
Ask HN: Do you encrypt your laptop's hard disk?  - nonane
I have a lot of personal and company information  on 2 of my laptops (Windows 7 and a MacBook). This includes bank account information, private keys, passwords and proprietary source code. I'm always paranoid about my laptops being physically stolen while I'm traveling or if my office is robbed. To help put my mind at ease (somewhat), I've been looking into whole-drive encryption. Incase my laptop does get stolen, I can be sure the thief does not get my data.<p>It looks like there are 2 solutions out there for Windows - TrueCrypt and Microsoft's Bitlocker. I can't use Bitlocker because my laptop doesn't have a TPM chip, which I'm told is required to encrypt the boot volume. TrueCrypt looks like the only option available right now for Windows.<p>Also, it looks OS X does not have built-in whole-drive encryption like Window's Bitlocker. Luckily TrueCrypt also has support for OS X.<p>What do you use to protect your data? Are there any pitfalls that I need to be aware of (besides loosing your password)?
======
jeremy82
As a semi-professional nude photographer I have encrypted every hard disk I
own, including my laptop's. It's part of my promise to the customers to keep
their photos really safe. I am using Ubuntu and LuKs on all my machines
because I find it very convenient to have a superb encryption mechanism built
in.

As a side note, I do all my picture editing in Gimp. While this is not commom
among professional photographers, it contributes in some ways to my landmark
style.

~~~
edanm
Is there a significant style difference between using Gimp and Photoshop? I
only know Photoshop, but I've always thought of Gimp as just program for doing
basically the same work. I wouldn't think there'd be a difference in the final
product.

~~~
RossM
The most common complaints I've seen are that Gimp isn't Photoshop - meaning
PS users who move to it dislike it due to the multi-window UI, 'wrong' key
combinations.

I actually used Gimp before PS and from my perspective the only things it
really misses are layer groups and layer styles. For PS users there is Gimp
Shop[1] which attempts to "deweirdify" the UI to something more reminiscent of
PS.

[1]: <http://gimpshop.com>

~~~
sireat
Sadly, this is the reality of OSS, layer groups were first proposed (and
accepted as a "good idea") as early as 2002, but actually are supposed to come
out in Gimp 2.8, which I think is coming out in 2011?

Meanwhile, one can run the external plugins such as this:
<http://registry.gimp.org/node/16563>

For a programmer, GIMP is fine for an occasional photo editing job. Just wish,
it could do a better job of importing Photoshop files. I know it is more of PS
fault not GIMP's, but still.

------
ENOTTY
First off, I'd like to throw Bitlocker back in the ring and tell you that boot
volume encryption is relatively unimportant for the threat model you propose,
specifically untargeted data at rest.

Boot volume encryption/verification is designed to protect you against
attackers who would replace your boot image with a one that contains a rootkit
or keylogger. This threat model requires serious forethought and planning on
the part of the attacker. He is likely targeting you or your company and he
wants to do it steathily. Under this kind of threat, you really need the
entire company to adopt an extremely high level of operational security.
(Remember your security is only as strong as the weakest link in the chain.)
Usually, this kind of paranoia is reserved for three letter agencies.

I should mention that Truecrypt doesn't protect against this threat either. At
some point, there needs to be an unencrypted bootloader, which can be
attacked. Hardware boot volume verification would verify that the bootloader
has not been modified, which is what TPM tries to do.

Unless the encryption is implemented poorly (which in Truecrypt and Bitlocker
is not) an attacker with access to your boot partition cannot attack your data
partition without additional information (like your password).

On OS X, I've heard good things about PGP Whole Disk Encryption. I don't know
if Truecrypt can handle Boot Camp (PGP WDE can), if you care about that at
all. On Linux, I use dm-crypt + luks

~~~
acqq
I don't agree with the above.

If we're talking about Windows, it's not "boot volume encryption" but the "C:
disk encryption" that you have to worry about even if the attack scenario is
data at rest. If you don't encrypt C: disk every forensic worker will
trivially recover a lot of material that you'd believe was encrypted on
another partition.

