Should I encrypt the drives on my home PC?
January 12, 2017 6:42 PM   Subscribe

I'm worried about the possibility that my tower PC might get stolen during a burglary, and then the bad guys will have access to all my data. I'm thinking of using Windows BitLocker to encrypt all four of my hard drives, but I don't know if it'll work with my backup system.

I use Backblaze to backup my data. I contacted their tech support about a year ago to ask if I can use BitLocker with their system. The response I received was, "At this time, EFS/Bitlocker can not be backed up to Backblaze".

I wanted a second opinion, so I resubmitted the question recently. This time I got a different response: "So long as Bitlocker is configured in such a way that the SYSTEM user still has read access to the data, yes it will be backed up."

I don't know what this answer means. Can anyone elaborate on this? Are there any other reasons why I might not want to encrypt my drives with BitLocker? Is there a better way to protect my data in case of a theft?
posted by akk2014 to Computers & Internet (4 answers total) 3 users marked this as a favorite
I think the first response meant that you can't back up the *encrypted* version of the drive. As I understand, Backblaze will reencrypt the decrypted Bitlocker files with their crypto, then upload to their service.

Maybe get your feet wet with an external encrypted drive or one of your hard drives and see how it goes.
posted by RobotVoodooPower at 4:56 AM on January 13, 2017

A quick alternative is to encrypt one or a few folders or files to hold sensitive information. On many versions of Windows, just right click a folder, select Properties, then General > Advanced, > Encrypt contents to secure data. (Macs have something similar with .dmg images.) There are free and for-fee products such as Veracrypt for similar purposes. Zip files can encrypt. MS Office and Adobe Acrobat let you encrypt their files. An issue with this approach is that there's nothing that can prevent a bad guy from brute force approaches. This might take centuries or seconds to crack.

The surest approach is a "self-encrypting" disk drive. When such a computer is booted, you'll be prompted for the drive password. You get ten tries or some other low number of tries to give that password. If exceeded, the drive bricks. As RVP suggested, you might do this on an external encrypted drive if you don't want the hassle of upgrading or converting your main storage. Or find the model code for your existing disk, there's a chance it is already self-encrypting and you just need to set the password. For self-encrypting drives, Backblaze and other backup facilities will work as usual whenever you can login.
posted by gregoreo at 7:37 AM on January 13, 2017

In general, if you can see the encrypted data without subsequent special effort, whether from Bitlocker or self-encrypting hardware, Backup utilities such as Backblaze can see that unencrypted data and back it up. The whole backup is encrypted in Backblaze storage, but when returned to you as recovered files will be unencrypted if backed up as unencrypted, or encrypted if the file, folder, or partition was not opened.
posted by gregoreo at 7:52 AM on January 13, 2017

And beyond theft, it's a great idea to have your drive encrypt as this adds a layer of protection against root kits and crytolocker malware.
posted by cjorgensen at 12:08 PM on January 17, 2017

« Older Good bar for a meetup in NYC, around 48 and lex...   |   Electric heater died. Help me replace it Newer »
This thread is closed to new comments.