iCIS Intra Wiki
categories: Info - Support - Software - Hardware | AllPages - uncategorized
Encryption: Difference between revisions
| Line 81: | Line 81: | ||
== Linux == | == Linux == | ||
Ubuntu offers to encrypt your home folder during installation. If you decline the encryption and change your | |||
mind later, you don’t have to reinstall Ubuntu. You can activate the encryption with a few terminal commands. | |||
Ubuntu uses eCryptfs for encryption. When you log in, your home directory is automatically decrypted with | |||
your password. While there is a performance penalty to encryption, it can keep private data confidential, | |||
particularly on laptops that may be stolen. | |||
= More information = | = More information = | ||
* http://www.ru.nl/privacy/english/data/encrypt-laptop/do-it-yourself/ | * http://www.ru.nl/privacy/english/data/encrypt-laptop/do-it-yourself/ | ||
Revision as of 20:38, 22 December 2017
Encryption of files
Generally, people encrypt files for the purpose of sending a file securely via e-mail or copying it to a portable storage device that is more susceptible to loss. There are many programs available to let you encrypt files. Below we mention several which are advised:
- use 7zip compression program to compress and encrypt a set of files into a single .7z archive.
- use AES Crypt to encrypt a single file. AES Crypt integrates with your operating system's file explorer to easily let you encrypt/decrypt files.
For more informations see this page.
Encryption of your laptop/pc
Overview encryption software per operating system
| BitLocker | VeraCrypt | Filevault | |
|---|---|---|---|
| Windows | x | x | |
| Mac | x | x | |
| Linux | x |
Windows
To encrypt your entire system you have a choice between two methods:
- use Bitlocker from microsoft which is integrated in windows pro/enterprise (not in home edition, though we have a campus upgrade license to enterprise)
- use VeraCrypt open source software
It is adviced to use Bitlocker, unless you have a problem with the possibility that Microsoft has made a backdoor in bitlocker you should use VeraCrypt instead.
Bitlocker
- To enable Bitlocker encryption follow these instructions.
- After you have enabled bitlocker you can verify its working correctly and has encrypted everything by running on a windows command prompt with administrator rights the following command: "manage-bde -status". See check bitlocker status
Comparison Bitlocker and Veracrypt
Advantages Bitlocker over Veracrypt
- automatic unlocking at startup using TPM chip => user only needs to login as it is a none-encrypted laptop ; Veracrypt doesn't use the TPM chip and you need to supply a password manually.
- windows recovery/repair supports bitlocker => for veraCrypt you must make special repair disk which is unique for the laptop!
Advantages Veracrypt over Bitlocker
- open source -> more likely that there is no backdoor
- more possibilities eg. stronger encryption, external drive encryption etc.
- supported on Linux and OS X, however full system encryption only supported on Windows!!
OS X
FileVault is a disk encryption program in Mac OS X 10.3 and later. It performs on-the-fly encryption with volumes on Mac computers.
FileVault uses the user's login password as the encryption pass phrase. It uses the AES-XTS mode of AES with 128 bit blocks and a 256 bit key to encrypt the disk. Only unlock-enabled users can start or unlock the drive. Once unlocked, other users may also use the computer until it is shut down. (source)
In OS X more users are likely to enable FileVault than ever before—as at installation you have to consciously opt-out of having your hard drive encrypted, rather than opt-in. (source)
For instructions how to enable and use FileVault read apple's documentation at: https://support.apple.com/en-us/HT204837
Linux
Ubuntu offers to encrypt your home folder during installation. If you decline the encryption and change your mind later, you don’t have to reinstall Ubuntu. You can activate the encryption with a few terminal commands.
Ubuntu uses eCryptfs for encryption. When you log in, your home directory is automatically decrypted with your password. While there is a performance penalty to encryption, it can keep private data confidential, particularly on laptops that may be stolen.