If we're talking about Linux where you configured /boot unencrypted and
everything else encrypted, only then it's about the attack scenario that
parent mentions.

~~~
ENOTTY
Bitlocker, Truecrypt, dm-crypt, PGP WDE will encrypt your data but leave
something unencrypted in order to boot from it.

I'm not advocating against "full" disk encryption. That's what I use. I just
wanted to say that the OP doesn't need boot volume verification and that
Bitlocker is sufficient for his needs.

------
all
Before you dive too far into full-disk encryption, you might want to
contemplate the consequences of this research:

<http://news.cnet.com/8301-13578_3-9876060-38.html>

The paper referenced is available at:

<http://citp.princeton.edu/pub/coldboot.pdf>

From that paper, the most salient sentence for this discussion is:

"On all of our sample DRAMs, the decay rates were low enough that an attacker
who cut power for 60 seconds would recover 99.9% of bits correctly."

The long and short is that your password has to be in RAM at some point in
order to be matched against what is typed in. RAM decays slowly after a
machine has been switched off. As the research shows, one can use a widely-
available can of air to make that decay happen even slower. In the process,
one can pull the value out of RAM.

Note that this is a hardware problem that no software on the market has been
able to address. To do so, you would have to be able to validate x against y
without having the value of y ever enter RAM.

Consequently, a reasonably good tech thief can read the password out of RAM.
For the not-so-good tech thief, using passwords and social engineering tricks
like being nice to someone and then asking them to watch your stuff for a
moment will probably do the trick. I tend to see the various implementations
of full-disk encryption as more for peace of mind and mitigation of liability
than real security.

~~~
tptacek
Remanence isn't a realistic attack in his threat model; attackers have mere
minutes to get the RAM out of his system, cool it, and siphon the data off. If
he's worried about losing the Plans to the Empire when his ship is captured,
sure. But if he leaves his bag in the back of a cab, he'll be fine.

The notion that any "reasonably good tech thief" could pull this off is also
hard to take seriously. So far as I know, there are zero (0) remanence key
extractor tools in circulation. Highly skilled attackers --- many apparently
in the employ of foreign governments --- have a hard enough time writing tools
to extract keys from _live_ memory.

~~~
all
The threat is not against the Plans to the Empire but the password for the
encryption system. That, as the video shows, can be done and without any
particular haste. As the article suggests, freezing the RAM lengthens the
decay process. The method is likely to have been known by three-letter
agencies for some time now. The good guys are seldom, if ever, ahead of the
bad guys, so it seems likely that the latter know it, too.

But, for the sake of argument, let's say that they don't crack it on the first
go. So what? The password has to be in RAM every time the machine starts.
AFAIK (and I would be pleased to be wrong about this), nobody shreds data on
the hard drive because the user gets their password wrong. So, said bad guys
can try to their heart's content.

As far as I'm concerned, it is a major hole in any argument for full-disk
encryption.

~~~
tptacek
I think you're misunderstanding both the attack and full-disk encryption. The
decryption key is _not_ in RAM every time the machine starts; you have to
enter material to derive the key at bootup. And the attacker does in fact have
minutes to recover whatever's in RAM once the machine shuts down --- which
means that if you shut your machine down before leaving the office (which you
have to do), remanence simply isn't a threat _at all_.

 _Everyone_ "shreds" their hard disk if they lose the password. That is the
point.

Also, the Plans are to the Death Star, not the whole Empire.

~~~
nonane
Rarely does one shutdown a laptop anymore. Usually people just close the lid
and the computer is put to sleep. In sleep state the contents of RAM is
preserved AFAIK and should give the attacker more time to think their plan
through.

~~~
tptacek
The rules are different when you use full-disk encryption. You shut your
machine down. PGP WDE actually prevents "sleep" from working, but regardless,
you still need to be vigilant.

~~~
rsanders
PGP WDE doesn't prevent sleep from working on my MacBook. It disables
hibernation, but that's not a security choice. It's just a limitation of the
implementation.

What you say is the right policy to maximize security, but PGP WDE doesn't
enforce it.

~~~
tptacek
You're right. Sorry, I misspoke.

