Actually question…what is stopping you from making an hidden folder that has an encrypted one inside it which contains all the programs and files in it? That way you have both world to a degree?
Most people that I know of aren’t techie enough to know about hidden folders let alone check for it (only on person my family would have the know how) and doubt that they would know how to get passed an locked folder under that.
@VladTheImplier
The encryption/decryption is done by the cpu.
USB speed does not matter and the data will be transferred at the full USB 2/3 etc. speeds. Of course there is overhead but USB speed will be the first bottleneck, on nvme you will loose bandwidth because of cpu/VeraCrypt bottleneck.
I’ve used VeraCrypt with a USB 3.0 HDD and it was working perfectly fine, full speed.
If his cpu supports AES (newer than 10 years) then it wont be a problem.
@Shielded
You have to decide if you want the data to be fully encrypted and invisible to anyone, or you dont mind and just dont want it clearly accessible. Its either full protection or ease of use.
Encryption comes with annoyance of having to decrypt the data each time you want to access it.
If you want encryption then use VeraCrypt and either encrypt the whole HDD (the HDD has to be empty, it will not encrypt existing data), or you can also create a volume as an actual file (recommended) that is lets say 1TB in size. VeraCrypt can mount the encrypted file and the encrypted HDD the same way. The encrypted file has a benefit of allowing you to move it to a new HDD in the future.
If you end up using VeraCrypt then I would also move stash with its config/database into the encrypted drive, but im not sure if that matters for you, or if stash will complain if the data is not visible when its running from your current installation.
About encryption performance then same as above, it will be fine if you have less than 10yo cpu. If you want you can always make a small encrypted file volume, mount it and test the speeds and see how it will all work with VeraCrypt.
If you want ease of use then everyone who grabs the HDD and connects it to a pc will see the data. Best you can do in that case is “hide” the data on the drive, using one of the suggested methods.
When encrypted files need to be decrypted you have to load them into memory. Transfering them from disk to memory over USB is slow
Decryption + external drive transfer speeds will make it perform badly.
For most usecases veracrypt on an external drive is probably fine, video playback with stash will likely suffer enough that it won’t be usable. No way to know for sure until they test it. We also dont know if his external drive is a spinning disk making it REALLY slow.
A usb HDD will be by default slow. Using VeraCrypt will not make it more slow because its still transferring data over USB, its just data, it does not matter if the data is encrypted or decrypted. Then only bottleneck will be cpu or VeraCrypt driver, but USB HDD speeds are too slow for the them to bottleneck the bandwidth.
I was using my old spinny usb 3.0 HDD exactly for the same thing as OP, and 8k VR videos were playing fine in HereSphere while the drive was encrypted with VeraCrypt.
Videos will be a way better case as they are one big file, I can see the VeraCrypt driver overhead lowering bandwidth when reading/writing thousands of small files.
Im not saying veracrypt is fast or slow. The decryption process generally cuts IO speeds by 2/3rds on many devices.
If you have to load encrypted files into memory and decrypt them, lets say we’re working with USB 3.0. Real world speeds tend to be around 100-200 mb
In my experience benchmarking various forms of full disk encryption on database servers, streaming servers, etc. Youll find your speeds come down to a grinding 60mbps
This might be good enough but unless we know all the hardware OP is working with we can’t guarantee that. Im used to benchmarking enterprise servers where I actually advise against encrypting the disk for various reasons.
They typically perform way faster because of SAS but on a consumer PC it might be enough of hit that it might be unusable