Password vs. encryption

[cdwellr]

I hope this isn't a stupid question. I understand encrypting data when it's being transferred from one place to another. What I'm wondering about is encrypting data (folder, document) on your Mac that you're not going to send anywhere. Is it any safer than non encrypted data that's password protected?

For example, if I encrypted a folder on my Mac, in order to access that folder I'd have to enter a password. Therefore, wether the data is protected by encryption or not, as long as I know the password, I'll be able to access the data, right? If this is the case, then it seems as if security really comes down to password strength.

Am I missing something about the benefits of encryption?

 

[EdwinG]

Correct me if I'm wrong, but it seems to me that a password-protected local folder would also be encrypted, as it would be useless to have a password if it can be bypassed by some other means.

Encryption, at it's most simple expression, will use at least a key (such as a password), software (such as TrueCrypt or FileVault, although some interoperability does sometime exist. Note that versions do not usually apply in these scenarios) and an encryption algorithm (such as AES, 3DES, etc.) to do it's magic. When encrypted, a file, folder or disk can't be simply read using usual means, as it will appear as gibberish. It has to be opened with exactly the same combination of key, software and algorithm, only then information can be read.

The stronger the key and encryption algorithm, the better, but operations on those files, folders or disks will be slower.
See it like a door (software) to your home (files, folders or disks), only the right key to your lock (encryption algorithm) can turn it open. The stronger the key, the more difficult will it be for a thief, basically, to get access to your home. The same thing can apply to your digital information.

 

[Alli]

If the folder is merely password protected, you could (theoretically) copy it to a different location and access it without needing a password. You couldn't do that if the contents were encrypted.

 

[cdwellr]

If the folder is merely password protected, you could (theoretically) copy it to a different location and access it without needing a password. You couldn't do that if the contents were encrypted.

Let me see if I have this straight. I'm going to use a portable flash drive as an example. I encrypt the contents of the drive. Drive gets stolen, hacker plugs it in to his computer, cracks my password, files contained on the drive open up but they are unreadable. If the flash drive was just password protected the files would have been readable, correct?

So it seems that encryption is mainly beneficial if your data/hardware is physically stolen, yet it doesn't protect you from all attacks on your own computer. Using the above example, lets say my brother found my flash drive, plugged it into my computer, all he would need to do is crack the password and the files would be readable despite being encrypted because the flash drive was plugged back in to the computed that encrypted it in the first place, right?

Thanks

 

[Just_Me_D]

It depends on how it is set up. For example: if the password to access the flash drive also encrypts & decrypts the data then yes, you are right, but if the password used to access the flash drive is not used to encrypt & decrypt the data then no. The snooping individual would need to know the decryption information to read the data.