------
stretchwithme
A bit off topic, but making it less likely you'll lose your laptop to begin
with is important. Here are some ideas.

Most laptop have a special slot that accepts a cable lock. I make use of it
whenever I'm in a coffee shop and have to leave the machine for more than a
moment. I loop it through bag straps and my jacket too. You want to look hard
to deal with.

Its also a good idea to make sure your laptop requires a password after
closing the lid or whatever it is that you do when you walk away from your
machine. And say hello to people around you and be helpful. They'll more
likely to watch your back.

And as always, make sure no one can see what your keying in. To that end, it
may help to use characters that are close together.

And yes, I know I'm a bit paranoid :-)

~~~
iuguy
In some cases you can use a pair of pruning shears to cut the plastic on the
kensington lock slot, then take the laptop. It's usually plastic (although
some laptops do use high tension steel these days)

~~~
edanm
I don't think anyone expects the lock to thwart a dedicated attacker. But the
most common case of laptop stealing is someone wanting a new laptop, not your
specifically. Your laptop just has to look harder to steal.

~~~
stretchwithme
exactly. You just need to change getaway time from 5 seconds to 20 and the
thief looks for an easier target. Like running from the bear a little faster
than your fellow campers.

------
abalashov
I would be much more concerned about laptop being arbitrarily seized at an
airport by customs or TSA personnel, or by law enforcement otherwise, than it
being stolen per se.

e.g.

<http://www.daniweb.com/news/story218174.html>

[http://ezinearticles.com/?Business-Travel-Tip---Avoid-
Having...](http://ezinearticles.com/?Business-Travel-Tip---Avoid-Having-Your-
Laptop-Confiscated-by-Customs&id=3969939)

[http://www.businesstravelnews.com/Business-Travel/Travel-
Man...](http://www.businesstravelnews.com/Business-Travel/Travel-
Management/Articles/ACLU-Sues-DHS-Over-Traveler-Laptop-Seizures/)

You can lose a lot to thieves, but you can lose even more to state thuggery
backed by the force of "law."

~~~
abalashov
You know, if you disagree, you can reply instead of downvoting.

~~~
gojomo
I agree with your political point, _and_ I downvoted it, because it injects an
unnecessary political element to the thread. The OP is worried about thieves
and hasn't mentioned cross-border travel. The best comments will be directly
responsive to that request, rather than inject another tangentially-related
politically-charged sentiment into the thread.

Your comment was ranking above other comments that were more helpful to the
original poster -- and was at +3 when I voted. (I wouldn't have voted your
comment down to 0 -- it wasn't inappropriate -- just less-appropriate than
other better comments lagging below it.)

I've often suggested comments should have two rating dimensions -- up-
promote/down-demote and left-agree/right-disagree -- and some people have said
the agree+demote combination would never be used. Well, I would have used it
here.

------
proexploit
I use TrueCrypt to protect my laptop. No chances in speed that I've noticed
and as far as I understand it, it's quite secure. 30+ randomly generated
password gets me in and it's a lot easier than you think to memorize and type
quickly. I always feel like I must have made a mistake but can't remember the
last time my fingers got it wrong. To me, it's kind of a no brainer. 3 extra
seconds before boot is the only thing it takes to make sure my stolen laptop
couldn't lead to stolen credit card numbers, accounts, business docs etc.

I've got no experience with Bitlocker, but I'm a huge fan of TrueCrypt.

~~~
MarkBook
+1 Truecrypt. However my fingers get the password wrong regularly, today for
instance! The reassurance it provides is very valuable, I have PCs laptop,
netbook, ext HDD, and memory sticks all encrypted as confidential client data
could be on any of them. Prior to this I used regularly get in a funk whenever
I couldn't locate a memory stick

------
fragmede
Linux - dm-crypt. If I could, I'd make full-disk encryption _mandatory_ for
all business use laptops. I work for a smaller shop, so a developer or two
usually ends up going to a trade show.

With full source and a build environment for our product on their laptop. That
makes me paranoid about loosing a laptop in the chaos of a trade show, while
our booth is surrounded by our competitors.

