Jump to content
IGNORED

Drive encryption (asking for a good friend)


Recommended Posts

Hi, thanks for reading this!
I am a total noob when it comes to encryption.
Are you guys using drive encryption for your Backup, NAS and PC and
which effect does it have on streaming from live machines?
Is there any particular software that does it better than others ?

Bon week-end, Tom

Link to comment

I use encryption everywhere to protect my files mostly from burglary.
Most CPU have dedicated functions for encryption (AES) making the overhead on the CPU pretty low.

On the NAS (freenas) and my backup online (Crashplan) I use the dedicated functions, on Windows I use BitLocker.

I don't use an external hard drive for backup, if I had to, I'll get one with hardware encryption and use that.

Link to comment
1 hour ago, DuckToller said:

 

Thanks for your response, which made me wondering if there is 

any reason for that other that I am a noob about disk encryption ?

It’s another layer to remember and work around. Even Microsoft backup of the OS to another drive strips the encryption.

 

For backups of music files I encrypt mainly if stolen, the drive is worthless to the thief who are not that bright to begin with.

AS Profile Equipment List        Say NO to MQA

Link to comment
5 hours ago, DuckToller said:

I am a total noob when it comes to encryption.
Are you guys using drive encryption for your Backup, NAS and PC and
which effect does it have on streaming from live machines?
Is there any particular software that does it better than others ?

 

Yes, all my drives are encrypted.

 

And as long as software uses the hardware implementation built into modern CPUs, it is super fast.

 

Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Link to comment

Thank you @Miska for your response.
Are there any known problems in interoperability between Linux and Windows operated systems regarding the encryption layer?

If I undestand correctly the encrypted state does exist usually before a system is started (it should then decrypt the hardware for the live system use and encrypt it when shutting down) and file access to a live system via SAMBA or NFS does not encounter problems?
I would assume that using HQP with on/with encrypted machines/drives would not add more demand for processing power ?
Which is the best practise for ensuring the safety (storing) for password / passphrase / keyfiles ?

It is just: Reading about these professionals who are losing their keys - passphrases for their bitcoins makes me feel sometimes rather indifferent about my own paranoia ...

Link to comment
2 hours ago, DuckToller said:

Are there any known problems in interoperability between Linux and Windows operated systems regarding the encryption layer?

 

Well, if you use the software layer like BitLocker on Windows, FileVault on macOS or LUKS on Linux, these are not compatible at all but completely OS specific solutions. Although there may be software available for Windows/macOS to read LUKS encrypted containers.

 

However, most new SSD drives and some new HDDs have built-in hardware encryption. In these cases, the password is asked by the BIOS before the OS starts booting. These are then completely transparent to the OS itself which doesn't even know about the encryption then. Many times these hardware solutions are not completely secure though, it has been possible to extract the encryption key from the hardware.

 

2 hours ago, DuckToller said:

If I undestand correctly the encrypted state does exist usually before as system is started (it should then decrypt the hardware for the live system use and encrypt it when shutting down) and file access to a live system via SAMBA or NFS does not encounter problems?

 

Yes, once the system is up and running it is transparent layer and doesn't affect SMB/NFS use or such. NFS doesn't support encryption on the network traffic, while SMB does (IIRC starting from v3 or so).

 

2 hours ago, DuckToller said:

I would assume that using HQP with on/with encrypted machines/drives would not add more demand for processing power ?

 

If you do software encryption by the OS, it does add some more processing power demand, but it is so little amount that it is not really notable since the amount of storage I/O done during playback is not high bandwidth. Since the encryption is handled by the operating system kernel using AES-NI instructions.

 

2 hours ago, DuckToller said:

Which is the best practise for ensuring the safety (storing) for password / passphrase / keyfiles ?

 

You can have a recovery key stored in some safe place, either on paper or storage media.

 

For passwords and PIN codes I can really recommend using a good and secure password manager such as F-Secure ID Protection.

 

Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...