在三部分系列(part series)的最后一部分中,我们现在将看看如何使用VeraCrypt加密您的(VeraCrypt)Windows硬盘驱动器。在第一部分中(part one),我们展示了如何制作普通的加密文件夹,在第二部分(part two)中,我们展示了如何在加密文件夹中制作隐藏文件夹。
但现在我们要加大赌注并加密硬盘。在喝了几杯烈酒以鼓起勇气之后,是时候让这个节目上路了。
如何加密您的 Windows 硬盘以阻止窥探者(How To Encrypt Your Windows Hard-Drive To Keep Out Snoopers)
这实际上并不太难做到。只需按顺序执行这些步骤,希望您的计算机不会在您面前爆炸。我假设您已经安装了VeraCrypt,但如果没有,您可以在此处获取(get it here)。
首先,打开VeraCrypt 并点击(VeraCrypt and click)“创建卷(Create Volume)”。
然后您将看到三个选项。我们已经在之前的文章中做了前两个。今天我们选择第三个选项(option number three)——“加密系统分区或整个系统驱动器。(Encrypt the system partition or entire system drive.)”
单击“下一步(Next)”继续。
在这种情况下,我们要进行普通加密,而不是“隐藏操作系统(hidden operating system)”。所以选择第一个选项并单击“(option and click “)下一步(Next)”继续。
我个人觉得(虽然你可能不同意)你只需要加密硬盘驱动器上带有Windows操作系统的部分。
保持简单(这一直是我的口头禅),我选择了选项一(option one)——“加密(Encrypt)Windows 系统(Windows system)分区”。您可能会决定选择第二个选项,但如果您这样做,如果一切都出错,您会收到很多关于后果的警告。
如果您的计算机上只有 Windows,那么您有一个单引导系统。如果您的计算机上有多个操作系统(例如 Windows 和 Linux),那么它就是一个多引导系统。所以选择你有哪一个。
它现在会询问您想要哪个加密选项。但正如我在之前的文章中所指出的,除非您有特殊原因,否则您应该将加密协议保留为默认值。这是政府用来加密机密文件的AES 标准。(AES standard)也保持散列算法不变。
点击下一步”。
指定所需密码后,就该生成加密密钥了。为了使它们尽可能强大,您需要以“随机顺序”在VeraCrypt 窗口(VeraCrypt window)周围移动鼠标或触控板。(mouse or trackpad)
当您这样做时,底部的条将从红色变为黄色,最后变为绿色。当绿色条完全位于屏幕的最右侧时,单击“下一步”。
由于您现在正在加密硬盘驱动器(或其中的一部分),因此您需要采取额外的谨慎步骤,以防您将自己锁定在硬盘驱动器之外。这被称为VeraCrypt 救援磁盘(VeraCrypt Rescue Disk)( VRD ),它将修复VeraCrypt 引导(VeraCrypt boot)加载程序或Windows的任何损坏,允许您(希望)登录。
但是,使用此应急磁盘(rescue disk)不会(not)
带来安全风险(security risk),因为您仍然需要加密密码才能使其工作。
VeraCrypt将为您的救援磁盘(rescue disk)选择一个区域,以便在创建后放置它。但是,如果需要,您可以通过单击“浏览”按钮轻松地将其移动到另一个位置。不要(Do NOT)取消选择“跳过救援磁盘验证”——这是必不可少的。
点击下一步”。
下一步将打开Windows 光盘映像刻录(Windows Disc Image Burner)机。您将看到救援盘(rescue disk)是一个ISO 文件(ISO file),您需要选择
硬盘上的光盘刻录机。(disc burner)一张普通的 700MB CD 光盘(CD disc)就足够了。选择“刻录后验证光盘”。
光盘进入刻录机驱动器(burner drive)后,单击“刻录”开始该过程。
该过程完成后,光盘刻录机(disc burner)
将在硬盘驱动器中打开其托盘。再次关闭托盘,让光盘运行(disc run),以便Disc Image Burner可以验证光盘以确保一切正常。
希望你最终会看到这一点。
现在是VeraCrypt在开始加密您的硬盘驱动器或分区之前进行一些预测试的时候了(取决于您选择的内容)。
正如下一个屏幕截图所示,您的Windows 系统(Windows system)将重新启动,将安装引导加载(boot loader)程序,并且假设一切顺利,系统将开始加密。单击“测试”开始该过程。
当计算机重新启动时(在Windows加载之前),您现在将看到以下屏幕。
在提供的空白处输入您的密码。您可能没有在密码设置中指定PIM(我没有),所以在这种情况下,当它要求您输入PIM并按 Enter 时,请将其留空。
现在等待您的系统登录。如果这是您第一次这样做,登录过程可能会稍微延迟。
成功验证您的密码后,您的系统将开始加密。正如您所看到的,加密系统需要很长时间,具体取决于系统的大小,因此这可能是您需要让计算机通宵运行才能完成任务的时候之一。
完成后,您的计算机将更加安全。现在,当你爱管闲事的室友徒劳地试图闯入你的电脑阅读你写给你单相思的情书时,你会满足地咯咯笑。
How To Encrypt Your Windows Hard-Drive With VeraCrypt
In this final part of a three part series, we are now going to look at how to encrypt your Windows hard-drivе using VeraCrypt. In part one, we showed how to make an ordinary encrypted folder and in part two, how to make a hidden folder within an encrypted folder.