------
rimantas
OS X has FileVault which encrypts the home folder. I don't think I have any
personal data outside of it. But I do use TrueCrypt too.

~~~
Cockbrand
Does a TrueCrypted home directory get backed up by Time Machine? That's my
biggest woe about FileVault - your home dir only gets backed up when you're
logged out. Also, have you been able to run TrueCrypt as a non-admin user?

~~~
rimantas
I must clarify there: I use FileVault to encrypt my home directory and besides
that I keep some more sensitive data in TrueCrypt volumes.

------
sashthebash
I am using Espionage (<http://www.taoeffect.com/espionage/>) on my Mac.
Working great, I wanted to avoid whole-drive encryption for performance
reasons and only encrypt what is necessary (my work related files, pictures,
videos, etc).

------
ax0n
I don't encrypt my laptop's hard drive. Most of the files on my laptop are
mundane: Photos, music, some documents. Everything on my laptop is important
enough to back up, but not important enough that I'd care if they were
published on the Internet, far and wide, much less if some attacker happened
to get access to them. I don't store my passwords in my web browser, I don't
click the "remember me" checkboxes when logging in to web sites. There really
is nothing on my hard drive worth fretting over, and I go through great pains
to keep it that way.

For stuff I consider sensitive -- medical documents, password lists,
financials and the like, I store on a truecrypt partition of the external
drive that I use for backups. Since I use OS X most often, this drive is a
Time Machine drive, but with a chunk of space partitioned off for TrueCrypt. I
opted to use a partition because it's less obvious than a container on the
filesystem. I use TC's deniable filesystem trick as well, and padded the
"duress volume" with things like "hacking" documents that might be plausible.

I also have an old 80GB laptop hard drive, which is fully-encrypted with a
truecrypt volume, which I occasionally back up to from my primary TC volume.
This drive is stored in a secure location off-site, in the hands of a trusted
individual. They do not, however, have the passphrase to the volume.

The goal in all of this is so that I don't carry sensitive data with me. None
of the encrypted stuff is anything I could possibly need RIGHT THIS SECOND.
This means that my sensitive information is only at risk of being exposed when
I'm at home and when I actually am accessing it.

------
lovskogen
I don't encrypt a bit — I even got no login password. I've got all my stuff on
a 50GB Dropbox, so if I lose my MBP I'll just sync a new machine. Don't have
anything of particular importance on my drive: design PSDs (could be secret),
stock resources (icon packs, graphical elements), my music and a inspirational
folder.

~~~
edanm
I do the same (happy 50GB Dropbox user).

I haven't researched this, but is it possible to remotely delete a Dropbox
drive? I.e. if my laptop is stolen, to use the site to wipe the data from the
laptop? I assume it's possible.

~~~
JoachimSchipper
Not against a capable attacker (who prevents your laptop from getting on the
internet).

------
patrik
Since most of my life exists in one way or another on my hard disk, I consider
it to be an absolute must to encrypt the drives.

I’m using PGP Whole Disk Encryption
<http://www.pgp.com/products/wholediskencryption/index.html>, which works
perfectly. I prefer it over OS X’s FileVault feature since it just protects
everything and is completely transparent to the system and the user.

And, btw, I’m still hoping for a mobile OS besides BlackBerry’s that provides
a reasonable secure encryption option.

~~~
dotBen
I'm weighing up going down this route - what kind of performance hit do you
experience form using PGP WDE on your Mac? Thanks

~~~
patrik
During normal use, the performance degradation is barely noticeable, it
_feels_ like 10%–15%. Things become a bit more critical when working with
larger files or during heavy I/O.

One thing to consider, however, are SSDs. To my knowledge, encrypted data is
only written to blocks that already contain random data. You therefore might
want to look for disks whose performance does not degrade that much when free
blocks are no longer available.

------
viae
If the attack vector is petty theft the following would be more than
sufficient:

* Encrypt the user data portion of the hd.

* Password protect the bios, hard drive (if it has that capability in the bios.), and the OS accounts.

* Keep account passwords and account information in an additional password protected store (such as 1password).

* Don't save sensitive data in web browsers or other autocomplete programs.

