Some questions for community !

[boghita]

Hello, I have two questions for this wonderful community, the first would be: if I can password protect an entire disk without encrypting it, I tried to password protect an HDD but encrypting the data takes around 12 hours, a bit too much for my time
The second question would be, if in the end I put a password on the entire HDD and encrypt it, if someone comes and takes or steals my HDD and installs it in another PC, can they read the data on it? without installing DiskCryptor, without knowing the password, thank you for any answer

 

[bastik-1001]

I don't use nor do I develop the software.

1) My understanding is that the encryption part is the protecting part. Something that can read the disk, especially with raw access, would be able to read its contents, even if the header would not be accessible, if it is not encrypted. If something made it unreadable and just give access when a password is entered, the data still could be recovered.

2) No, they will be able to tell that they can't access the data, and they can probably tell that it is either encrypted or filled with random data. To access the data, they would need DiskCryptor (or some compatible software, which there should be none) and know the password. They could brute-force the password or try common passwords, so the password should not be too short and/or too simple.

 

[Binarus]

In general, @bastik-1001 is completely right as far as it concerns the theory; I can't add anything to it. Except that it is the whole purpose of the FDE (full drive encryption) to make the drive unusable for *anybody* who does not know the passphrase.

But the matter in practice is complex. The encryption algorithm that DiskCryptor uses by default is AES256 in a certain mode. This algorithm is very well investigated and is considered safe among experts if implemented the right way. This means that nobody will be able to break it by mathematical methods or brute force. The algorithm at the time being is also considered resistant against quantum computer attacks.

There is a constant race between adversaries who try to break encryption and people who try to make encryption unbreakable. To be absolutely sure, you need to monitor the progress of both parties and read respective articles from time to time. Personally, I believe that AES256 will be still safe in five years, but I am not a prophet.

You can make an attacker's job harder by combining AES with the two other encryption algorithms DiskCryptor offers. But even then, if your life depends on that encryption, you should keep yourself informed about the state of the art.

What I am trying to say is: Basically, you have asked if somebody else can read your encrypted data without knowing the password. The answer is no in theory, but if the encryption algorithm contains weaknesses that are currently unknown, if new specialized encryption-breaking devices are developed, or if the algorithm is used the wrong way, the answer is yes.

Having said this, I consider BoxCryptor being very safe and (at the time being) unbreakable for adversaries of any size, unless you use a ridiculous password. My personal advice is to use a password of at least 20 characters, including digits, small and capital letters and special characters.

This also means that you will lose access to your data if you forget your password. Please note that absolutely nobody can help you in this case, including DiskCryptor's developers. There is no backdoor and no other trick that can give your data back to you in case you don't have your password any more.

As a final remark, one of the most critical parts in regards to safety is the method which is used to derive the encryption key from the password. In case of DiskCryptor, I currently don't know which algorithms and parameters are used, but I have just posted a question about it here in the forum.

Actually, I am planning to switch from VeraCrypt to DiskCryptor to fully encrypt my drives; this is due to VeraCrypt's catastrophic performance problems with NVMe SSDs. But if I really make the switch depends on whether and how timely that question gets answered.