Question Encryption for internal extra spinning HD

[KLund1]

This has probably answered a thousand times in here. But all just a little differently each time.
Here is my case.
I have about 5TB of data on a 6TB spinning extra WD blue HD in my main rig. (no SSD I can afford this size 🙁 )
I would like to protect the data from the wifi snooper next door or on the street to the NAS. (or at least delay the nsa?!?!?)
Nothing bad or illegal, Just my paranoia kicking in.
I access the data intensely several times a year for a couple weeks. Then it just sits there waiting.
I am a cheap person for spending cash on stuff.
I know Bitlocker comes with WIN 11 (my current os) But it is slow to start the encryption. That is not a problem. But it is also slow in retrieval. Through I think this can be fixed with some registry hacks.
But is it easy for hackers(nsa) to brake?
I think so, (my paranoia setting in again)
Are there any free/near free solutions for my paranoia? (that use a short passoword I can remember)
Oh, the data is large data sets, with often inbeded video, but the write-backs are usualy small. But ocastionnally some very large. Currently data sets load in 15-20 seconds, and video is smooth at 1080i. I would like to keep it at this level.
My current rig is an i7 7700k OC'd 4.2ghz (stable since new) 16gb ram, 1060GTI. Still runs very fast, with monthly/yearly mantainance. Power-on to usable desktop is still about 30 seconds thanks to raid0 vmeM.2 drives.
SO What suggestions do you PRO's have?
I would appciate whatever input you might provide.
Thanks

 

[bill001g]

Not sure what you are trying to prevent. Most times disk encryption is used to prevent data loss if someone where to physically steal the disk. The more commonly used encryption methods will not stop someone walking up to your running machine and getting access. The machine has keys and such in memory that have the files open. It would be no different if they somehow installed a remote execution client if you can get to the files they can also.

There are likely other encryption methods that might run at the file level but the more stuff you use like this the more painful it is to run. I mean it could expire the password every 10 seconds and make you key it in again.

You really can't protect when you are assuming someone can compromise access to the machine itself.

Pretty much nobody can get into your machine as long as you do not do stupid stuff. Make sure you are running the microsoft firewall and virus stuff. Be careful what software you load, ie do not load teamviewer when the scammer calls you and tells your norton firewall has expired.

If you worry about wifi try to use ethernet instead. Wifi though is almost uncrackable except maybe to the government.
Make sure you use a good password and don't tell anyone. The only thing to really check is that WPS is disabled on the router. This feature is enabled on some routers by default even though its very insecure.....stupid "smart" devices you can't key in passwords. WPS though just would give them access to your network they still could not get into your machine. If you have microsoft file sharing with no passwords on your machine they could get access. This though is a very unlikely case. Someone parks in front of your house just to see if they get lucky and can break into your wifi and then hope you are sharing the files unprotected. It is unlikely you have a expert hacker living within say 100 feet of your router.

 

[KLund1]

WOW
THanks for such a quick reply! That is very helpful.

I was being a little sarcastic in my post.
I want to make sure the data on this drive can not be accessed by anyone but me, only, and forever. When I die, many, many years from now, the data will die, ie can't be accessed by anyone, ever.
But while I am alive and kicking, I want my data easily accessed by me only, but safe. If I walk away from the computer for say ten minutes, the data is locked and I need to used my small password to get in and let the OS use the HD.
If someone takes the drive out, and connects to another PC, the data should not be able to be accessed. (better yet an auto delete/LLF format with inter-leave offset prg would run, though I do not think such a thing exists!)
Again thanks
Any additional thoughts?

 

[NedSmelly]

Are there any free/near free solutions for my paranoia? (that use a short passoword I can remember)

Veracrypt. Although less convenient than BitLocker. And might take a while to encrypt 5TB.

When I die, many, many years from now, the data will die, ie can't be accessed by anyone, ever.

No guarantees here unfortunately. Someone's already hacked a workaround for Bitlocker. And Truecrypt was hacked, before Veracrypt took over.

 

[KLund1]

Many thanks for the info,
But you already answered one of my encrypt questions, quite well.
That begs the next Q. what software has not been cracked for a home to major corporate level, and still good read back performance? (and making a headache for the nsa...)

 

[COLGeek]

Many thanks for the info,
But you already answered one of my encrypt questions, quite well.
That begs the next Q. what software has not been cracked for a home to major corporate level, and still good read back performance? (and making a headache for the nsa...)

You have mentioned the NSA a couple times now. If that is a legitimate concern, then you have other problems that we can't help with.

No mechanism is 100% fool-proof for all time, given access and resources.

The aforementioned Bitlocker thing is of limited value, but is certainly a flaw that can be exploited under the right conditions. But, not one to be worried about by the vast majority of users.