On-disk security of open vaults

stephen-m3

Here’s a question I haven’t found an answer to and can’t reason out on my own.



Generally, I store files in encrypted vaults to prevent unauthorized persons from 1) accessing sensitive files when they're logged into my user account, and 2) directly accessing the hard drive without my permission in the event of computer theft or offsite repair, because the hardware has been recycled, and so on. Common reasons for using an app like Knox, I suspect.



My question applies specifically to Reason #2: reading the hard drive without my permission. When a vault is unlocked, are the files contained in the vault readable on the hard drive itself? Or are the vault files always encrypted on the hard drive, and only "open"—i.e., readable—in RAM?



Thanks in advance for any clarity you can provide. Happy Holidays.



Stephen

jpgoldberg

That is a great question.



The data on disk remains encrypted. Indeed, it would be impossible to decrypt that much data in so short a time.



The details of disk encryption are fascinating (well, at least to me), but I will have to leave that for some other time. But if the power gets pulled, the data on the encrypted volume remains encrypted.



Cheers,



-j

stephen-m3

Hi Jeffrey,



Thanks for putting my mind at ease. There wouldn’t be much point in storing files in encrypted vaults if the bad guys only needed some disk recovery software—and access to my hard drives, of course—to access the files contained in the vaults.



Cheerio,



Stephen

khad

Completely agreed. On behalf of Jeffrey, you are quite welcome! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Happy Holidays!