0

I have certain documents in my External HDD that I need to keep secure with a password & NOT BY ENCRYPTION.

I thought of a method to create two partitions in the drive, so that one is public & the other is private. How to password protect a partition on an External Hard Drive? I would want it to prompt the user for password on both Linux & Windows systems.

By the way, if there is a method to password protect a particular folder only, that is also fine. I just need it to be accessible on both Linux & Windows without installing softwares on every machine that I connect the drive to.

EDIT: even if the authentication system is buggy or easily bypassed or with any other security concerns, It's still okay.

schegu
  • 3
  • 4
  • Password protection methods without encryption require an installed product, so are not universal. I suggest to take a look at [VeraCrypt](https://www.veracrypt.fr/en/Home.html) (an encryption product). – harrymc Aug 09 '20 at 08:06
  • 1
    "password and not by encryption" is nonsense, please explain in detail, what you mean by those words. – Jasen Aug 09 '20 at 10:08
  • Just to be clear, Password Protecting is different from Encryption. https://www.quora.com/Is-there-any-difference-between-encryption-and-password-protection – schegu Aug 09 '20 at 10:30

3 Answers3

1

What you are asking is not possible in the general sense.

You can't password protect a partition.

If you are password protecting a directory this would be filesystem specific, and none of the common filesystem's that work on both OS,'s support this.

Veracrypt ( a variant of Truecrypt) can be used on both platforms, but will require additional software.

You might be able to use something like zip to create archives which are password encrypted but you need to be very careful uncompressing and cleaning up after yourself. Likewise some documents have built in encryption, but its not universal.

davidgo
  • 68,623
  • 13
  • 106
  • 163
  • Hey Thanks! I ruled out the Zip-it-and-lock method because the files are very huge. It's around 100GB and I will keep adding to it as the time passes. So, Unzipping, and zipping it every time would take up so much time. – schegu Aug 09 '20 at 10:18
1

If your goal is performance, use full-disk encryption. It works at sector level and is almost completely invisible – sectors are encrypted or decrypted on the fly, so there are no separate archiving/extraction steps necessary.

Microsoft BitLocker is supported on Linux, but the standard cryptsetup tools only gained support just a month ago, so for now you'll still need some additional tools (either Dislocker or libbde).

The same applies even if using "containers" (encrypted disk images like VeraCrypt provides), as they're treated like virtual disks and not as archives. VeraCrypt works on both systems and supports both full-disk and container encryption, but has to be installed separately.

If your goal is to avoid encryption for other reasons unrelated to performance – there is probably no such thing that actually works well.

  • Password protection can be done at hardware level (that is, enforced by the disk's firmware) – e.g. most SATA HDDs can have an "ATA password" applied – but neither Windows nor Linux know how to deal with it. You will not get a password prompt when connecting an "ATA password" locked disk to either OS; the disk will just refuse all I/O, and might hang the system for a short while. (Besides that, data recovery companies have been able to bypass the ATA password for a very long time. It's just voluntarily enforced, after all.)

  • At software level, there is no disk-level nor filesystem-level password feature built in to Windows nor Linux. Practically all "password protection" methods that are in use today will involve encryption, as that's the only method that is not absolutely trivial to bypass. (Any "file locking" software which tries to enforce password protection without encryption can be simply patched to not enforce it – the password can usually be replaced with a known one, or the check itself can be removed.)

In practice, Windows "BitLocker To Go" disk encryption is the only full-disk protection method that works on both operating systems without requiring additional software.

(And even that's stretching it a bit: Linux cryptsetup only gained BitLocker support very very recently, so in most distributions you will still need to install Dislocker or libbde to access the drive. (Which is still less than you would need to access a LUKS-encrypted drive on Windows...))

If that doesn't suit you, there are a few external HDDs with a fingerprint reader or even buttons to input a physical PIN. These offer varying levels of security – some of them can be defeated easily, others actually use the PIN/fingerprint to unlock some encryption mechanism – but the overall idea is that the unlocking doesn't depend on the OS.

(Manufacturer-provided software is usually still needed for actually enabling the protection, though.)

By the way, if there is a method to password protect a particular folder only, that is also fine. I just need it to be accessible on both Linux & Windows without installing softwares on every machine that I connect the drive to.

Put it inside an Zip archive that's encrypted using the "Zip 2.0" method. That's about the only common format between the two operating systems that supports some form of password protection.

Note that you will specifically need to use "Zip 2.0" aka "Zip legacy encryption" instead of AES, in order to satisfy both requirements: it is the only method supported by Windows, and it's weak enough to practically count as "no encryption".

Aside from that, none of the filesystems common between both operating systems – FAT32, exFAT, NTFS – have any form of password protection that does not involve encryption. (If they did, it would be trivial to bypass, just as Linux will already bypass NTFS "access security lists".)

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • Hey, thanks for the deatiled response. As I said, The Zip-it-and-lock method is ruled out bcoz of the reasons mentioned in the other comment. However, I would take a look with trying to work with Bitlocker & Dislocker. Again, in this approach too, the problem is the time constraint. – schegu Aug 09 '20 at 10:35
  • Then full-disk encryption is still your best option, since it's essentially a one-time operation – encrypting the _initial_ 100 GB will take an hour or two, but afterwards it is basically "free". _(The same goes also for LUKS and VeraCrypt, but the former lacks a good Windows app, and the latter needs to be separately installed in both.)_ – u1686_grawity Aug 09 '20 at 11:41
  • Whatever be the time taken for the initial 100GB, I'm fine. Afterwards, to Read the data, It just takes 2 seconds. I know that. Now, What I don't know is, If there is a write/modify to this data, Like adding more documents or deleting some documents, How much time will it take? Ex: After Tthe initial encryption, I read the data by providing the password. Cool. Now, assume I added files of size 2 GB. The total size would be 102GB. If I were to finish the process & eject the drive from my system, how much time will it take? Will it be proportional to 2GB or will it be proportional to 102GB? – schegu Aug 09 '20 at 13:24
  • There will be no difference compared to an unencrypted disk. – u1686_grawity Aug 09 '20 at 13:59
  • Oh, that's cool. Thanks. – schegu Aug 09 '20 at 16:02
0

I understand you need a portable disk that may be connected to multiple computers, but that you wish at least part of it to be protected with a password across all devices.

The best utility for this task is VeraCrypt. It might be better to use for the VeraCrypt data an encrypted file on the disk, that can be mounted by VeraCrypt as a volume, rather than encrypt a partition on the disk. The problem will come from Windows that does not support multi-partition external disks.

While VeraCrypt is available as install package under both Windows and Linux, your needs dictate the use of its portable version. In this way, you may carry with you the data on the disk as encrypted, but also carry on the same disk the VeraCrypt software that will unlock it on any other computer.

For Windows, you will find the portable version of VeraCrypt on the Portable Apps website. Full documentation is included with the link.

Linux and MacOSX distributions don't have this option, but the apps are already portable. You only need to copy the executables from /usr/bin in Linux and Applications in OSX. See this answer for more details.

In case of a problem under Windows with the Portable Apps version, the same approach might also work by copying the installation folder of VeraCrypt to the disk.

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • Hey Thanks for your time. Apparently, support for multi-partition External Disks appeared in Windows from Windows 10 starting with build 1703 (Creators Update). However, This involves installing software on every device as you said which might be cumbersome. Anyway, I will try this out too. Thanks! – schegu Aug 09 '20 at 13:20