Encryption in W7 Ultimate or Enterprise

[JimSF]

I'm using W7 ultimate and was wondering how this default option/possibility of encryption works.

I've heard that data on an external drive(s) can also automatically be encrypted using the same strong encryption as the one on the main OS partition/drive.

I mean that if the data on an the external connected drive is encrypted, and the drive is removed and connected to another system the data on it is PW protected and can't be read by another OS system without the right PW.

But here comes the tricky question: after you put in the right password does some decryption method starts for the whole drive ?? Because when this drive is connected to another system that could take over a few hours, if for example a 1TB drive is being used.

And for the decryption of the encrypted original drive on my W7 ultimate, do I have to put in my PW each time I log in ? I mean the decryption PW. Is it safe ? What happens if the file that contains the encryption PW gets corrupt ?? Will I still be able to access my files/OS ?

 

[JimSF]

Everybody on Easter holiday ?

 

[Alejandro85]

I suppose you're talking about the built-in BitLocker encryption system, but really all full-disk encryption programs (and OSs, for the matter) work more or less the same.
In those systems, encryption/decryption is totally transparent and on demand, that is, only performed when a program request to read some data, or then when it ask to save it.

But here comes the tricky question: after you put in the right password does some decryption method starts for the whole drive ?? Because when this drive is connected to another system that could take over a few hours, if for example a 1TB drive is being used.

No. No way that can be practically done.
Not only that would be terribly slow, but also you need to store all the decrypted data somewhere. That means you would need to have another TB worth of free disk space to spare, or 1TB of RAM Impractical, if you ask me. In addition, doing so would defeat the purpose of encryption in the first place. The whole plain text data would be available for anything to read.

What actually happens is that, once the right password is entered, the encryption key is cached in memory, nothing more. Then the encrypted volume is mounted into the file system for any program to use. When something wants to read from the encrypted drive, the encryption driver then decrypts the requested data (only that chunk, not the whole thing) and hands it to the requesting program. When it saves data back, the driver re-encrypts it before storage, so the plain text never touches the disk. All happens under the hood and totally transparent for everything else.
The relevant part for the question is that this process is done on demand, only on the affected data portions. That is, when you open the drive in Windows Explorer for example, only the list of files in the root directory is decrypted (and not the their contents or anything else).

And for the decryption of the encrypted original drive on my W7 ultimate, do I have to put in my PW each time I log in ? I mean the decryption PW. Is it safe ?

Yes, you need to enter the encryption key every time (if not, it would be incredibly easy to bypass the whole thing). What do you mean by "is it safe"? It's just like any other password, just used in another way.

What happens if the file that contains the encryption PW gets corrupt ?? Will I still be able to access my files/OS ?

There is no such file, the password is not stored anywhere, in any form. Once you enter it, the OS will attempt to decrypt the volume using the supplied password, and if the result "makes sense", that is, the cryptographic process ended without consistency errors, it's assumed that the password was the right one.
What you're likely referring to is to the "volume header", which contains much of the data needed to decrypt the whole thing. If that gets damaged, then yes, you're toast That's pretty much the same as a normal disk, with the added complexity of encryption. In any case, a backup is a must, just in case.

 

[AddRAM]

Do not encrypt any of your drives, you will regret it and there is no reason to do it.

 

[JimSF]

@Alejandro85

Thank you, that was more or less the answer I was waiting for. If I need more specific details I'll ask for it here

 

[JimSF]

Do not encrypt any of your drives, you will regret it and there is no reason to do it.

You mean like I'm bound to get some issues ? I was talking about the Bitlocker encryption of MS.

Say that I loose an external drive. The problem is that I could have sensitive data all over the drive. I don't always put it rightaway in some protected folder/area or so. Or a PW program for that matter .

Just encrypting a whole external drive with Bitlocker would be the easiest way, and since according to Alejandro the needed data on the external drive would be as quickly available with or without an encryption ...

Am I perhaps missing something ?