

    Anyway, Bitlocker uses TPM, unlike the many suggestions here. This adds a whole new level of security where your password is not the weakest link. The TPM effectively prevents brute force attacks on supported hardware.

    There is no evidence that supports Microsoft has any backdoors in any of their code. Any thoughts otherwise are created from emotional fear, ignorance, personal biases, and not from logic and evidence. :)

  • @Silvenga said:
    There is no evidence that supports Microsoft has any backdoors in any of their code. Any thoughts otherwise are created from emotional fear, ignorance, personal biases, and not from logic and evidence. :)

    I'm sorry, but that is wrong.

    http://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor

    vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
    $12/year HostUS Deal (768MB RAM+768MB vSwap)$11.29/year GestionDBI Deal (768MB RAM)

  • im_jmz said: I'm not going to use software when the developer's flat out say "This is not secure" and abandon the project, while suggesting to use closed source software developed by a company that was involved with PRISM.

    yes. great.

    (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

    ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

  • SilvengaSilvenga Member
    edited February 2015

    Traffic said: I'm sorry, but that is wrong.

    That's not a backdoor, lookup backdoor on Wikipedia. Backtrack can do this easily if the user has the skill. COFEE can be see as a nice GUI for ignorant law enforcement officials without the resources of major departments. We are still at "There is no evidence that supports Microsoft has any backdoors".

  • Silvenga said: There is no evidence that supports Microsoft has any backdoors in any of their code. Any thoughts otherwise are created from emotional fear, ignorance, personal biases, and not from logic and evidence. :)

    http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
    Very much personal bias when they say they have to comply with whatever they are told to do.

    (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

    ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

  • I love how you paranoid people really think encryption is going to stop the NSA. They hire people that are far more capable than you at writing and cracking encryptions far more advanced than what the average IT person uses.

  • TrafficTraffic Member
    edited February 2015

    @Silvenga said:
    That's not a backdoor, lookup backdoor on Wikipedia. Backtrack can do this easily if the user has the skill. COFEE can be see as a nice GUI for ignorant law enforcement officials without the resources of major departments. We are still at "There is no evidence that supports Microsoft has any backdoors".

    I must say you are right.

    vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
    $12/year HostUS Deal (768MB RAM+768MB vSwap)$11.29/year GestionDBI Deal (768MB RAM)

  • SilvengaSilvenga Member
    edited February 2015

    4n0nx said: Very much personal bias when they say they have to comply with whatever they are told to do.

    I'm not sure what you said, but there is a huge difference between allowing a government agency access to hosted services and adding backdoors to code. We aren't even talking about the same departments (Sysops/IT vs engineers/designers).

    Again, there is no evidence that Microsoft has coded backdoors into Windows.

  • im_jmzim_jmz Member
    edited February 2015

    NSA hackers undiscovered for 14 years.

    @Silvenga Any thoughts otherwise are created from emotional fear, ignorance, personal biases, and not from logic and evidence. :)

    Now that's just hilarious. Maybe no overt backdoors obviously left open by MS, but with what we have learned with the Snowden revelations you'd have to be pretty fucking dense to believe Windows is a platform built with security/privacy in mind. China and Germany both ditched Windows 8 over concerns about backdoors. Truecrypt authors have argued against the use of TPM in the past, yet when they discontinued work on the project their website has instructions to use Bitlocker and other shitty alternatives offered by MS/Apple--software that has, in all likelihood, been intentionally weakened.

    Does this matter for most of us? No. Most of us are more worried about common criminals and not the NSA. If you're worried about the NSA you have to consider OPSEC from every angle--ideally you'd store everything in an air-gapped encrypted PC within a Faraday cage in a locked room in your basement, but that's neither here nor there.

    And most of you probably think I'm paranoid, but that's OK. I've been called paranoid in the past, when I argued that the NSA was using Room 641A to intercept communications. We all know that turned out to be baseless paranoia, created from emotional fear and ignorance, right? Right.

    @Pwner Modern day encryption is impossible to break when properly implemented, as far as we know, even for the NSA--they don't have to break it though, just convince people to weaken implementation.

    @Silvenga I doubt we'd see a hard coded backdoor. What they do is weaken parts of their software at the behest of the NSA.

    Of course, that's probably more baseless paranoia created from emotional fear, ignorance, blah blah...

    The NSA has a history of getting corporations to weaken their security in very specific ways so that they can compromise them later. They only have to weaken its implementation and they HAVE done this in the past, and continue to do so. Debian had a weakened implementation of OpenSSL for some time.

    Bruce Schneier has some interesting thoughts on the topic.

    Thanked by 1k0nsl
  • im_jmz said: software that has, in all likelihood, been intentionally weakened.

    Evidence of such (don't cite it from a blog or news site)? A likeness is not evidence.

    im_jmz said: Truecrypt authors have argued against the use of TPM in the past

    Context, citations, reasoning? (again, not from a blog)

    im_jmz said: We all know that turned out to be baseless paranoia, created from emotional fear and ignorance, right?

