Memory encryption
If your device falls into the hands of a third party, he or she may be able to start a different operating system and access your data without having to use login information. To prevent others from accessing your devices, make sure to switch it off when not using it and use hard drive encryption.
The encryption of the entire system partition is almost transparent for the users. Authentication with an additional PIN number is only necessary when rebooting the system.
The following provides a number of options for whole disc encryption with pre-boot authentication:
| BitLocker (drive encryption) | VeraCrypt | dm-crypt | FileVault 2 | |
|---|---|---|---|---|
| available for | Windows (starting with the Pro edition) | Windows |
| macOS X |
| Source code | proprietary | open source | open source | proprietary |
| Instructions | Instructions | Information for Android | Instructions |
PLEASE NOTE: If you forget your decryption key (PIN, password), you may permanently loose access to the system!
When encrypting your system with BitLocker, VeraCrypt and FileVault 2, you will be provided the opportunity to create a recovery key or media. These options will allow you to access the system in an emergency and should therefore also be protected just as much as the decryption key.
Version history
Authors: Christoph Becker (cb), Stefan Brütsch (sb)
| Version | Date | Author | Comment |
|---|---|---|---|
| 1.0 | 2017-02-21 | cb, sb | |
| 1.1 | 2019-03-29 | cb | focus on hard drive encryption |
| 1.2 | 2019-04-23 | cb | BitLocker instructions modified to include configuration
|