Best way to encrypt external hard drive backup (USB 4TB)

[Rikki]

Hey there,

Just wondering what the best option is to encrypt an external hard drive to be used for backup and storing off site at a friends home.

Im using Win 7 at the moment and would have probably looked to Truecrypt but with them going dark a year ago and tales of Windows 8 problems Im not sure thats the best idea to trust my backups to.

Any thoughts on this one folks?

Thanks

 

[Liger88]

Are we talking whole disk encryption? BitLocker is built into Windows and would probably be the safer logical application despite peoples mistrust of Microsoft. They are a multi-national organization so I highly doubt they're going to backdoor a software now used by enterprises worldwide.

Currently what I use is FreeOTFE (discontinued), but TrueCrypt is more modern and will do FDE (limited) if needed and encrypted volumes/containers. I just create a container that nearly maxes the disk size and then mount and unmount it. Takes seconds once its created and you don't have that fear that FDE can sometimes bring.

 

[devman]

I use LUKS for all my external drives, works like a charm. Apparently DoxBox (GitHub) can be used to create and mount LUKS partitions from Windows. DoxBox is a fork of FreeOTFE.

I've never actually used DoxBox so YMMV. If you get try it, please post back.

I use LUKS for your exact use case. I keep an encrypted drive with a backup of my files in a desk drawer at work. Every few weeks I'll bring it home, run an rsync, and then return it to the desk drawer.

 

[smangular]

Truecrypt alternatives include two freeware projects based on the TrueCrypt code, VeraCrypt and CipherShed.
Agreed BitLocker is solid but make your recovery keys and test the process so you understand it.
VeraCrypt is a successor to TrueCrypt as another option.

Security improvements[edit]
According to its developers, VeraCrypt has made several security improvements over TrueCrypt.

While TrueCrypt uses 1000 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, VeraCrypt uses 327,661 iterations. For standard containers and other partitions, VeraCrypt uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. "Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt".[5]

A vulnerability in the bootloader was fixed on Windows and various optimizations were made as well. The developers added support for SHA-256 to the system boot encryption option and also fixed a ShellExecute security issue. Linux and Mac OS X users benefit from support for hard drives with sector sizes larger than 512. Linux also received support for the NTFS formatting of volumes.

http://en.wikipedia.org/wiki/VeraCrypt

Is this a one time static cold backup or are you rotating 2 or more drives by physical swap? If remotely updating things became much more complex and harder to do securely.

 

[shanester]

I have used PGP whole disk encryption/Symantec Endpoint Encryption for years without incident.

 

[TCM2]

They are a multi-national organization so I highly doubt they're going to backdoor a software now used by enterprises worldwide.

HAHAHAHA.

 

[Liger88]

HAHAHAHA.

Anything is possible I guess. Microsoft has made no intention to hide the fact they have worked with the NSA since the mid-90's for the purposes of "securing the worlds most used operating system". I mean you might as well say everything from their SSL to PRNG implementation is broken if we take the hardline path.

They aren't even a major player in the crypto game. In fact if you consider them broken you have to consider every single crypto software out there to have a backdoor that's not open source and sold for profit. Symantec is easily on their level. Also MS makes the source code available to organizations to peer review so long as they sign an NDA.

 

[smangular]

I have used PGP whole disk encryption/Symantec Endpoint Encryption for years without incident.

PGP is also a good product. I also used it although years ago on Windows 2k.

 

[Spokane9]

PGP

 

[Gomar]

I encrypt files on my HDD first, then copy them to external HDD or USB or DVDs. I've been using Winrar for years with no problems.

Winrar creates exe files, RAR archives are encrypted by AES-128 standard. It also compresses files better than Winzip.
Also, KGB aint bad either.