Menu
homeAndroid

Alternatives to TrueCrypt. Programs for encrypting individual files or entire disks. How to reliably protect files on a flash drive or external hard drive

A hard drive is a popular modern device that allows you to expand your computer's memory without opening the system unit. Modern external hard drives can fit into any handbag, which means you can always have large amounts of information at hand. If you store confidential information on your hard drive, then the best way to protect it is to set a password.
A password is a universal means of protecting information, which is a key that can consist of any number of letters, numbers and symbols. If the user enters the password incorrectly, then, accordingly, access to the data stored on the external hard drive cannot be obtained.

How to set a password on an external hard drive?

We have already covered this on our website before. Moreover, the question of the correct one was also considered. Below we will talk about how to apply a password for this device.

Setting a password using built-in Windows tools

Setting a password in this case is used successfully both for regular USB drives and external hard drives, which have large amounts of disk space. The main advantage of this method is that you do not need to download and install third-party programs.

Connect your external hard drive to your computer, and then open Windows Explorer. Specifically, we are interested in the “This Computer” section, which displays all connected drives to the computer. Right-click on the external hard drive and in the context menu that appears, go to "Enable BitLocker" .

The utility will start launching on the screen. After a moment, a window will appear on the screen in which you will need to check the box “Use a password to unlock the disk” , and in the lines below specify the new password twice. Click the button "Further" .

Next, you will be asked to choose the option of saving a special recovery key. You have three options to choose from: save to your Microsoft account, save to a file on your computer, or immediately print the key on a printer. In our opinion, the second option is the most preferable, since you can upload this file, for example, to the cloud, and at any time, if the password for the external hard drive is forgotten, open it.

The next setting item asks you to configure data encryption. You can either select to encrypt only the occupied space on the disk, or encrypt the entire disk.

Please note that if you choose to encrypt the entire disk, you need to be prepared for the fact that the encryption process may take many hours. Therefore, if you do not have a lot of time, and you intend to open the hard drive on modern computers, we recommend choosing the first encryption option.

The final setup step is to select an encryption mode from two available: new encryption mode and compatibility mode. Considering that we are working with an external hard drive, check the option "Compatibility Mode" , and then move on.

Actually, this completes the BitLocker setup process. To start the password process, all you have to do is click the button "Start encryption" and wait for the process to complete.


If, after encryption is complete, we open Windows Explorer in the “This PC” section, our external hard drive will be listed with a lock icon. An open icon with a lock indicates that access to the data has been obtained, and a closed icon, as shown in the screenshot below, indicates that a password is required.

Having opened the disk twice, a miniature window will appear on the screen in which the user will be asked to enter the password for the connected external hard drive.

Setting a password using archiving

Many users do not trust the data encryption process because this way you cannot access the entire drive. Therefore, we will use this method in a slightly different way - we will place the information saved on an external hard drive in an archive without compression, i.e. An external hard drive, if necessary, can be used without a password, but to access the information stored in it, you will need to enter a security key.

To set a password using archiving information, you will need almost any archiver program. In our case, we will use the popular tool WinRAR , which you can download from the link given at the end of the article.

As soon as the archiver program is installed on your computer, open the contents of the external hard drive, select it with a simple keyboard shortcut Ctrl + A, or select certain folders and files in case you need to hide not all information on the external hard drive under a password. After that, right-click on the selection and select the item in the context menu that appears "Add to archive" .

A window will appear on the screen in which you will need in the block "Compression method" select option "Without compression" , and then click the button "Set password" .

In the window that appears, you will need to enter a password of any length twice. Below, if necessary, you can activate encryption of the data contained in the archive (without activating this item, the names of folders and files will be visible, but access to them will be limited).

When the creation of the archive is completed, the root folder of the hard drive, in addition to the files, will also contain the archive you created. Now files on the disk, except the archive, can be deleted.

When you try to open the archive, a window will appear on the screen asking you to enter a password. Until the archive password is received, access to information will be limited.

What's the result?

The most effective way to store confidential information is to use the standard BitLocker tool. This is a wonderful utility, which, perhaps, cannot be found with analogs that are superior in quality. The second method, which involves using an archiver, can be considered the most preferable, since it does not restrict access to the external hard drive, but only to the information that you want to password-protect.

Of course, there are still a lot of information encrypting programs, but we did not focus on them, since the two methods described in the article are the most optimal for most users.