Encrypting the whole hard drive, in my experience, is a huge pain in the ass;
particularly for disaster recovery. For non-IT department systems it's not
worth it.

------
MarcusL
I'd use Bitlocker for your Windows 7 laptop, as a previous commenter noted it
has a mode to work via a USB key inserted at boot time. In my experience it's
been fast and unobtrusive. I've never used TrueCrypt, though I've looked into
it several times and remembered thinking that it looked just as good (or
better) technically as Bitlocker, but the UI is really horrid and overly
complicated if you're looking for something that's a "no-brainer":
<http://www.truecrypt.org/screenshots>

Bitlocker Tips:

1\. You might have to enable it in your group policy (see
[http://www.sevenforums.com/tutorials/4681-bitlocker-drive-
en...](http://www.sevenforums.com/tutorials/4681-bitlocker-drive-encryption-
windows-7-drive-turn-off-no-tpm.html)) for the option to use a USB key to show
up.

2\. You'll need the USB key inserted to power on the laptop or resume from
hibernate, but not for waking it from sleep. That helps with convenience since
you won't have to use the key to unlock it from sleep.

3\. Make sure to back up the Bitlocker Recovery Key saved to the USB drive.
It's saved as a hidden file, just put it somewhere safe online in case you
lose the USB key.

4\. Don't lose the USB key along with your laptop! Since that sort of defeats
the point of encrypting the drive in the first place...

------
zmmmmm
Question: for developers out there, what is the overhead of full encryption on
your hard drive for a development laptop?

I'd love to just go the whole hog and encrypt the whole drive, but as a
developer I jealously guard performance as I feel it links directly to my
productivity. So I just have an encrypted Truecrypt volume where really
sensitive stuff goes. But I hear everyone recommending against that.

~~~
esspem
I use whole disk encryption since around 2005 and didn't have any performance
problem.

The latest Truecrypt 7.0 uses AES-NI instructions in the i5 and i7 processors,
which allegedly have 8x speed <http://www.truecrypt.org/docs/?s=hardware-
acceleration>

Go ahead and encrypt your whole drive, if there performance problems, you can
easily de-encrypt it.

------
rakkhi
Truecrypt is awesome, great performance (especially if it can use your
hardware is compatible with its optimization) and free. Really easy to use and
supports come cool features like a hidden operating system (for if you get
held and gun point and asked for your password)

You can also configure Truecrypt to work with multiboot - so if you have
Ubuntu, Chromium OS and Windows 7 for example it will still work

------
ditoa
"On computers without a compatible TPM, BitLocker can provide encryption, but
not the added security of locking keys with the TPM. In this case, the user is
required to create a startup key that is stored on a USB flash drive."

[http://windows.microsoft.com/en-US/windows-
vista/BitLocker-D...](http://windows.microsoft.com/en-US/windows-
vista/BitLocker-Drive-Encryption-Overview)

------
mark_l_watson
I just keep sensitive data on an encrypted volume and use soft links. Last
year I wrote up how I do this for OS X:
[http://markwatson.com/blog/2009/10/securing-your-mac-
laptop....](http://markwatson.com/blog/2009/10/securing-your-mac-laptop.html)
Really simple idea, works for me, and the relative amount of data I need
encrypted is small.

~~~
tptacek
Generally not a great strategy (far better than nothing, though).

It's hard to predict what data is going to end up being sensitive, and it's
hard to predict where that data is going to end up being stored. By way of
example, you haven't protected any of the session cookies stored in your
browser; another user, following your advice, could lose their Google Mail
account and then quickly thereafter the accounts of anything with an email
password reset.

If you (a) don't keep a lot of sensitive information around and (b) are
prepared to be extremely careful on a daily basis about keeping your laptop
clean, yours is a workable strategy. If, like some of us, your desktop tends
to get cluttered or your mail spool tends to grow without bound or your hard
drive tends to mysteriously fill up over the year, you're better off with
full-disk encryption.

~~~
mark_l_watson
Thank you - very good advice.

------
Zak
I started using ecryptfs on my /home partition when my last laptop got stolen.
I suspect there's some potential for leakage through /tmp and swap, but I
suspect most likely attackers aren't that sophisticated. Should I be
concerned? Are there easy ways to plug the gaps?

