Another thing that works

In my current mellow mood, I thought I would also draw attention to Microsoft's bitlocker software. I have been using the open source Truecrypt if I need security on my USB sticks. It is useful, but it has a crappy open source licence which is non-GPL. This means that it does not automatically integrate with Ubuntu or other fully open source software. Also, you need to wipe a drive clean to encrypt it, which takes some time to get started.

Windows Vista and 7 come with bitlocker software which is Microsoft's version of drive or partition encryption. It is available in the premium versions of Windows, so you do have to pay extra to get it. It does, however, just bloody work.

If you have an external drive which you use to back up all your personal data, including password safes, personal correspondence, personal photographs of your family and so forth, then the last thing you want is some sticky oik in PC World sifting through all of that if the external drive fails. In particular if you happen to buy a Seagate Clicky Clicky Special, which then starts clicking, you may feel that a PC World trip is in the near future to arrange a repair or a replacement. Now, if you also use this external drive to transfer large video files between your HTPC and your desktop PC, you do not want to have to type in a passphrase every time you want to move the disk between the two machines. That would be a pain in the neck.

Having used Truecrypt for some time I was anticipating having to wipe the disk before creating a full encrypted partition. This was going to be a pain because there was about 650GB of material already on that disk. Not only was it going to be a pain to copy over the files again, but I was going to be without a backup while that procedure completed.

I decided to carry out a test run on a 4GB usb stick. Amazingly Windows gave me the option to simply start encrypting the disk without wiping it and starting again. This was unexpected. I agreed to the option, set up the passphrase and stored the encryption key, and left it running for a few minutes. It just bloody worked. I was stunned. The other great thing about the system was that it would let me pause the encryption procedure while it was ongoing.

With some small trepidation remaining I connected up the 1TB external drive and went through the same procedure. It worked. After about 30 hours of encryption. For obvious reasons I did not hold the cat's arse to the fire by trying to pause and unpause the encryption procedure.

As far as performance is concerned this is a fairly big hit. The sustained data rate on the drive unencrypted was about 50Mb/s. During and following encryption that rate has dropped to about 30Mb/s. A 40% hit is, as I say, significant, but when the drive is used solely to backup operating files data rate is not a mission critical feature.

Lastly, and perhaps most pleasantly, I noticed that windows has an option to dispense with the need for a passphrase on the removable drive on a per PC basis. Fan-fucking-tastic. This means that once the drive is connected once on a machine you can avoid having to re-enter the passphrase every fecking time.

All of this means that I can now use the disk in exactly the way I used to, between the two PC's, with the only negative effect of the encryption being a 40% hit on the data rate.

Having done all this, of course, the fucking click went away and there is no imminent visit to PC World on the cards.