Windows Help & Advice - UK (2020-03)

Windows 10

Protect your data

March 2020 | |^51

BitLocker Drive

Encryption

Encrypt individual files with a personal

key using Gpg4win.

using a file extension – this can be
problematic – and click Save. Click Next
to choose your encryption options for
the volume. Five encryption algorithms
are supported: AES, Serpent, Twofish,
Camellia, and Kuznyechik – select one at
a time for a description. Beneath these
are no fewer than ten combinations of
two or more algorithms for those who
want multiple layers of encryption.
The truly paranoid can click the Test
button next to an option to verify
VeraCrypt’s implementation of the
selected algorithm is compliant with
certain standards.
Click the Benchmark button to open
the Algorithms Benchmark window,
then click Benchmark to compare the
performance of each encryption
algorithm. The process of encrypting
and decrypting data will have an impact
on disk write/read speeds, and you can
compare the different algorithms (single
and combined) from here. Straight AES
encryption is recommended for most
people, or AES combined with Twofish if
you want a second layer.
Beneath the encryption algorithm,
you’ll see a section on hash algorithms,
complete with a handy link explaining
how they work. These are basically used

to generate the encryption keys and

salt (random data used to protect

your password from hackers). Five

hash algorithms are currently

supported, but for most people, the

default SHA-512 is fine – you might

choose SHA-256 if performance is

more important than security.

([WUDDXWKHQWLFDWLRQ

Once you’ve chosen your options, click

Next. You’re now prompted to set a size

for your file container. Choose a figure

based on how much data you need to

encrypt and how much free space is

available. Click Next to enter a password

• you’ll need this to access your files in
  future, so make sure it’s memorable (or
  stored somewhere secure, like a
  self-hosted Bitwarden password
  manager), but also tough to crack. Try to
  make it at least 20 characters in length.
  Gain additional protection by ticking
  Use keyfiles and clicking the Keyfiles
  button. This adds another layer of
  protection: Not only do you have to
  enter your password correctly, but you
  also need to select whichever file (or
  files) you choose to be linked to your
  container. These files can be already
  present on your hard drive – choose a
  compressed format such as MP3 or Zip


• or you can have VeraCrypt generate a
  new random key file from scratch. Either
  way, make sure the files are backed up
  somewhere safe, because if they’re
  deleted or the first 1,024KB of data is
  changed, your vault will be impossible
  to access.
  Checking the Use PIM box creates an
  additional step after clicking Next,
  where you can set a custom Personal
  Iterations Multiplier. The default setting

(485) prioritises security over speed

when mounting the volume after each

system boot – should you wish to

reduce the time taken, you can set a

lower value, but make sure you’ve set a

lengthy password.

)RUPDWDQGPRXQW

After clicking Next, you’re asked if you

plan to store files larger than 4GB in

your new virtual drive – this determines

which filesystem is set as the default in

“An encrypted file container is the

safest option, because it creates a

single file on an existing hard drive”

If you’re using a higher-end version of

Windows – Professional, Education, or

Enterprise – and you’re looking to

encrypt an entire drive, you might like

to use the built-in BitLocker tool. It

can EHXVHGWRHQFU\SWÀ[HGDQG

removable drives, as well as your

Windows boot drive, making it possible

to protect the contents of your laptop

should it be stolen.

7 ype “bitlocker” into the Search box

and click Manage BitLocker. You’ll see a

list of all available drives in the main

ZLQGRZ([SDQGRQHDQGFOLFN7XUQ

BitLocker on. If you’re looking to

encrypt the main system drive, you may

see an error about your PC not having a

FRPSDWLEOH7UXVWHG3URWHFWLRQ0RGXOH

&KHFN\RXUPRWKHUERDUGVSHFLÀFDWLRQV

• you may be lucky and simply need to
  HQDEOH730VXSSRUWLQWKH%,26ORRNLQ
  WKH6HFXULW\VHFWLRQ 
  You’re prompted to create a backup
  of the recovery key required, then
  follow the wizard, selecting appropriate
  choices depending on your drive and
  PC setup. Run the recommended
  BitLocker system check, and you
  should be able to use your drive while
  it’s being encrypted.
  Fixed or removable data drives are
  protected by password or a compatible
  smart card – 730PRGXOHQRWUHTXLUHG
  When you plug in the drive or reboot
  Windows, you need to provide the
  password or plug in the smart card to
  unlock the drive.
  BitLocker is relatively straightforward
  to use, but relies on your trusting
  Microsoft, because unlike the open-
  source VeraCrypt, its code isn’t available
  for audit. You’re also restricted to its
  128-bit or 256-bit AES encryption.

Windows 10 Home users don’t get access to
native encryption tools.