~~~
Wicher
Ecryptfs is a fantastic solution. If you're using the passphrase-wrapped-by-
login-password method (convenient, I think Ubuntu implements this method) then
security is not that great - because it's ultimately limited by the strength
of your login password: if an attacker gets his hands on the wrapped
passphrase, such as is the case when your laptop gets nicked, brute-force
methods will suffice.

As for /tmp and swap: those are not required to be persistent over reboots. So
you can regenerate those with a random key on every boot. <a
href="[http://paste.pocoo.org/show/260932/>Here](http://paste.pocoo.org/show/260932/>Here)
are some pointers to help you do that with dm-crypt</a> for a swap device
backed by a loopback device.

------
thibaut_barrere
Yes I do (since a few months):

\- <http://agilewebsolutions.com/knox> (one vault per client) on Mac OS X,
including all db data if any

\- <http://agilewebsolutions.com/products/1Password> for all small-sized
sensitive data (eg: production access, passwords etc), with an automated
crypted backup

I'm looking for a reliable and as seamless solution for Windows at my pace
(not a big need).

Something I'm also looking at is a way to securely erase all the free space on
Mac OS X (to remove past data), as well as something that really works to find
sensitive data (where I could define what sensitive means).

~~~
Cockbrand
There's a "securely erase free space" feature in Disk Utility, which does
crash on me when I use it though, making a reboot necessary. Otherwise, you
might simply use a one-liner like

dd if=/dev/zero of=/tmp/free_space_eater; rm /tmp/free_space_eater

This overwrites all unused space on the disk with zeroes. You'll temporarily
run out of free diskspace with either option, so it's a good idea to do this
when you're not working on your computer.

~~~
Cockbrand
Looking at it again, it's probably a good idea to extend that one-liner a
little bit by throwing in a sync command, just to make sure that all zeroes
get written to disk before deleting the fill-up file:

dd if=/dev/zero of=/tmp/free_space_eater; sync; rm /tmp/free_space_eater

------
xtho
With truecrypt you can also create file containers, which you can easily
backup as a whole by copying them to another disk. In some situations, this
has certain advantages e.g. when upgrading your hard disk. It also provides a
way to allow access only to certain parts by distributing your documents over
several containers. I use truecrypt on my netbook and haven't had any problems
with it in years and found it a convenient way to securely share files between
computers with different OSes. Truecrypt is also available for linux but
unfortunately there doesn't seem to be an ARM/android version available. On
linux, I use encryptfs though.

------
dublinclontarf
To those who use single folder encryption or recommend it you at serious risk.
Applications leak data, they write temporary files in places you never expect
etc.

Folder based encryption will not provide protection, only whole disk
encryption.

------
DEinspanjer
I don't have to worry about proprietary source code working for Mozilla, but
since I work in metrics, I have access to data that could potentially risk
user privacy if it were stolen, so I keep my laptop locked down pretty tight.

I run PGP Whole Disk Encryption and am very happy with it. I also use Super
Duper for backing up to two different external drives. One is unencrypted
which I keep in the firesafe at home, and the other is also encrypted with PGP
WDE which I take with me when traveling. That way, if my laptop were stolen, I
can pick up a new one and restore the drive to it.

------
bobds
I use Truecrypt but there's also FreeOTFE, which is supposed to be "more" open
source than TC.

I don't use whole-disk encryption but I have almost all my applications on the
encrypted partition, thanks to PortableApps (<http://portableapps.com/>). As a
bonus it's very easy to backup all my PortableApps data, as well as take
everything on an external drive and start working on a different computer
(provided it has Truecrypt).

Edit: link to FreeOTFE: <http://www.freeotfe.org/>

------
tooto
yes .. because I can. My macbook was stolen out of my flat this year and it
was a good feeling not to have to worry about the data.

don't get why you would encrypt your whole disk though. the home is all I need
encrypted.

~~~
nonane
Good point. On Windows I have my data lying around in a few places (including
a separate partition). I guess I want total peace of mind - for example, I
don't want to worry about any data lying around in the hibernation files,
crash dumps, /tmp etc.