But now we’re going to up the ante and encrypt the
hard-drive. After a few stiff drinks to build up the courage, it’s time to get
this show on the road.
How To Encrypt Your Windows Hard-Drive To Keep Out Snoopers
This is actually not too difficult to do. Just follow these steps in order and hopefully your computer won’t explode in your face. I’m assuming you already have VeraCrypt installed but if not, you can get it here.
First, open up VeraCrypt and click on “Create Volume”.
You will then see three options. We have already done the first two in previous articles. Today we are going for option number three – “Encrypt the system partition or entire system drive.”
Click “Next” to proceed.
In this case, we are going for a normal encryption, not a “hidden operating system”. So choose the first option and click “Next” to move on.
I personally feel (although you may disagree) that you
only need to encrypt the part of the hard drive with the Windows operating
system on it.
Keeping it simple (which is always a mantra of mine),
I went for option one – “Encrypt the Windows system partition.” You may decide
to choose the second option but if you do, you will get lots of warnings about
the consequences if it all goes wrong.
If you only have Windows on your computer then you
have a single-boot system. If you have multiple operating systems (say Windows
and Linux for example) on your computer, then it’s a multi-boot system. So
choose which one you have.
It will now ask you which encryption option you want.
But as I have indicated in the previous articles, unless you have a particular
reason why, you should leave the encryption protocols on the defaults. This is
the AES standard used by governments to encrypt secret documents. Also leave
the hash-algorithm as it is.
Click “Next”.
After specifying your desired password, it is time to
generate your encryption keys. To make them as strong as possible, you need to
move your mouse or trackpad around the VeraCrypt window in a “random order”.
As you do so, the bar at the bottom will go from red
to yellow to finally green. When the green bar is fully at the far right-hand
end of the screen, click “Next”.
Since you are now encrypting a hard-drive (or part of
one), you need to take an extra cautionary step in case you lock yourself out
of your hard-drive. This is called the VeraCrypt Rescue Disk (VRD) which will
repair any damage to the VeraCrypt boot loader or to Windows, allowing you to
(hopefully) log in.
However, it is not
a security risk having this rescue disk as you will still need the encryption
password for it to work.
VeraCrypt will select an area for your rescue disk to
be placed once it is created. But you can easily move it to another location if
you want, by clicking the “Browse” button. Do NOT deselect “Skip Rescue Disk
verification” – that is essential.
Click “Next”.
This next step opens up the Windows Disc Image Burner.
You will see that the rescue disk is an ISO file and you need to choose the
disc burner on your hard-drive. A normal 700MB CD disc is sufficient. Select
“Verify disc after burning.”
Once the disc is in your burner drive, click “Burn” to
start the process.
When the process has been finished, the disc burner
will open its tray in the hard-drive. Close the tray again, let the disc run,
so Disc Image Burner can verify the disc to make sure everything worked OK.
Hopefully, you will eventually see this.
It’s now time for VeraCrypt to do some pre-testing
before it starts encrypting your hard-drive or partition (depending on what you
chose).
As the next screenshot says, your Windows system will
restart, the boot loader will be installed and assuming all went well, the
system will begin encrypting. Click “Test” to begin that process.
When the computer restarts – before Windows loads –
you will now see the following screen.
Enter your password in the space provided. You
probably didn’t specify a PIM in the password settings (I didn’t) so in that
case, leave it blank when it asks you for a PIM and hit enter.
Now wait for your system to log in. If it’s the first
time you’re doing this, the log in process might be slightly delayed.
Once your password has been successfully verified,
your system will begin encrypting. As you can see it takes a long time to encrypt
the system, depending on how big it is, so this might be one of those times
when you need to leave the computer on overnight in order for it to do its
thing.
Once it’s done, your computer is a lot more secure.
Now cackle with satisfaction when your nosy roommates futilely try to break
into your computer to read your love letters to your unrequited love.
