Is encrypting the only existing partition serve same function as FDE?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Sorry for the noob question, Im a novice with this technical stuff and im trying to read the manual and understand everything as best I can but am struggling a bit with certain things.
Basically Im trying to use Veracrypt to encrypt some non system external flashdrives and hard drives that I have to carry around with me, I want to do FDE to make sure there is no pockets of uncrypted data that could possibly leak and compromise the drives. However when I try click on the drives themselves to fully encrypt them it says I can't if the drives contain partitions ( each drive has 1 partition)
I understand that if you have multiple partitions and only encrypt one then that obviously leaves some of the drive unencrypted, my question is if the drive has just one partition with no hidden partitions or any unallocated space on the drive and I encrypt it, does this serve the same function as "full disk encryption"? will it still cover the entire drive?
Any help is greatly appreciated thankyou
USB nor SSD cannot be safely encrypted if you have previously stored sensitive data on the drive.
https://www.veracrypt.fr/en/Wear-Leveling.html
For Windows systems, I recommend avoiding FDE due to when you connect the FDE encrypted drive to Windows OS, you will be prompted by Windows each time to format the drive since Windows cannot recognize the unmounted VeraCrypt encryption.
Also, sometimes during an Windows OS patch/upgrade, Windows will automatically quick format the drive if it is connected during the OS patch/upgrade process.
The VeraCrypt forum has many posts of users accidently clicking Yes when prompted by Windows to Quick format and this can result in total loss of data due to their attempts to undo the format which resulted in the total loss.
Therefore, create or expand the one partition for the entire drive if you do not need to have other partitions unencrypted on the drive.
For encrypting the system drive, if you only encrypt the system partition not FDE on an SSD then wouldn't the drive be not fully secure due to wear-leveling if parts of the drive are left unencrypted?
I also cannot fully extend the one partition on my system drive because there are 3, System reserved 549mb, my C drive and 519mb recovery partition, is the drive secure if those other 2 are unencrypted and no sensitive data on them?
For Windows systems that are UEFI, you can only encrypt the C partition due to the hidden partition that is used to boot the PC.
https://www.howtogeek.com/56958/htg-explains-how-uefi-will-replace-the-bios/
Another issue I seen reported on the now defunct CodePlex for VeraCrypt website, in cases where the PC does not use UEFI and still uses MBR format, you could system encrypt all the partitions on the system drive. For example, the C partition with OS and the D partition for data at the same time during the system encryption.
However, if something happens to the C partition or the bootloader which forces you to use the VeraCrypt Rescue Disk, you can only decrypt/access the C partition which leaves the D partition inaccessible.
Hence, I would recommend only encrypt the C or OS partition, and separately encrypt the D partition.
For SSD, you want to encrypt the SSD drive when it is brand new after you have installed the OS but before you copy sensitive data onto the SSD system drive.
Thankyou for your reply!
Yes I did come across something that did mention the wear leveling, and also windows asking to initialize encrypted drives.
So if I have brand new USB and SSD drives with just the one partition and encrypt it, is that the same coverage as FDE? thats the bit im most confused about
Yes.