Security and privacy are very important for those who store important data on a computer. Your home computer is safe, but with a laptop or other portable devices, the situation is very different. If you carry your laptop with you almost everywhere and unauthorized persons may have access to it, the question arises - how to protect your data from other people's interference. Precisely from physical attacks, where anyone can try to get data from a USB drive or laptop hard drive by simply taking the device or, in the case of a laptop, pulling out the hard drive and connecting it to another operating system.

Many businesses and even ordinary users use disk encryption in Linux to protect confidential information such as client information, files, contact information and much more. The Linux operating system supports several cryptographic methods to protect partitions, individual directories, or the entire hard drive. All data in any of these methods is automatically encrypted and decrypted on the fly.

File system level encryption:

  • 1.eCryptfs is a Linux cryptographic file system. It stores cryptographic metadata for each file in a separate file so that files can be copied between computers. The file will be successfully decrypted if you have the key. This solution is widely used to implement an encrypted home directory, for example in Ubuntu. ChromeOS also transparently embeds these algorithms when using network attached storage (NAS) devices.
  • 2.EncFS- provides an encrypted file system in user space. It runs without any additional privileges and uses the fuse library and kernel module to provide a filesystem interface. EncFS is free software and is licensed under the GPL.

Device-level block encryption:

  • Loop-AES- a fast and transparent file system, as well as a package for encrypting the swap partition in Linux. The source code of the program has not been changed for a long time. It works with kernels 4.x, 3.x, 2.2, 2.0.
  • TrueCrypt is a free and open source solution for disk encryption on Windows 7/Vista/XP/Mac OS X operating systems as well as Linux.
  • dm-crypt+LUKS- dm-crypt is a transparent subsystem for disk encryption in kernel 2.6 and later. Encryption of entire disks, removable media, partitions, RAID volumes, software, logical volumes and files is supported.

In this tutorial, we will look at encrypting a hard drive on Linux using the Linux Unified Key Setup-on-disk-format (LUKS) algorithm.

How does LUKS work?

LUKS (Linux Unified Key Setup is a block device encryption protocol. But we have jumped far ahead, to understand how it works, we need to understand other technologies used in this method.

To perform Linux disk encryption, the dm-crypt kernel module is used. This module allows you to create a virtual block device in the /dev/mapper directory with encryption transparent to the file system and the user. In fact, all data is located on an encrypted physical partition. If a user tries to write data to a virtual device, it is encrypted on the fly and written to disk; when reading from a virtual device, the reverse operation is performed - the data is decrypted from the physical disk and transmitted in clear text through the virtual disk to the user. Typically, AES is used for encryption because most modern processors are optimized for it. It is important to note that you can encrypt not only partitions and disks, but also regular files by creating a file system in them and connecting them as a loop device.

The LUKS algorithm determines what actions and in what order will be performed when working with encrypted media. To work with LUKS and the dm-crypt module, use the Cryptsetup utility. We will consider this further.

Cryptsetup utility

The Cryptsetup utility will make it easier to encrypt a Linux partition using the dm-crypt module. Let's install it first.

On Debian or Ubuntu, use this command:

apt-get install cryptsetup

On Red Hat based distributions it will look like this:

yum install cryptsetup-luks

The syntax for running the command is:

$ cryptsetup options operation options_operations

Let's look at the basic operations that can be done using this utility:

  • luksFormat- create an encrypted partition luks linux
  • luksOpen- connect a virtual device (dongle required)
  • luksClose- close the luks linux virtual device
  • luksAddKey- add encryption key
  • luksRemoveKey- delete the encryption key
  • luksUUID- show partition UUID
  • luksDump- create a backup copy of LUKS headers

The parameters of the operation depend on the operation itself, usually it is either a physical device with which the action needs to be performed, or a virtual one, or both. Not everything is clear yet, but with practice, I think you will figure it out.

Linux disk encryption

The theory has been completed, all the tools are ready. Now let's look at encryption of the linux partition. Let's move on to setting up the hard drive. Please note that this will delete all data from the drive or partition you are about to encrypt. So if there is important data there, it is better to copy it to a more secure location.

Creating a section

In this example, we'll encrypt the /dev/sda6 partition, but you can use an entire hard drive instead, or just a single file filled with zeros. Create an encrypted partition:

cryptsetup -y -v luksFormat /dev/sda6

WARNING!
========
This will overwrite data on /dev/sda6 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.

This command will initialize the partition and set the initialization key and password. Specify a password so that you don’t forget it later.

