One of the most powerful tools you have in your toolbox when it comes to data security is disk encryption. disk encryption, as the name implies, literally encrypts the data that is stored on your mass storage. We usually think about this in terms of hard drives, but it works for just about any type of mass storage. The important thing that we have to be comfortable with disk encryption is Well, number one, it could slow systems down. So if you had a big file server, for example, that was really doing a lot of data moving, I probably wouldn't consider disk encryption. Where we do like to use disk encryption is number one, any devices that are out in the wild.
So mobile devices, laptops, smartphones, whatever you might have out there. Also, if you have desktop systems that may not move, but may not have really good physical security, because that's really where the power of disk encryption comes into play. And that is somebody can get to it and they're just not going to be able to access that data. There are No really well known common ways to crack almost any type of the many, many types of disk encryption out there. Now, when we're talking about disk encryption, you can pretty much break all the encryption tools into two camps. There's the camp that has TPM, or Trusted Platform Module support.
And there's the camp that doesn't. TPM, or Trusted Platform Module simply means that you have a chip burned into the device. If it's a laptop, it's on the motherboard somewhere. If it's a smartphone, it's in the electronics. And inside this chip is a full blown public private key. And there is no way to get the private key out of this physical chip.
So with that little tool set, you can do some amazing things. Like for example, you've got a motherboard and you've got a whole system and in the system, you have a hard drive and that hard drives encrypted. If a bad guy grabs the hard drive and tries to go do something with it in a faraway place. The fact that it's not connected to the TPM chip will prevent anybody from being able to do anything, so it is a wildly powerful tool. Now, that doesn't mean that every disk encryption out there that does not use TPM is bad. In fact, you'd be surprised who doesn't use TPM.
Now what I want to do is I've gone ahead and rebooted my computer. And I want to show you because if you have TPM, on almost any system, you've got to go ahead and turn it on at some level. And in this case, on this particular system, I had to turn it on at the BIOS level. So if you take a look right here, alright, so you see that PTT, as they call it there. That is an example of turning it on at the system level. I don't know why this motherboard calls it PTT, I had to look it up that is TPM for that particular system.
So there are lots and lots of wonderful disk encryption tools out there. Probably one of the oldest is something called PGP or pretty good privacy disk, then around arguably since the late 90s. Another popular one was one called TrueCrypt. I'm using the word past tense because surprisingly, in the middle of 2014, the true kit TrueCrypt. People simply said, We're out of business and they just kind of almost disappeared. However, TrueCrypt is still available.
In fact, there have been forks to TrueCrypt with things like Cypher shed, or there's a crypt that really just pick up where TrueCrypt left off. And they are very, very powerful tools. So if anybody were to ask you, is true crypt bad. There have been audits and all types of stuff done to it that says we don't know why these guys quit doing it. But they did. By the way, TrueCrypt completely free.
Within the Windows environment, you're probably going to be using something like BitLocker BitLocker comes with all the later versions of Windows for the office environment, and it does a great job. I'm going to show you that one in just a minute. for Mac folks, you'd use something like file vault file vault is actually very interesting because Mac's choose not to use TPM. There's some arguments about TPM being used for digital rights management. So people keeping you from being able to watch movies and stuff like that. And that's my opinion as to why Apple probably stayed out of that, which is kind of interesting.
If you're in the Linux world, you've got, literally probably over 100 different types of encryption methodologies. I'm gonna let you sort it out and choose the one you want. Okay, so what I want to do now is just take a minute, I've got the Trusted Platform Module running on my system here. So I've rebooted and what I want to do is show you BitLocker in action. So to start up, BitLocker, and I'm using Windows 10 Pro here, so I'm going to go to BitLocker drive encryption. And I'm just going to go ahead and turn it on.
So the first thing it's doing right now is it's checking to make sure that I have a TPM chip and that the TPM chip is turned on. So once it does that, it's going to be like okay, so what we need to do Keep a recovery key handy in case something were to happen. So this recovery key is incredibly important. So I'm going to print it. I will printer over here. So I'm going to hit and I'm just printing the key on my local printer here.
And now what it's asking me it's it says, Do you want to encrypt the use space only or do you want me to encrypt the entire drive, I'm going to go ahead and click Next. And, in fact, we'll just going to go ahead and let that go. Because BitLocker is going to take a good long time before it actually completes this encryption. Do not ever run any form of disk encryption software without making very, very sure that you have a key either printed or stored in a file or something because there's literally no way to get this back. There is no way I can't stress this enough. In the United States, all the major law enforcement people, there's zillions of court situations where they just simply couldn't get to the data on bad guys encrypted drives.
And it is a powerful tool, but failure to have a little backup and nobody's going to get to that data.