3w`Sparky Posted July 9, 2010 Share Posted July 9, 2010 OK So the PGP Disk encryption is not breakable "currently" , but when you "REBUILD" you system then install pgp desktop which you can then turn your hdd into encrypted, what about all the leftover space that hasn't been written to yet eg 80 gig hdd 4 gig xp install 1 gig office install 3 - 4 gig of other apps what about the remaining space, does pgp write across the whole disk ? eg can a disk that has been used already be securely erased if you just run a bare install then install pgp ontop of it ? Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 9, 2010 Share Posted July 9, 2010 What you say is potentially correct (providing it's done at the file system level), any data that is on the drive and is not part of the file system (deleted files, left over files after formatting etc.) will not be encrypted, there is a simple solution however, blank the drive before installing the operating system. Quote Link to comment Share on other sites More sharing options...
3w`Sparky Posted July 9, 2010 Author Share Posted July 9, 2010 which leads to the next question, what's best ? I have to conform to CESG Governance ideally but wondered what might be best but also fast , although the two work against each other ! Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 9, 2010 Share Posted July 9, 2010 which leads to the next question, what's best ? I have to conform to CESG Governance ideally but wondered what might be best but also fast , although the two work against each other ! Well, you need to find out how pgp full disk encryption works. I had a look on there web site and a bit of a Google but couldn't find what I was looking for. If it works like truecrypt and inserts it's self between the operating system and hard disk to do sector level encryption, you don't need to do any thing as every sector of the disk is encrypted. This might be called 'sector level encryption' or similar. However, if it encrypts every file individually by inserting it's self between the operating systems file access stuff and the rest of the operating system for the purpose of using a different key for every file (or some other similarly useful feature) then you need to blank the drive before installing the operating system. This method might be called 'file system level encryption' or similar. A tool that finds 'not-used' sectors then blanks them is theoretically is possible, but I have never found one. Quote Link to comment Share on other sites More sharing options...
IOSys Posted July 10, 2010 Share Posted July 10, 2010 (edited) Uhm.. Guess why it's called "whole disk encryption" ?? You can either encrypt individual partitions or you can encrypt the entire device . In either case, ALL space of the volume is encrypted . (yes, pgp can also create file-hosted volumes but you can't stuff your OS inside a file and still be able to boot) When you encrypt a storage-volume it is filled entirely with randomly-looking garbage, ie overwritten once . Despite what NIST, The US Military etc etc could make you believe, there are no documented examples of ANY data being recovered from a HDD that has been fully overwritten once . Ever .. Despite this fact, you may be required to sanitize the disk in accordance with Federal guidelines anyway, and depending on the nature of your operation and the data you store, you may even be required to have proof that the disk was sanitized .. Edited July 10, 2010 by IOSys Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted July 13, 2010 Share Posted July 13, 2010 I use TrueCrypt so I just wipe free space after. Depending on what was on the disk before hand i would us DBAN and at least NSA 7-pass wipe. Mainly because in the event some one could/ found away to recover from a single wipe they still wouldn't get my data :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.