BROADCASTS.com

b"

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 19 today we are discussing about Disk encryption, encryption is a process that scrambles data into unreadable information.It does this to ensure that nobody can read it,except the person who holds the secret key.This ensures confidentiality.If you have the key you can unlock that randomized data and translate it back into something readable.Think about it like a magic machine.The information goes in one side,and out the other side comes a jumbled mess.Without that key you don't know how to read the jumbled mess.Another example of this is actually language.I'm speaking English right now.If I spoke English into my machine and out the other side came Spanish,and you didn't understand Spanish,it would be encrypted, and you wouldn't understand it.But if you knew the key,meaning you understood Spanish,you could understand everything that was being said.There are two different types of encryption,hardware-based and software-based.The first one we're going to talk about is hardware-based encryption.A great example of this is a self-encrypting drive.It looks like an external hard drive,and it has embedded hardware that performs full disk, or whole disk encryption.These are very fast, unfortunately,they're also very expensive, so they're not commonly used.Instead, most people use software-based encryption in the marketplace and in our organizations. Luckily for us, there are two forms of whole disk encryption already embedded into our operating systems if we're using Mac or Windows.In a Mac we have a system called FileVault where we can turn on whole disk encryption with a single click.This is located under your system preferences and under the security tab.On Windows we use a system called BitLocker.BitLocker, again, is very easy to turn on.If I want to encrypt my D drive I simply right-click it,turn on BitLocker, and then I'll be able to encrypt the entire drive with a single click.As I said previously, encryption requires a key.And when you're using BitLocker specifically you're actually going to be using a hardware key that resides on your motherboard.It's called the Trusted Platform Module, or TPM.This TPM chip resides on the motherboard,and it contains the encryption key inside of it.This is what BitLocker is going to use to encrypt your drive.So if you're going to take that hard drive out and put it into another system you have to decrypt that drive first,otherwise you're not going to be able to decrypt it on the other system because it has a different TPM module and different secret key.If your motherboard doesn't have TPM you still can use BitLocker, but instead you have to use an external USB drive as a key.It'll store the key on that USB drive.But if you use that USB drive you're never going to be able to unlock that hard drive again.Because every time you boot up that computer you have to make sure you have that USB key inserted so it can unlock the drive.Both BitLocker and FileVault use the same type of encryption. They use Advanced Encryption Standard, also known as AES.AES is a symmetric key encryption that supports 128-bit and 256-bit keys, and is considered unbreakable as of the time of this recording.Encryption sounds like a wonderful thing, and it is.It secures our data and keeps prying eyes out.It secures our data and keeps prying eyes out.But it does have some drawbacks.Encryption adds additional security for us,but it comes with a lower performance for your system.If I'm doing whole disk encryption that means before I can even boot up the computer and read things from that drive I have to decrypt it,and that takes time and processing.So you have to remember there is a sacrifice in speed and performance when you're using full disk encryption.Because of this performance hit some people decide not to use full disk encryption.