Latest posts by Michael Pietroforte (see all)
- Result of the 4sysops 2016 topic poll - Tue, Apr 5 2016
- New free eBooks for SysAdmins and DevOps – VMware NSX, Windows 10, SQL Server 2016 - Mon, Mar 14 2016
- Introducing the 4sysops IT pro network - Tue, Mar 1 2016
If you don’t know TrueCrypt yet, I recommend reading my review of TrueCrypt 4 first so you will get a general idea about the tool. As far as I can see, everything I said there is still valid for TrueCrypt 5.0. Today, I will only focus on the system partition encryption feature.
Encrypting the hard disk makes sense on any computer that is prone to getting into the wrong hands. This applies especially to laptops and computers in public places. Vista’s Bitlocker is a solution to this problem provided you have Vista Enterprise or Ultimate. TrueCrypt 5 is another option and it not only works on every Vista edition it also supports Windows XP/2000/2003.
Encrypting a system partition with Truecrypt 5 is super simple. A wizard guides you to a process offering detailed information for every step. When I tested this feature, I didn’t need any documentation. This is not the case with Bitlocker. It is highly recommended to read the Bitlocker documentation first in order to understand all its options. The installations process is certainly more complex. The fact that Bitlocker requires two partitions illustrates this. If you installed Vista without configuring it first for Bitlocker you already have a problem. TrueCrypt, on the other hand, allows you to encrypt your system drive without hassle after you installed the OS. Actually, there is no other way for TrueCrypt, anyway.
After TrueCrypt has encrypted your system drive, you won’t realize any difference at first. That is, encryption and decryption works in the background and you shouldn’t realize any performance loss. However, when you boot-up the next time, you will make out the difference. Before the OS is loaded you have to enter your TrueCrypt password. Bitlocker works similarly, but has more options to offer here. Instead of entering the so-called pre-boot PIN you can also insert a USB device that contains the start-up key. And if your computer has a TPM chip (Trusted Platform Module), you can logon to Vista as usual, i.e. you don’t need a pre-boot PIN or a USB device with the start-up key. TrueCrypt doesn’t support TPM.
Bitlocker has other features that TrueCrypt lacks. If you lose your TrueCrypt password, you’ll be lost, too
. TrueCrypt creates an ISO file for a Rescue disc during the configuration process, but this CD will only be of help if the TrueCrypt boot loader was damaged or if you want to decrypt your system drive. However, without the correct password, you won’t get very far. (Please also read the comments below about this topic) Bitlocker allows you to store the recovery password on one or more USB devices and it is even possible to store recovery information in Active Directory. Of course, you can save the password manually on a safe place with TrueCrypt, too. As long as you have to do this for one or two computers only, it is not big a deal. But big enterprises probably will go for Bitlocker.
So Bitlocker’s biggest advantages are its TPM support and its sophisticated recovery options. TrueCrypt is much easier to handle and practically needs no preparations. Hence, if you have not much time to read the Bitlocker documentation and just a couple of users who want to be sure that nobody gets access to the data on a lost laptop, TrueCrypt is the better choice.