I'm considering setting up a TrueCrypt layer on my hard drive for a laptop that I want to take on the road. However, looking at the functionality I want to get out of it, I really don't want to encrypt the entire drive (as a side note: I have one partition and drive and would really like to keep it as such). The three fields of application I will be engaging in are:

- writing (need cloud sync + localized copy + security)
- coding (need cloud sync + speed + localized copy + security)
- video editing (need speed, but do NOT need security for working files)

Because of pretty varying demands on the system, I really don't want to encrypt my whole drive. I've come across reports saying that Visual Studio won't give me any love in terms of speed through TrueCrypt and it doesn't take a genius to figure out that editing HD video will definitely not benefit from setting up a disk read bottleneck.

As such:

1) I'd like to set up a secure backup folder that can be locally synced to in realtime (much like Dropbox cloud sync). The contents of this secure folder are also synced to the cloud when wifi is available (via GoogleDrive).

2) next I'd like to create an unencrypted working directory for coding, which would be synced to the secure folder, but that could/would be nuked when someone tries to access the computer without my consent (at boot time)

As far as I can tell, TrueCrypt doesn't do password-only-nuke-folder-if-incorrect type of security (although it does do nuking when you've set up encryption), which begs the question - is there some software that does this? Ideally I'd like the unencrypted folder to be nuked also when someone tries to boot from a disk or flash drive to bypass the current OS installation. This would need to apply to both boot-time access as well as entering the user password when coming out of hibernation.

As an alternative, I'll just set up a delete for the unencrypted folder when Windows shuts down, although this would be annoying, since my code base is 3+ GB and would need to be copied from the encrypted folder every time I boot up.

As for localized syncing, what are the best options for software that would allow me to keep an unencrypted folder synchronized with a crypted one?


Or perhaps someone can suggest a better setup? Thing is, I'm not carrying state secrets or anything, but I do fear that someone might steal my stuff, which would simply make me (or anyone else I'd imagine) a sad panda. Even if the person didn't know what to do with any of it, I'd like them not to be able to readily access any stuff I've spent years on writing.

As a bonus point of discussion: what are your thoughts/experiences with Prey Project anti-theft software or can you suggest an alternative?

I'm looking for a 100% free solution - although this might sound cynical seeing what the topic is, I really don't need or want to invest any further money in the setup.

Because of pretty varying demands on the system, I really don't want to encrypt my whole drive. I've come across reports saying that Visual Studio won't give me any love in terms of speed through TrueCrypt and it doesn't take a genius to figure out that editing HD video will definitely not benefit from setting up a disk read bottleneck.

What makes you think TrueCrypt will be a bottleneck? I did some benchmarks and was baffled when my system came out faster than before whole-system encryption. I thought I made a mistake and tried again, but yeah - it came out faster. I can't tell a difference personally, it feels just as fast as before. I got a Asus G74SX laptop and this is my development laptop for work and I wanted it to be secure incase I lose it when travelling.

Listen to the Security Now! podcast if you're in doubt, they test TrueCrypt out with their benchmarks too.

You'll be surprised.

Unfortunately, nuking a drive when a boot accredidation fail happens is NOT secure.

Step 1 for any would-be snoop or forensics specialist is to use a hard drive duplicator to make multiple duplicates of your drive. Then, they'd typically open up the duplicate copy and try to examine the files (typically by mounting the drive). So, any OS or BIOS layer security is completely bypassed.

Also, keep in mind that merely deleting a file doesn't mean it's actually gone. The OS just sets a flag in the file header indicating that the space can be writen to. It doesn't actually scrub the bits off the disk. To do that, you'll need a file shredder. A file shredder will go through the bits on the disk and write in a bunch of white noise. The NSA standard is to scrub the sector seven times. This is because only scrubbing once or twice isn't good enough, you can still lift residual bits off the disk plater and peice together parts of the original data, but it's very expensive in resources and time. There is freely available software out there which you can download and use to recover deleted files, which is why it's a big security risk to sell or throw away a used hard drive without scrubbing it (disk reformatting is no good).

So, all you've got left to secure your data is high level encryption. If your data isn't encrypted, it's freely available. You might as well put it into an open network share on a public network -- which is actually a good attitude to take in regards to your data: Assume its on a public share with public read/write permissions. What happens if someone reads your data? What happens if someone writes or deletes your data? what precautions do you have in place to prevent catastrophe? Answer: Encryption and encrypted backups.

Although I can't make any specific software platform recommendations, I can recommend 256-bit AES as one of the best encryption standards. It's very fast and its very secure (NSA has authorized it for encrypting Top Secret data). DON'T use the encryption which comes bundled with Windows. It uses the SID as a part of the encryption key. If you have to reinstall windows, the SID changes and all of the encrypted data is gone (unless you can restore your SID). In a pinch, it's better than nothing though.