Can I encrypt my user directory transparently?

[acidburn]

hi all, i need to secure my user directory transparently, here is my scenario:

using windows_7 64-bit;

i have very important development files on this pc, i want to secure these files under my user directory so that they cannot be read in case of physical access / stolen hardware.

this hardware does not have tpm so i cannot use bitlocker, not that i would anyway since the only thing it gives is a false sense of security.

an option is to create a truecrypt container, however this will be limited to a fixed size, and the nature of development i cannot safely guess the size of the container for the next year or two. i also cant do full partition encryption cos i cant reinstall this work pc. lets just say the company does not give a shit about securing the dev files :/

going into the folder properties > general tab > advances attributes we can check the "encrypt contents to secure data" option, i can't find any details on what encryption is used or how secure it is. on top of that, file descriptors are _not_ encrypted, only contents. so booting with a live cd you can still see the file structure of individual files. much more exposed than im comfortable with.

i want this to be transparent, ie i log in with my domain account and my user data is decrypted, i log out and the data is secured again. i don't want to mess around with a) mounting separate encrypted volumes or b) enter multiple passwords to log in and decrypt, and also c) not expose the file structure, but rather a blob of encrypted data, less vectors of attack if you know what i mean.

so, the question is... what can i do to secure my user directory, transparently?

 

[mckillwashere]

I am going to suggest TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux This program is great you can make a seemingly usual file maybe a .iso file (maybe what I use, cause iso's can get quite large). and have everything encrypt to inside that file

 

[acidburn]

I am going to suggest TrueCrypt

As I said above I can't reliably predict the size of the container for the next 2 years, but I guess it's just one of those things. i won't be securing this data after all, their lack of insight isn't my problem any longer

 

[mckillwashere]

With truecrypt you can set it for an UNGODLY size 500 GB to 500PetaBytes and have it grow dynamically9It doesn't allocate all at once)

 

[cincinnatiman]

qusition was ask can u encript drive and be trasparent

i am admaize that no one can awaser this, that most people dont understand what is out on market
yes u can encript a drive and no one can get the keys, how, well takes 4 things, good workstation
a workstation has tpm on it, and all firmware fully upgraded
now for what u need, seagate ed sed harddrives, these are self encripting hard drives,
how they work seams no one look at seagate even knows, but tpm must be turn on
bad part is u cant tell drive is ack encripted, one these drives cant be put in raid
doing so disables encription, so we got tpm turn on we booted in what windows 7
ok turn on bitlocker, do not get on the internet doing this time i cant stress this enouf and dont lose back up key
and i cant stess that hard enouf, throw bitlocker is microsoft is dose work with the drives
how i understand all this works, is harddrives makes very small parttion that no one can find, this partion is back up
in event one gets damage the keys keep here and it is highly encripted now yes bitlocker key will unlock the drive
but this just for software drive checks for it own keys, if drive is remove from pc put into another will never work
can data be stolen wile online well all encription software has a probem they dont do file by file encription decription
and doing this would use grate deal cpu power so we must find way deal this, now we got probems with domains and remote access wich all can be done very easy, just nsa wont alow this never be done, nsa wants access to all computes wich they have and not being able read files well no one wants fight goverment to make this work, i beleave busness able to do this but being stop, with ileagle presher from the goverment but when goverment can cost u millions do u really wish to fight them
well me i would in heart beat, i told seagle how fix each of all there probems but they will never ever use it, it would make pc hack proof and nsa proof, but u must understand to do this u must have very powerfull pc, some the big ones is hp z800 z820 and i shure there is others, each cpu has it own memory, so it can muiltytask but need code to do it,
there is no code currently as 2018 that alows a pc to multy task in right way in other words send one thread to one cpu, now we need montor to find out how much cpu power dose take to use this program and would set the number cpus base on needs, and as needs change so will this on the fly, short this there is no current program will keep file lock so it cant be stolen, need more safe gards, and better firewalls that look for servers with no mac address, or servers has no busness on pc,even if the pc ask for it, if owner did not ask for it it all should be block but currently best firewall is ipfire, my 2 cents on that, it dose have its own probems, and i hope that they fix them in short as 2018 this kind encritpion is not being done so who will buld new firmware to alow seagate drives to do this