BitLockerI've been using TrueCrypt drive encryption for some time for my external hard drives. Some days ago, I moved to BitLocker and I am quite happy with it. In this post I explain why. Please note that this comparison is about device-hosted encryption and not about system drive encryption.

Latest posts by Michael Pietroforte (see all)

No system image backups

The one thing I disliked most about TrueCrypt is that I couldn’t use my external drive for system image backups because the Windows 7 Backup and Restore applet no longer recognized this drive. You might say that this is not TrueCrypt's fault. However, for me, it didn't matter whose fault it was as I was just robbed from an important function of my external hard drive.

No TPM support

One of the advantages of BitLocker is that it supports the Trusted Platform Module (TPM) chip. This not only improves security, significantly, but it also makes the use of encryption technology more convenient. Of course, you then need a computer with TPM, but BitLocker also works without TPM. You might have read the news that TPM was cracked, recently. However, the procedure is extremely time consuming and can only be done by experts. When it comes to security, vulnerabilities are absolutely unimportant. What counts is who possesses the capabilities to crack a system and how much effort is necessary. The TPM significantly raises the bar to crack an encrypted system, and TrueCrypt doesn't reach this level of security.

Password hassle

TrueCrypt-Automount-DevicesThanks to the TPM, you don't have to type a password every time you connect the drive. Passwords are the weak point of any security mechanism. I don't just have key loggers in mind. There are a myriad of ways to steal a password. This is what they teach hackers in elementary school. Password plus hardware token is the most secure way to protect your encrypted data. BitLocker also allows you to work without a password. This is still secure as long as you are the only one who can log on to your computer. This way encryption becomes convenient and ensures that people use it.

Manual auto-mount

I like this "Auto-mount device" button in TrueCrypt. I always thought "auto" means that I don't have to do it manually. Well, yes, only two clicks are required to "auto-mount" a TrueCrypt device. If these were the only clicks, I might just ignore this little hassle. Of course, BitLocker can "automatically auto-mount" encrypted volumes.

"You need to format the disk"

This is just a minor glitch; however, after a while it got on my nerves. Every time I plugged in the drive, Windows would welcome this new device with "You need to format the disk in drive F: before you can use it." Perhaps, there is a switch somewhere deep down in the Windows engine room that would allow me to turn off this unnerving popup message. But why didn’t the TrueCrypt developers do that for me?


Additional drive letter

Another minor glitch. Windows Explorer always uses two drive letters for one disk: one for the TrueCrypt drive and the one that Windows is so eager to format. Since I often have quite a few drives connected (external, network, etc.) this can be disturbing because it is one more thing that can mess up your drive letter order. This is particularly true if you work with multiple TrueCrypt encrypted drives because it multiplies the number of used drive letters by two.

Decrypting TrueCrypt

This is not a minor glitch. At first, I didn't believe it when I wasn't able to find a decryption function in the TrueCrypt user interface. So I went to the TrueCrypt site to confirm that I was just too blind to see how to get rid of the encryption. I was happy when I finally found the How to Remove Encryption page. Happiness turned into anger when my blind eyes were shocked to read the instructions:

Right-click the area representing the storage space of the encrypted device and select 'New Partition' or 'New Simple Volume'.

So I decrypt a TrueCrypt volume by formatting it? Thank you very much for this brilliant tip. The suggestion to copy the data to a different place before I format the disk is also exceptional. Unfortunately, the instructions had no tip where I could just cache my 1.5TB of data. I wonder, why TrueCrypt offers decryption for system drives but not for simple data volumes?

I am still using TrueCrypt for file-hosted encryption. It is the best tool around for this purpose. I also prefer the tool for thumb drive encryption because BitLocker To Go doesn't support write access on Windows XP. But when it comes to device-hosted encryption TrueCrypt is no match for BitLocker. This also applies to system drive encryption, which was significantly improved in Windows 7 especially because you can now start the encryption process without hassle after the system is installed. Together with TPM support and Active Directory integration BitLocker is the more secure and the more powerful solution.

Just one final note for those of you who think that it is unfair to bash "free" software. No software is really free because it costs time and therefore money to manage it. And the fact that TrueCrypt doesn't support decryption cost me a lot of time. So, I thought, I should just warn others not to make the same mistake and use TrueCrypt for drive encryption.

  1. freddie 9 years ago

    Cannot trust Microsoft’s Bit locker as their relationship with the USA’s authorities is well documented – as you seem to value speed of use over security I would have thought that you would have preferred to copy your data from a volume, rather than wait for the time it would take to decrypt it – and you cannot copy the O/S which is why it has to be decrypted

    You seem like a slapdash IT person

  2. freedie, are you kidding? TrueCrypt is more secure than BitLocker after all what happened about TrueCrypt lately? Even the TrueCrypt makers are now recommending BitLocker.

  3. mca compu tec 6 years ago

    All of you are wrong discussion,*****TrueCrypt***** is best friend.I examine the source code one by one and my classmets nothing found wrong and vulnaribility,there is no backdoor, security much better than >>>>>Bit locker <<<<<< microsoft do'nt give 'Bit locker' source code open for all so that any body can exam and may put some backdoor by the pressure of know wanna crypt how spread, backdoor backdoor
    windows .microsoft put backdoor nsa microsoft both know that eternalblue and other security flaws both spy on we should not trust on them totally.
    for better security we must use non microsoft produt for data security..untill they make source code open for all..*TrueCrypt* was closed due to pressure of Nsa and know Nsa can not able to decrypt *TrueCrypt* protected data by more than 10 years as they are unbreakable.. yoy may like any of them but TrueCrypt is unbreakable till now if you can find security flaws then you should be awarded by NSA then the need you

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account