Run the following command to open the newly created partition using the dm-crypt module in /dev/mapper, to do this you will need to enter the password with which the luks linux encryption was performed:

Enter passphrase for /dev/sda6

Now you can see the new virtual device /dev/mapper/backup2 created using the luksFormat command:

ls -l /dev/mapper/backup2

To view the device status, run:

cryptsetup -v status backup2

/dev/mapper/backup2 is active.
type: LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda6
offset: 4096 sectors
size: 419426304 sectors
mode: read/write
Command successful.

And with the following command you can make a backup copy of the LUKS headers just in case:

cryptsetup luksDump /dev/sda6

Well, we can say the section is ready. And the best part is that you can now use it just like any other regular partition in the /dev directory. You can format it using standard utilities, write data to it, change or check the file system, etc. You cannot just change the size. That is, everything is completely transparent, as stated at the beginning of the article.

Formatting a partition

Let's first format the disk. To be safe, in order to erase all the data that was in this place before, we will overwrite our encrypted linux partition with zeros. This will reduce the likelihood of breaking the encryption by increasing the amount of random information. To do this, run:

dd if=/dev/zero of=/dev/mapper/backup2

The utility may take several hours to run; to be able to monitor the process, use pv:

pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M

When the process is completed, we can format the device to any file system. For example, let's format it in ext4:

mkfs.ext4 /dev/mapper/backup2

As you can see, all cryptsetup commands are applied to the physical partition, while the rest of the commands for working with disks are applied to our virtual one.

Mounting a partition

Now you can mount only the created file system:

$ mount /dev/mapper/backup2 /backup2

Disabling a partition

Everything works, but how to disable the device and protect the data. To do this, run:

cryptsetup luksClose backup2

Remounting

To be able to work with an encrypted partition again using LUKS Linux, you need to open it again:

cryptsetup luksOpen /dev/sda6 backup2

Now we can mount:

mount /dev/mapper/backup2 /backup2

Check file system luks

Since after opening a partition with luks linux, this partition is treated by the system like all others, you can simply use the fsck utility:

sudo umount /backup2

$ fsck -vy /dev/mapper/backup2

$ mount /dev/mapper/backup2 /backu2

Change luks passphrase

Linux disk encryption is performed with a specific passphrase, but you can change it. Even better, you can create up to eight different passphrases. To change, run the following commands. First let's backup the LUKS headers:

cryptsetup luksDump /dev/sda6

Then create a new key:

cryptsetup luksAddKey /dev/sda6

Enter any passphrase:

Enter new passphrase for key slot:
Verify passphrase:

And delete the old one:

cryptsetup luksRemoveKey /dev/sda6

Now you will have to enter the old password.

conclusions

That's all, now you know how to encrypt a partition in Linux, and you also understand how it all works. In addition, disk encryption in Linux using the LUKS algorithm opens up wide possibilities for complete encryption of the installed system.

Pros:

  • LUKS encrypts the entire block device and is therefore very well suited for protecting the contents of portable devices such as mobile phones, removable media or laptop hard drives.
  • You can use NAS on servers to protect your backups
  • Intel and AMD processors with AES-NI (Advanced Encryption Standard) have a set of commands that can speed up the dm-crypt-based encryption process in the Linux kernel since 2.6.32.
  • Works also with the swap partition, so your laptop can use the sleep mode or hibernation function completely safely.

Open source has been popular for 10 years due to its independence from major vendors. The creators of the program are publicly unknown. Among the most famous users of the program are Edward Snowden and security expert Bruce Schneier. The utility allows you to turn a flash drive or hard drive into a secure encrypted storage in which confidential information is hidden from prying eyes.

The mysterious developers of the utility announced the closure of the project on Wednesday, May 28, explaining that using TrueCrypt is unsafe. "WARNING: It is not safe to use TrueCrypt because... the program may contain unresolved vulnerabilities” - this message can be seen on the product page on the SourceForge portal. This is followed by another message: “You must migrate all data encrypted with TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

Independent security expert Graham Cluley quite logically commented on the current situation: “It is time to find an alternative solution for encrypting files and hard drives.”

I'm not kidding!

Initially, there were suggestions that the program's website was hacked by cybercriminals, but now it is becoming clear that this is not a hoax. SourceForge now offers an updated version of TrueCrypt (which is digitally signed by the developers), which prompts you to upgrade to BitLocker or another alternative tool during installation.

John Hopkins University cryptography professor Matthew Green said: "It is highly unlikely that an unknown hacker identified the developers of TrueCrypt, stole their digital signature and hacked their website."

