Drive encryption matters
Posted by Jonas Elfström Mon, 11 Feb 2008 23:26:00 GMT
One reason to encrypt on disk instead of file level is that operating systems and applications sometimes accidently stores passwords on your hard drive. This can happen in a number of ways and one common mistake applications make is to not prevent to be put on disk by the OS. Modern systems have a page/swap file. If a program gets paged out while holding your clear text password in pageable memory your password will be written to disk. The problem is that there are password recovery tools that can scan your page file for passwords.
You can configure Windows (and surely most other operating systems) to clear the page file on shutdown which will give you better protection (and slower shutdowns). Be aware that if you simply turn off the power the page file will be intact.