~~~
pquerna
I use encrypted DMGs on osx, with specific folders symlinked to be inside the
DMG, for example:

    
    
      /Users/chip/work/company -> /Volumes/enc-base/work/company
      /Users/chip/.subversion -> /Volumes/enc-base/dotfiles/subversion
      /Users/chip/.ssh -> /Volumes/enc-base/dotfiles/ssh
      /Users/chip/Library -> /Volumes/enc-base/Library
      /usr/local/mysql/current/data -> /Volumes/enc-base/mysql-data
    

I don't imagine its perfect, but I know most of my important and confidential
things are encrypted.

------
rehtom
\- have to do full disk encryption \- must have a great passphrase (according
to NIST avg 8 char password has 2^18 bits of entropy, which compared to the
keyspace of a 256 bit AES key is so very small...) the strength of the
encryption is really based on the strength of the password \- must also
encrypt backups \- what if you forget your password? (say at the border when
they order you to decrypt it) \- what if the license runs out? \- if it's for
work there needs to be another key to unlock it. \- 2 factor auth would be
great.

------
shin_lao
We use Jetico Bestcrypt VE. It's extremely secure and flexible.

[http://www.jetico.com/encryption-bestcrypt-volume-
encryption...](http://www.jetico.com/encryption-bestcrypt-volume-encryption/)

You do not require a TPM chip to use BitLocker, although it's better if you
have one as the TPM makes it very difficult to tamper the boot code.

Use full volume encryption products (like BitLocker or Bestcrypt VE). There's
always useful data in temporary files and it protects against leaving a
sensitive file out of an encrypted volume.

------
math
A related tip: I use a True Crypt (file) volume to store all my personal
stuff, in particular a scanned version of everything ever sent to me in the
post (tax stuff, bank stuff). I highly recommend this practice (scanning
everything to an encrypted volume). The files stay organised - unlike my paper
records ever did. It's trivial to have a complete copy of you're personal
files at work... which can come in remarkably handy and of course it's secure
and backing up is easy (just copy the file).

------
Friedduck
Anyone who thinks that thieves want the contents of their hard drive, rather
than the machine itself has an awfully high opinion of his own self-worth.
Most thefts off that type are all about the hardware. We use whole-drive
encryption because the pain surrounding the accidental disclosure of client
data is so great. (I work for a bank.)

The biggest problem? If certain system files become corrupt you lose the whole
disk. It's not a decision to be taken lightly.

------
FernandoEscher
Since I use Ubuntu, I'm using encfs to encrypt single folders. You just have
to mount the encrypted folder into a visible how. There is a how-to:
<https://help.ubuntu.com/community/FolderEncryption>

There you can find a method to also encrypt your whole home folder. Maybe it
might work for you macbook.

------
Elite
Out of curiosity: If the FBI or NSA REALLY wanted to get the data on your hard
drive, is Truecrypt enough to keep them out?

~~~
tptacek
Regarding the NSA, "who knows", it's not worth any time to speculate. I tend
to think the answer here is "no", but not because of any fundamental problem
with the algorithms TC uses; rather, I assume there's a small battery of
implementation errors NSA can exploit that private industry hasn't yet
independently discovered.

Fortunately for our collective sanity, if it is the case that NSA has (several
times over) the moral equivalent of the "stack overflow" for cryptosystems,
there is _nothing we can do about it_ , and there's no point wanking over
alternatives that might foil them.

Regarding the FBI, "almost certainly yes", assuming you use it properly (in
particular, by using strong secrets). Consider that any vulnerability in the
crypto stack Truecrypt uses would have far too much value to be wasted on
conventional domestic law enforcement. Consider also that unlike state
secrets, domestic law enforcement uses a crypto stack that is the same or
strictly weaker than Truecrypt.

~~~
ams6110
_Regarding the FBI, "almost certainly yes"_

You need to add "assuming you are willing to go to jail" because a warrant can
compel you to disclose your password, and if you refuse you'll be jailed for
contempt of court.

~~~
jackolas
That'd be thrown out of courts as a violation of your 5th Amend. rights. At
least here in the states, in the UK crypto keys can be requisitioned with the
penalty of jail time if refused.

