I whole-heartedly agree with the EFF???s recommended resolution for Full Disk Encryption (full disclosure, I work for Symantec on our PGP encryption products).
In regards to various comments:
@OrlandoHatch
Yes, there is a slight performance hit. If you are using a modern machine, then the hit will be about 2% overhead, which would not be noticeable by users. There are other processes running in the background that utilize more CPU than that. In addition, if your chipset has AES-NI, then we can utilize that and offload all the encryption algorithm to that instead of the main CPU further increasing performance.
@terry flores
Yes I would agree that the performance hit is minimal. I would imagine the only people that would notice it would be those that open multi-megabyte files all day. Otherwise for day to day usage one would not notice the hit. There is an initial performance hit when the HD is being encrypted. This is not due to the overhead, but due to the i/o activity occurring on the HD itself. But once fully encrypted, you won???t notice a difference in performance.
@Scrabbler
I think a lot of things are in the cloud today, but a question I have to ask (and I???m not being factitious at all ??? it???s a serious question) is, do you trust the security of your personal information in the cloud? How secure is it? I will admit I upload personal files to the cloud, but I also encrypt it first to ensure my data is protected.
The corrupted HD is a tough situation. More often than not, with a corrupt encrypted HD situation you will be able to recover the data with the same success rate as if the HD was not encrypted. The one ???gotcha??? would be if the area containing the key was corrupted, then you would be out of luck. (A good practice is to always have a backup of your data, in an encrypted format.)
@macadam, klumper
In regards to FDE + SSD = bad from wendellgee, I believe (this is a big assumption on my part) he is referring to the performance hit on SSDs and encryption. If you have a regular spindle HD, the head on the disk needs to jump around to access the data. This in itself is a slow process and creates the i/o overhead. With encryption the performance loss is ???masked??? because ultimately everyone is waiting for the head to jump around reading/writing the data onto the disk. With SSDs, there are no moving parts as it is solid state. So when data is read/written it happens in parallel. This no longer masks the encryption performance hit because the data is moving fast and furious. (Think of spindle HDs as reading/writing data in series and SSD reading/writing data in parallel.) So with all things being equal, encryption on an SSD will show a larger performance hit vs. spindle HDs. When evaluating potential solutions, you should look for products that can alleviate this performance hit. Features to look for include utilization of the AES-NI chipset to speed up on the fly encryption/decryption and also the ability to choose cipher strength. By default almost every FDE vendor out there uses AES 256-bit key lengths for disk encryption (PGP is guilty of this as well. The combination of 128-bit key and AES-NI vastly improves the user experience for SSD users.
Think about encryption like insurance. We all buy insurance in one form or another (car insurance, medical insurance, home insurance, life insurance, etc). When we buy insurance we often feel that we???re getting nothing out of it. There is no ROI on insurance. You pay monthly for insurance but you simply get a piece of paper that says ???you???re insured.??? Encryption is like insurance, you hope you never have to make a claim on it because if you do, it means you???ve lost your laptop, or your house just burned down to the ground.
Privacy rights advocates at the Electronic Frontier Foundation (EFF) are urging computer users to adopt just one resolution in 2012: Commit to full disk encryption on every computer you own.