    I don't see a connection, wiretapping has nothing to do with programed backdoors - again, a completely different department. Stop using wiretapping as evidence that another company will spend the resources and engineers to craft a backdoor.

    im_jmz said: Modern day encryption is impossible to break when properly implemented, as far as we know, even for the NSA--they don't have to break it though, just convince people to weaken implementation.

    Your logic is flawed, nothing is impossible. We once thought that we would never use all the IPv4 address out there - it only took 20 years.

    im_jmz said: Of course, that's probably more baseless paranoia created from emotional fear, ignorance, blah blah...

    Political Bloggers are not considered a good source of information nor "exclusive" news stories from huge corporations who see millions in click revenue.

    im_jmz said: China and Germany both ditched Windows 8

    Probably helps that China has been stealing from Microsoft for years (they never did pay for all their licences). Not to mention I highly doubt that decision was made by educated software engineers (rather ignorant politicians).

  • @Silvenga said:
    Evidence of such (don't cite it from a blog or news site)? A likeness is not evidence.

    Lol, have you been sleeping under a rock mate? Have you read any of the Snowden docs at all?

    I'm done with this topic I've done enough research on my own to form an opinion, I'm not going to do your research as well--you clearly have made your mind up, and I'm happy to let you continue in your illusions.

  • edited February 2015

    I agree with @im_jmz some people can be hit with the evidence in the face, and they still don't see it.

    If the snowden revelations did not scare you, you must either be living under a rock, or maybe you don't care about personal privacy at all.

    I personally love my privacy. It's my right.

    I'm going to suggest VeraCrypt == https://veracrypt.codeplex.com/

    It's open sourced and it addressed all the flaws found during the TrueCrypt audit. Although the flaws found in the audit weren't that severe. So TrueCrypt is fine too.

    Also, don't rule out Linux.... the new Kubuntu looks sweeeeeet

    Thanked by 24n0nx im_jmz
  • I would highly recommend BitLocker. It is simple to use, and combined with eDrive and TPM support (if you have a business laptop), it is the fastest and secure enough full disk encryption.

    I highly suggest you get a TPM. A TPM will detect changes in the bootloader. Without it, someone can easily grab your laptop, change the bootloader to keylog your password, and then the whole FDE becomes pointless. This is especially easy to do on a laptop, which is mobile. Truecrypt etc. do not support this feature, and are therefore prone to bootloader malwares.

    Yes, BitLocker maybe backdoored, but if so, so is your internet connection, your chipset and hard drive (really! look up Equation Group). In the end, using an "open source and apparently super secure" FDE is in most cases futile because if you have an adversary strong enough to backdoor your encryption, then a secure FDE is the least of your worries.

    BitLocker is a good enough solution for OP, who is a general user attempting to secure his laptop from thieves and low end identity thieves.

    If you need to hide from a three letter agency, you are asking this question in the wrong forum anyway.

  • May be you can try a truecrypt , for encrypt your file and your folder.

  • @sekjun9878 said: ... I highly suggest you get a TPM. A TPM will detect changes in the bootloader. Without it, someone can easily grab your laptop, change the bootloader to keylog your password, and then the whole FDE becomes pointless...

    Okay, what's a TPM?

    Andrew Glodek | Special Projects Director | 香港國際商務中心 HONG KONG INTERNATIONAL BUSINESS CENTRE
  • sekjun9878 said: I would highly recommend BitLocker. It is simple to use, and combined with eDrive and TPM support (if you have a business laptop), it is the fastest and secure enough full disk encryption.

    I highly suggest you get a TPM. A TPM will detect changes in the bootloader. Without it, someone can easily grab your laptop, change the bootloader to keylog your password, and then the whole FDE becomes pointless. This is especially easy to do on a laptop, which is mobile. Truecrypt etc. do not support this feature, and are therefore prone to bootloader malwares.

    WTF. Recommending closed source for encryption, then claiming that bootloader changes are important, when an attacker would just use regular malware or a hardware keylogger anyway.

    (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

    ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

  • @4n0nx said: WTF. Recommending closed source for encryption, then claiming that bootloader changes are important, when an attacker would just use regular malware or a hardware keylogger anyway.

    Interesting. Use a hardware keylogger on a laptop how exactly?

    Andrew Glodek | Special Projects Director | 香港國際商務中心 HONG KONG INTERNATIONAL BUSINESS CENTRE
  • aglodek said: Interesting. Use a hardware keylogger on a laptop how exactly?

    Can't. You usually carry your laptop with you so..

    Ok I guess one could quickly open it (mine only has 2 screws), or replace a USB device with an identical one that has a keylogger in it.

    Thanked by 1aglodek

    (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

    ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

  • aglodekaglodek Member
    edited February 2015

    Okay, going with this paranoia one step further: assuming the laptop is not tempested, would an attacker be able to "read" keystrokes on a laptop keyboard remotely? (as opposed to a desktop, i.e. wired, keyboard)

    Andrew Glodek | Special Projects Director | 香港國際商務中心 HONG KONG INTERNATIONAL BUSINESS CENTRE
  • @ehab said:
    it is safe to use bitlocker, infact its the defacto encryption for win.laptops where i work.
    make sure you write the keys incase you locked yourself.