What to use now?

The site and a pop-up alert in the program itself contain instructions for transferring TrueCrypt-encrypted files to Microsoft's BitLocker service, which comes with Microsoft Vista Ultimate/Enterprise, Windows 7 Ultimate/Enterprise, and Windows 8 Pro/Enterprise. TrueCrypt 7.2 allows you to decrypt files, but does not allow you to create new encrypted partitions.

The most obvious alternative to the program is BitLocker, but there are other options. Schneier shared that he is returning to using PGPDisk from Symantec. ($110 per user license) uses the well-known and proven PGP encryption method.

There are other free alternatives for Windows, such as DiskCryptor. Computer security researcher known as The Grugq wrote a whole last year that is still relevant today.

Johannes Ulrich, scientific director of the SANS Institute of Technology, recommends that Mac OS X users pay attention to FileVault 2, which is built into OS X 10.7 (Lion) and later operating systems of this family. FileVault uses 128-bit XTS-AES encryption, which is used by the US National Security Agency (NSA). According to Ulrich, Linux users should stick to the built-in Linux Unified Key Setup (LUKS) system tool. If you use Ubuntu, then the installer of this OS already allows you to enable full disk encryption from the very beginning.

However, users will need other applications to encrypt portable media that are used on computers running different OSes. Ulrich said that what comes to mind in this case is .

The German company Steganos offers to use the old version of its encryption utility Steganos Safe (the current version is 15, but it is proposed to use version 14), which is distributed free of charge.

Unknown vulnerabilities

The fact that TrueCrypt may have security vulnerabilities is a serious concern, especially since an audit of the program did not reveal such problems. Users of the program have raised $70,000 for the audit following rumors that the US National Security Agency could decode significant amounts of encrypted data. The first stage of the study, which analyzed the TrueCrypt loader, was carried out last month. The audit did not reveal any backdoors or intentional vulnerabilities. The next phase of the study, which would test the cryptography methods used, was planned for this summer.

Green was one of the experts involved in the audit. He said that he did not have any preliminary information that the developers were planning to close the project. Green said: “The last I heard from the developers of TrueCrypt was: “We are looking forward to the results of the phase 2 trial. Thank you for your efforts!” It should be noted that the audit will continue as planned, despite the shutdown of the TrueCrypt project.

Perhaps the creators of the program decided to suspend development because the utility is outdated. Development stopped on May 5, 2014, i.e. after the official end of support for Windows XP. SoundForge mentions: “Windows 8/7/Vista and later systems have built-in tools for encrypting disks and virtual disk images.” Thus, data encryption is built into many operating systems, and developers may have found the program no longer needed.

To add fuel to the fire, on May 19, TrueCrypt was removed from the Tails secure system (Snowden’s favorite system). The reason is not entirely clear, but the program clearly should not be used, Cluley noted.

Cluley also wrote: "Whether it's a scam, a hack, or the logical end of TrueCrypt's lifecycle, it's clear that conscientious users won't feel comfortable trusting the program with their data after this fiasco."

Found a typo? Press Ctrl + Enter

Launch the encryption tool on Windows by searching for "BitLocker" and selecting "Manage BitLocker." In the next window, you can enable encryption by clicking on “Enable BitLocker” next to the hard drive (if an error message appears, read the section “Using BitLocker without a TPM”).

You can now choose whether you want to use a USB flash drive or a password when unlocking an encrypted drive. Regardless of the option you choose, you will need to save or print the recovery key during the setup process. You'll need it if you forget your password or lose your flash drive.

Using BitLocker without TPM

Setting up BitLocker.
BitLocker also works without a TPM chip - although this requires some configuration in the Local Group Policy Editor.

If your computer does not have a TPM (Trusted Platform Module) chip, you may need to make some adjustments to enable BitLocker. In the Windows search bar, type "Edit Group Policy" and open the "Local Group Policy Editor" section. Now open in the left column of the editor “Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Operating system disks”, and in the right column, check the entry “Required additional authentication at startup”.

Then, in the middle column, click on the “Edit Policy Setting” link. Check the box next to “Enable” and check the box next to “Allow BitLocker without a compatible TPM” below. After clicking on "Apply" and "OK", you can use BitLocker as described above.

Alternative in the form of VeraCrypt

To encrypt the system partition or entire hard drive using TrueCrypt's successor, VeraCrypt, select "Create Volume" from the VeraCrypt main menu, and then select "Encrypt the system partition or entire system drive." To encrypt the entire hard drive along with the Windows partition, select “Encrypt the whole drive”, then follow the step-by-step setup instructions. Note: VeraCrypt creates a rescue disk in case you forget your password. So you will need a blank CD.

