I'm running Windows 7 and looking for solutions to secure my data against hard drive crashes, things like a fire or other catastrophe that kills my computer, and snoops. So I have some questions about ways to encrypt my data that are reliable.
Encryption is not about data protection (as in, failure protection). You are talking about RAID which you already have (also, RAID is
not a backup).
Next, I have large amounts of data (think many GB of home movies, photographs, etc.) that is private. I.e. if I get hit by a truck tomorrow and people are picking over my belongings, it would be fine with me if the data became permanently inaccessible. Is there a way to back these up onto a flash drive, or maybe burn a bluray disk and have it encrypted? What software would I use for such a thing?
Of course you can backup this data (and you should). USB drives aren't really expensive and you can get a few 2-3TB drives pretty cheap. Freefilesync has proven to be pretty nice for my requirements. Remove the default partitions, create a single new partition on the drive and use this one to create a Truecrypt volume (not a container) with a decent encryption.
Also, a question about TrueCrypt, which seems to be the standard for securing data on a home PC. I have read some things that indicate that, suppose I make a 50 gigabyte trucrypt volume. If even one tiny piece of that volume gets corrupted, then I lose all of the data. Is TrueCrypt a solution for day-to-day use of data that you would really just hate it if it were lost? Is it that reliable? I have hesitated to start using TrueCrypt because I don't want to have a disk error or something and then BAM suddenly all my photographs and movies are lost forever.
Truecrypt containers/partitions don't really care about a bad block. You can (and should) save the volume header somewhere since this block is the most critical part of a volume as it is needed to verify your passphrase.
You need to come up with a backup plan. The key is to keep your backups automated (because you will get lazy and do them less often over time and only realize this when you're screwed). But you still want to check them occasionally to make sure your automation is still working correctly. It's simple to test: a week or month after you started your backup strategy, simulate a worst case: do not touch your main system (don't even boot it), but try to recover everything you need from your backups. Did it work? Good. Did it fail? Fix it quickly. You might find very obvious mistakes you didn't realize: like storing a complex password for your Truecrypt container in Keepass, which you stored inside your encrypted backup disk...
A backup is not a backup as long as something like a drive failure can ruin it (because you will find out that the USB disk fails when you need your backup). Always keep your backup on two drives
at minimum. One drive died? Oh well, plug in the other one and restore everything to a new drive. Note that I'm not talking about RAID-1 here, but two completely independant drives to which you backup your data (although data on them both is identical).