    In case of Bit Locked drive, if you accidentally format it, you cannot recover it, that's what happened with me few days ago.

  • If NSA is after you, none of those off-the-shelve encryption is sufficient

    Designers: www.linkun.info

  • MaouniqueMaounique Member
    edited February 2015

    dnwk said: none of those off-the-shelve encryption is sufficient

    One by one, no, but a combination of various techniques, if you really know what you do and use only open source stuff compiled from sources others audited, hardware measures, etc, will make snooping very hard, perhaps even impractical. You also need some luck, without it + a very determined adversary with a lot of resources and time to stalk you for months and years, well, bad luck.
    What I learned in many years as an admin and GM for various games is that everyone makes mistakes. While NSA ones do not matter as they are given carte blanche by the governemants corporations and cults, one mistake by an individual under the microscope will be enough. If you are ina public office, such as a judge or agency chief (like Petraeus), you do not even have to do something illegal, you will be brought down on "morality" grounds, ironically, by a spying agency. Or any number of people can be "convinced" to "come out" with rape or other allegations such as tax fraud in the other side. Unless you agree to fully "cooperate" of course.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • bsdguybsdguy Member
    edited February 2015

    @Pwner said:
    I love how you paranoid people really think encryption is going to stop the NSA. They hire people that are far more capable than you at writing and cracking encryptions far more advanced than what the average IT person uses.

    whooooah, me impressed. Yeah, right, probably nsa has aliens working for them, you know the ones that are 2 bln years ahead of us (don't worry, that's not paranoid)

    And all them professors all over the world are dumbheads, hardly capable to match the brillance of an nsa janitor. Yeah right.

    In fact, nsa is soooo powerful that mathematics just gives in and breaks. You know like the laws of physics broke on 9/11, when paper (passports) survived with hardly a scratch but fat steel beams just melted away.

    Is proper encryption properly done with adequate opsec stopping nsa? You bet!

    As for the OPs question: Funny question. windows encryption, haha. I'd recommend putting everything into an encrypted adobe pdf. Their marketing says that's damn secure.

    My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked

  • @Maounique said:
    ... compiled from sources OTHERS audited ...

    (emphasis mine)

    There you got the first problem. Just remember heartbleed.

    The situation is sad, really sad. Millions upon million of lines of code of sometimes doubtful quality, users who blindly trust authorities and pseudo or wannabe "authorities" or, worse, companies like adobe or microsoft, users who use "secret123" as password, or even none at all, users who want to just click a button, engineers who blindly mistake a credo (e.g. "open source") as replacement of solid engineering, etc.

    And a sad few who honestly and competently preach to the people - usually widely unheard.

    As a quick first aid, I'd suggest some basic guidelines:

    • do not believe in dogmas, no matter how nicely they fit your world view
    • be sure that something is properly engineered/implemented and based on proper science
    • simplicity is the angel of security, complexity its devilish enemy
    • dynamics is securities friend, static and being foreseeable is its foe
    • Think about it. Properly. Again.

    My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked

  • MaouniqueMaounique Member
    edited February 2015

    bsdguy said: users who use "secret123" as password, or even none at all, users who want to just click a button, engineers who blindly mistake a credo (e.g. "open source") as replacement of solid engineering, etc.

    Hence the "know what they are doing" part.
    Everyone makes mistakes, there is no absolute security, but, in order to be targeted, they must know who you are, hence, anonymity comes first. Stop posting on social media, unless to recommend the work of others which are anonymous, you can be among them, nobody will know if you are careful. You can make it really hard, but, ultimately, nobody is safe, this is why safety is in numbers, in cell-like organization, a completely different alias from your regular clear internet presence.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • @Hybrid said:

    I want to encrypt my windows 7 ultimate in case my laptop is lost or stolen, and I'm wondering what's the best encryption tool out there?

    Is it safe to use bitlocker, or maybe VeraCrypt?

    The threat model proposed by the OP is "lost or stolen". I assume that @Hybrid means a typical scenario where the laptop may be taken in a snatch-and-grab at a café, or a car or apartment break-in. Let us also assume that this is a theft of opportunity, not the culmination of months of careful planning in a heist scene from Mission Ridiculous. The laptop is far more likely to wind up being sold quickly on the street for drug money, rather than sequestered in a billion-dollar lab funded by a huge government bureaucracy and run by Professor Vile with several hundred 1337 h4x0rs wearing black lab coats.

    In the typical scenario, BitLocker or VeraCrypt or the other proposed solutions above will stop a casual thief. Choose a solution that encrypts the entire drive (not file-based). Choose a strong, non-guessable password. Leave the laptop shutdown (not sleep) to keep it safe when it is unwatched or being transported. That includes when it is in a backpack sitting next to you as you eat in a restaurant.

    Full disk encryption will protect your data at rest, but it will not protect you from viruses and other malware.

  • You can try truecrypt may be ?

  • TC is no longer updated and possibly confiscated.
    You should look for other ways, and disk cryptor is, IMO, the best OS solution right now for windows.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

Sign In or Register to comment.