Once you've encrypted your drive, you'll need to specify PIM (Personal Iterations Multiplier) after your password when you boot up. If you did not install PIM during setup, just press Enter.

With CyberSafe, you can encrypt more than just individual files. The program allows you to encrypt an entire hard drive partition or an entire external drive (for example, a USB drive or flash drive). This article will show you how to encrypt and hide an encrypted partition of your hard drive from prying eyes.

Spies, paranoids and ordinary users

Who will benefit from the ability to encrypt partitions? Let's discard spies and paranoids right away. There are not so many of the former, and their need for data encryption is purely professional. The second one just wants to encrypt something, hide it, etc. Although there is no real threat and the encrypted data is of no interest to anyone, they encrypt it anyway. That is why we are interested in ordinary users, of whom, I hope, there will be more than paranoid spies.
A typical partition encryption scenario is when a computer is shared. There are two options for using the CyberSafe program: either each of the users working at the computer creates a virtual disk, or each one allocates a partition on the hard drive for storing personal files and encrypts it. It has already been written about creating virtual disks, but in this article we will talk specifically about encrypting the entire partition.
Let's say there is a 500 GB hard drive and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to limit one user's access to another user's files, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
Therefore, the hard drive disk space can be divided as follows:
  • Approximately 200 GB - shared partition. This partition will also be the system partition. It will install the operating system, the program and store common files of all three users.
  • Three sections of ~100 GB each - I think 100 GB is enough to store each user’s personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the password to access the encrypted section. In this case, the administrator, no matter how much he or she wishes, will not be able to decrypt another user’s partition and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will only be able to gain access if he tricks the user into giving him his password. But I think this will not happen, so encrypting the partition is a much more effective measure than differentiating access rights using NTFS.

Partition encryption vs encrypted virtual disks

What is better - encrypting partitions or using encrypted virtual disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.
What is a virtual disk? Look at it as an archive with a password and a compression ratio of 0. Only the files inside this archive are encrypted much more securely than in a regular archive. A virtual disk is stored on your hard drive as a file. In the CyberSafe program, you need to open and mount the virtual disk and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if the size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a flash drive or external hard drive. You won't be able to do this with an encrypted partition. You can also hide the virtual disk file.
Of course, if necessary, you can create an image of the encrypted disk - in case you want to back it up or move it to another computer. But that's a different story. If you have a similar need, I recommend the Clonezilla program - it is already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complex undertaking than transferring a virtual disk. If there is such a need, then it is easier to use virtual disks.
With partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which method should I choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents is quite large.
But there are situations when using the entire section is impossible or makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. There is no point in encrypting the entire partition if the size of the documents (files) you need to encrypt is small - a few gigabytes. I think we’ve sorted this out, so it’s time to talk about which partitions (disks) can be encrypted.

Supported drive types

You can encrypt the following types of media:
  • Hard drive partitions formatted in FAT, FAT32 and NTFS file systems.
  • Flash drives, external USB drives, with the exception of drives representing mobile phones, digital cameras and audio players.
Cannot encrypt:
  • CD/DVD-RW disks, floppy disks
  • Dynamic disks
  • System drive (from which Windows boots)
Starting with Windows XP, Windows supports dynamic disks. Dynamic disks allow you to combine several physical hard drives (analogous to LVM in Windows). It is impossible to encrypt such disks with the program.

Features of working with an encrypted disk

Let's imagine that you have already encrypted a hard drive partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk that you specified when encrypting it. After working with an encrypted disk, you must immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.
In other words, encryption only protects your files when the encrypted partition is unmounted. Once the partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive and the files will not be encrypted. So when you are working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a short time! Once you have unmounted the encrypted drive, your files will be securely protected.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on the capabilities of your computer, but the system will remain operational and you will just have to wait a little longer than usual (especially when you copy large files to an encrypted partition).

Getting ready for encryption

The first thing you need to do is get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and you want to encrypt a partition that already has files, then encryption will take some time. If the power goes out during this time, you are guaranteed to lose data. Therefore, if you don’t have a UPS that can withstand several hours of battery life, I recommend doing the following:
  • Back up your data, for example on an external hard drive. Then you will have to get rid of this copy (it is advisable to wipe the free space with a utility like Piriform after deleting data from an unencrypted disk so that it is impossible to recover deleted files), since if it is present, there is no point in having an encrypted copy of the data.
  • You will transfer data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don’t need to format it separately - CyberSafe will do it for you, but more on that later.

