diff --git a/docs/encryption.md b/docs/encryption.md index 19911d5099..ce2a09adaf 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -9,7 +9,7 @@ cover: encryption.webp ## Multi-platform -The options listed here are multi-platform and great for creating encrypted backups of your data. +The options listed here are available on multiple platforms and great for creating encrypted backups of your data. ### Cryptomator (Cloud) @@ -114,13 +114,13 @@ When encrypting with VeraCrypt, you have the option to select from different [ha Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). -## OS Full Disk Encryption +## Operating System Encryption Protects against the following threat(s): - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } -For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in. +Built-in OS encryption solutions generally leverage hardware security features such as a [secure cryptoprocessor](basics/hardware.md#tpmsecure-cryptoprocessor). Therefore, we recommend using the built-in encryption solutions for your operating system. For cross-platform encryption, we still recommend [cross-platform tools](#multi-platform) for additional flexibility and to avoid vendor lock-in. ### BitLocker @@ -186,7 +186,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } -**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. +**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip. [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" } @@ -194,7 +194,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device -We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. +We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device. ### Linux Unified Key Setup