Windows Help & Advice - UK (2020-03)

(Antfer) #1

Windows 10


Protect your data


March 2020 | |^51


BitLocker Drive


Encryption


Encrypt individual files with a personal
key using Gpg4win.

using a file extension – this can be
problematic – and click Save. Click Next
to choose your encryption options for
the volume. Five encryption algorithms
are supported: AES, Serpent, Twofish,
Camellia, and Kuznyechik – select one at
a time for a description. Beneath these
are no fewer than ten combinations of
two or more algorithms for those who
want multiple layers of encryption.
The truly paranoid can click the Test
button next to an option to verify
VeraCrypt’s implementation of the
selected algorithm is compliant with
certain standards.
Click the Benchmark button to open
the Algorithms Benchmark window,
then click Benchmark to compare the
performance of each encryption
algorithm. The process of encrypting
and decrypting data will have an impact
on disk write/read speeds, and you can
compare the different algorithms (single
and combined) from here. Straight AES
encryption is recommended for most
people, or AES combined with Twofish if
you want a second layer.
Beneath the encryption algorithm,
you’ll see a section on hash algorithms,
complete with a handy link explaining
how they work. These are basically used


to generate the encryption keys and
salt (random data used to protect
your password from hackers). Five
hash algorithms are currently
supported, but for most people, the
default SHA-512 is fine – you might
choose SHA-256 if performance is
more important than security.

([WUDDXWKHQWLFDWLRQ
Once you’ve chosen your options, click
Next. You’re now prompted to set a size
for your file container. Choose a figure
based on how much data you need to
encrypt and how much free space is
available. Click Next to enter a password


  • you’ll need this to access your files in
    future, so make sure it’s memorable (or
    stored somewhere secure, like a
    self-hosted Bitwarden password
    manager), but also tough to crack. Try to
    make it at least 20 characters in length.
    Gain additional protection by ticking
    Use keyfiles and clicking the Keyfiles
    button. This adds another layer of
    protection: Not only do you have to
    enter your password correctly, but you
    also need to select whichever file (or
    files) you choose to be linked to your
    container. These files can be already
    present on your hard drive – choose a
    compressed format such as MP3 or Zip

  • or you can have VeraCrypt generate a
    new random key file from scratch. Either
    way, make sure the files are backed up
    somewhere safe, because if they’re
    deleted or the first 1,024KB of data is
    changed, your vault will be impossible
    to access.
    Checking the Use PIM box creates an
    additional step after clicking Next,
    where you can set a custom Personal
    Iterations Multiplier. The default setting


(485) prioritises security over speed
when mounting the volume after each
system boot – should you wish to
reduce the time taken, you can set a
lower value, but make sure you’ve set a
lengthy password.

)RUPDWDQGPRXQW
After clicking Next, you’re asked if you
plan to store files larger than 4GB in
your new virtual drive – this determines
which filesystem is set as the default in

“An encrypted file container is the


safest option, because it creates a


single file on an existing hard drive”


If you’re using a higher-end version of
Windows – Professional, Education, or
Enterprise – and you’re looking to
encrypt an entire drive, you might like
to use the built-in BitLocker tool. It
can EHXVHGWRHQFU\SWÀ[HGDQG
removable drives, as well as your
Windows boot drive, making it possible
to protect the contents of your laptop
should it be stolen.
7 ype “bitlocker” into the Search box
and click Manage BitLocker. You’ll see a
list of all available drives in the main
ZLQGRZ([SDQGRQHDQGFOLFN7XUQ
BitLocker on. If you’re looking to
encrypt the main system drive, you may
see an error about your PC not having a
FRPSDWLEOH7UXVWHG3URWHFWLRQ0RGXOH
&KHFN\RXUPRWKHUERDUGVSHFLÀFDWLRQV


  • you may be lucky and simply need to
    HQDEOH730VXSSRUWLQWKH%,26 ORRNLQ
    WKH6HFXULW\VHFWLRQ 
    You’re prompted to create a backup
    of the recovery key required, then
    follow the wizard, selecting appropriate
    choices depending on your drive and
    PC setup. Run the recommended
    BitLocker system check, and you
    should be able to use your drive while
    it’s being encrypted.
    Fixed or removable data drives are
    protected by password or a compatible
    smart card – 730PRGXOHQRWUHTXLUHG
    When you plug in the drive or reboot
    Windows, you need to provide the
    password or plug in the smart card to
    unlock the drive.
    BitLocker is relatively straightforward
    to use, but relies on your trusting
    Microsoft, because unlike the open-
    source VeraCrypt, its code isn’t available
    for audit. You’re also restricted to its
    128-bit or 256-bit AES encryption.


Windows 10 Home users don’t get access to
native encryption tools.

Free download pdf