If you have a laptop and are ready to continue without creating a backup copy of your data (I would recommend doing one just in case), be sure to check the disk for errors, at least with a standard Windows utility. Only after this you need to start encrypting the partition/disk.

Partition encryption: practice

So, theory without practice is meaningless, so let's start encrypting the partition/disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).


Rice. 1. List of partitions/disks of your computer

Select the partition you want to encrypt. If the button Create will be inactive, then this partition cannot be encrypted. For example, this could be a system partition or a dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next a window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when mounting it. When entering your password, check the case of characters (so that the Caps Lock key is not pressed) and the layout. If there is no one behind you, you can turn on the switch Show password.


Rice. 2. Crypto Disk

From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but in government organizations it is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to save it, turn on the switch. Please note that in this case the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, on an external hard drive, then you will still have to copy them to the encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the Enable radio button Save file structure and data, otherwise you will lose all your data.
Other parameters in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and quick formatting will be performed into the NTFS file system. To start encryption, click the button Accept. The progress of the encryption process will be displayed in the main program window.


Rice. 3. Progress of the encryption process

Once the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means your drive has been encrypted and hidden - it won't show up in Explorer and other high-level file managers, but partition table programs will see it. There is no need to hope that since the disk is hidden, no one will find it. All disks hidden by the program will be displayed in the snap-in Disk management(see Fig. 5) and other programs for disk partitioning. Please note that in this snap-in, the encrypted partition is displayed as a partition with a RAW file system, that is, without a file system at all. This is normal - after encrypting a partition, Windows cannot determine its type. However, hiding a partition is necessary for completely different reasons, and then you will understand exactly why.


Rice. 4. Disk status: encrypted, hidden. Partition E: not visible in Explorer


Rice. 5. Disk Management snap-in

Now let's mount the partition. Select it and click the button Resurrection to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize its file system type, it will offer to format it (Fig. 6). This should not be done under any circumstances, since you will lose all data. This is why the program hides encrypted drives - after all, if you are not the only one working on the computer, another user can format a supposedly unreadable partition of the disk.


Rice. 6. Suggestion to format the encrypted partition

Of course, we refuse formatting and press the button Montirov. in the main CyberSafe program window. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).


Rice. 7. Selecting a drive letter

After this, the program will ask you to enter the password necessary to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the area Connected decrypted devices(Fig. 9).


Rice. 8. Password for decrypting the partition


Rice. 9. Connected decrypted devices

After this, you can work with the decrypted disk as with a regular one. In Explorer, only drive Z: will be displayed - this is the letter I assigned to the decrypted drive. The encrypted E: drive will not be displayed.


Rice. 10. Explorer - viewing computer disks

Now you can open the mounted disk and copy all the secret files to it (just don’t forget to delete them from the original source and wipe out the free space on it).
When you need to finish working with our section, then or click the button Dismantler., and then the button Hide or simply close the CyberSafe window. As for me, it’s easier to close the program window. It is clear that you do not need to close the program window during the operation of copying/moving files. Nothing terrible or irreparable will happen, just some of the files will not be copied to your encrypted disk.

About performance

It is clear that the performance of an encrypted disk will be lower than that of a regular one. But how much? In Fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in Fig. 11 - approximately at the level of 1.3 MB/s. This means that 1 GB of small files will be copied in approximately 787 seconds, that is, 13 minutes. If you copy the same folder to an unencrypted partition, the speed will be approximately 1.9 MB/s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB/s, but very few files were copied at this speed, so we believe that the speed was 1.9 MB/s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds or almost 9 minutes.


Rice. 11. Speed ​​of copying small files from an unencrypted partition to an encrypted one


Rice. 12. Speed ​​of copying small files between two unencrypted partitions

As for large files, you won't feel any difference. In Fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in Fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one and it was 11.1 MB/s. The difference is small and is within the error limit (the speed still changes slightly as the copy operation progresses). Just for fun, I’ll tell you the speed of copying the same file from a flash drive (not USB 3.0) to a hard drive - about 8 MB/s (there is no screenshot, but trust me).


Rice. 13. Large file copying speed


Rice. 14. Speed ​​of copying a large file to an encrypted partition

This test isn't entirely accurate, but it can still give you some idea of ​​performance.
That's all. I also recommend that you read the article