~~~
gojomo
I believe some rulings support that view, but others have disagreed. It might
depend on the judge/district and I don't think it's ever been considered by
the Supreme Court.

------
EvanK
Honestly, TrueCrypt will stop all but the most determined and sophisticated
criminals. So unless you have state secrets on your laptop, TC should be
sufficient. Unless they have a wrench: <http://xkcd.com/538/>

------
jarin
I keep all of my passwords encrypted in 1Password, and I have one encrypted
folder on my Mac with all of my sensitive documents in it. I didn't want to
encrypt my entire hard drive or even my entire home directory because of the
performance hit.

~~~
mpapi
I do the same thing, but in GNU/Linux, using pwsafe for passwords and dm-crypt
for disk encryption. IMO the one downside is that I have to remember to put
stuff in the right place, e.g. moving dotfiles with sensitive data into the
encrypted directory and creating a symlink back to ~.

------
dotBen
(I'm still confused - what are the good all-disk encryption options for OS X,
please?)

Thanks

------
Apreche
I simply don't keep any information on my laptop hard drive. Everything
valuable is at home or in the cloud. I assume that at any moment my laptop
hard drive will crash or be stolen.

------
marsha
[http://www.sophos.de/products/enterprise/encryption/disk-
enc...](http://www.sophos.de/products/enterprise/encryption/disk-encryption-
for-mac/)

------
BTBurke
I use encrypted LVM on linux which works great. I've used TrueCrypt in the
past and that works too, although I had some stability problems with the
software in Windows.

------
tptacek
I hear good things about TrueCrypt, but you have many more options than these
on Windows; PGP Whole Disk Encryption is another one. We use PGP WDE on our
Macs.

------
websteven
I use truecrypt for my Mac and Windows machine and share the truecrypt file
via Dropbox. Can't live without it anylonger ;-)

------
sabj
Yes, true-crypt. Not perfect (See many critiques here) but great especially
for worrying if my computer got stolen.

------
kingnothing
Nope. I use a company-provided Macbook and don't have much of anything on it
that is of any particular value to me.

------
pakhet
can't you just set your BIOS to only boot from HD and then password protect
the BIOS - password protect the hard-drive - THEN encrypt the HD. Next add a
user password and if you use Firefox have a master password and you should be
good to go...That's what I do with my netbook.

------
pizzaman
i use filevault on osx. just remember that timemachine & filevault don't play
along well. you will have to log out of your account to backup your home
directory, defeating the whole timemachine purpose. i'd recommend
crashplan.com in this case.

------
there
i use pgp whole disk encryption on my macs and softraid encrypted disks on my
openbsd laptop and backup server.

------
Ixiaus
I have an encrypted image, personally.

------
paolomaffei
Not meaning to be a jackass but realize that maybe if you downloaded (and
maybe already deleted!) that porn video with that girl that might or not might
be 18 you could be in big troubles if you don't have your full disk encrypted.

Edit: or other things that would be ok but can be used against you by law
enforcement, for example what about your collection of pirated MP3s or DivX?

Is this more acceptable than accidentally downloading porn with someone that
might look underage? (Or having looked at it because some trolled linked it to
you)

~~~
paolomaffei
Also, I remember I have read an article about some guy that had some pics of
their little childrens sometimes naked in an "innocent" way on a trip.

They had their children taken away because they went to a photo shop to have
the film developed and the clerk called the police.

~~~
gojomo
You're probably thinking of this incident:

[http://www.salon.com/life/feature/2006/07/18/photos/index.ht...](http://www.salon.com/life/feature/2006/07/18/photos/index.html)

I recall other vaguely-similar cases reported in less detail in earlier years.
The clerks may not have good judgment, and the incentives for the clerks and
many of the agencies involved are to err on the side of assuming-the-worst.

The stigma of even having been accused may make people in such a situation
unwilling to talk about it even after being cleared afterwards. After all,
many will assume law enforcement would only get involved if "the pictures
weren't so 'innocent'".

