TrueCryptTrueCrypt 5 is available for some days now. Today, I found time to have a look at the new version of my favorite free encryption tool. The most noteworthy new feature certainly is its ability to encrypt system drives/partitions. Until now TrueCrypt was only an alternative to the Encrypting Files System (EFS) under Windows. Now, Truecrypt 5 also competes with Vista's Bitlocker. In this post, I explore the pros and cons of both crypto tools.

Latest posts by Michael Pietroforte (see all)

If you don't know TrueCrypt yet, I recommend reading my review of TrueCrypt 4 first so you will get a general idea about the tool. As far as I can see, everything I said there is still valid for TrueCrypt 5.0. Today, I will only focus on the system partition encryption feature.

TrueCrypt 5Encrypting the hard disk makes sense on any computer that is prone to getting into the wrong hands. This applies especially to laptops and computers in public places. Vista's Bitlocker is a solution to this problem provided you have Vista Enterprise or Ultimate. TrueCrypt 5 is another option and it not only works on every Vista edition it also supports Windows XP/2000/2003.

Encrypting a system partition with Truecrypt 5 is super simple. A wizard guides you to a process offering detailed information for every step. When I tested this feature, I didn't need any documentation. This is not the case with Bitlocker. It is highly recommended to read the Bitlocker documentation first in order to understand all its options. The installations process is certainly more complex. The fact that Bitlocker requires two partitions illustrates this. If you installed Vista without configuring it first for Bitlocker you already have a problem. TrueCrypt, on the other hand, allows you to encrypt your system drive without hassle after you installed the OS. Actually, there is no other way for TrueCrypt, anyway.

TrueCrypt pre-bootAfter TrueCrypt has encrypted your system drive, you won't realize any difference at first. That is, encryption and decryption works in the background and you shouldn't realize any performance loss. However, when you boot-up the next time, you will make out the difference. Before the OS is loaded you have to enter your TrueCrypt password. Bitlocker works similarly, but has more options to offer here. Instead of entering the so-called pre-boot PIN you can also insert a USB device that contains the start-up key. And if your computer has a TPM chip (Trusted Platform Module), you can logon to Vista as usual, i.e. you don't need a pre-boot PIN or a USB device with the start-up key. TrueCrypt doesn't support TPM.

TrueCrypt repairBitlocker has other features that TrueCrypt lacks. If you lose your TrueCrypt password, you'll be lost, too. TrueCrypt creates an ISO file for a Rescue disc during the configuration process, but this CD will only be of help if the TrueCrypt boot loader was damaged or if you want to decrypt your system drive. However, without the correct password, you won't get very far. (Please also read the comments below about this topic) Bitlocker allows you to store the recovery password on one or more USB devices and it is even possible to store recovery information in Active Directory. Of course, you can save the password manually on a safe place with TrueCrypt, too. As long as you have to do this for one or two computers only, it is not big a deal. But big enterprises probably will go for Bitlocker.

Subscribe to 4sysops newsletter!

So Bitlocker's biggest advantages are its TPM support and its sophisticated recovery options. TrueCrypt is much easier to handle and practically needs no preparations. Hence, if you have not much time to read the Bitlocker documentation and just a couple of users who want to be sure that nobody gets access to the data on a lost laptop, TrueCrypt is the better choice.

  1. Avatar
    Tademos 16 years ago


    What if I make an image of a harddisk and restore it on another hardware, is it possible to use it with the same TC-password?

    Or is it only possible to restore it on the same hardware?

    Thanks for answer!


  2. Avatar

    I didn’t try it, but I guess it is possible since TrueCrypt doesn’t create a hardware hash.

  3. Avatar
    trasshbox 16 years ago

    Hi and thankx for the review,

    I used TC4 before and was pleased about the new version and features. I checked and tested TrueCrypt 5 (for company purpose) and had some troubles with it (system drive encryption).

    Then I tried some other system drive encyption tools and the Free version of CompuSec ( and it did very well. It’s easy to use, has some nice additional features and you can use it in company environments for free, but you can only encrypt your drives with AES (128, 256). The possbility to manage client versions (with GlobalAdmin – not free) finally satisfied me to take Free CompuSec.


  4. Avatar
    abbe22 16 years ago


    you wrote:

    “If you lose your TrueCrypt password, you’ll be lost, too. TrueCrypt creates an ISO file for a Rescue disc during the configuration process, but this CD will only be of help if the TrueCrypt boot loader was damaged or if you want to decrypt your system drive.”

    Below is fragment of official TrueCrypt FAQ.

    “Similarly, you can reset a password used for pre-boot authentication (‘System’ > ‘Create Rescue Disk’; in the TrueCrypt Rescue Disk screen, select ‘Repair Options’ > ‘Restore key data’).”

    So, it seems, that forgetting password should be not a problem _if_ you have rescue disk. And BitLocker is no better I think…

  5. Avatar

    trashbox, what kind of troubles did you have with TrueCrypt?

    abbe22, thanks a lot for the hint! Seems TrueCrypt is better than I thought.

  6. Avatar
    Rab 16 years ago

    Hi Michael,

    Interesting summary – I look forward to trying out Truecrypt 5 for the last XP laptops we have at work, based on your article here.

    I take it from your review that you didn’t have access to Vista Ultimate for your bitlocker test, though? One of the ‘Ultimate Extras’ it comes with is a wizard that makes bitlocker installation very easy indeed – even if you already have a mature Vista installation up and running. It automatically shrinks (non-destructively) the running partition, installs a small boot partition for the unencrypted boot files and holds your hand through the only couple of stages of the process that require your intervention.

    Without the wizard I agree it’s an unpleasant process. If you’ve got access to the wizard it’s easy – but of course, in a very dumb, unhelpful, shoot-the-marketing-dept-at-MS move, it’s only there in the ultimate edition. What were they thinking!?

    Keep up the good work!

  7. Avatar
    Rab 16 years ago


    After a little investigation, it turns out the wizard I was talking about (the BitLocker Drive Preparation Tool) *is* available on Enterprise – you just have to request it from support and they’ll email it over:

    Though personally I’d much rather see it in the DVD image, one of the installation tool kits, or as a free KB. It’s not even on Technet Plus in the Tools section, as far as I can see… Inconvenient, to say the least.

  8. Avatar

    Rab, I have read about this Preparation tool, but I never tried. Thanks for the link. I believe that following this wizard as you describe it, is not a big deal. However when I skimmed over the KB article my respect for Bitlocker grew again. All those requirements, example scenarios and common problems make it seem to be a not-so-simple tool. I am sure if you have the time to learn all the details about Bitlocker, you will have a great encryption tool. But without it, encryption is a risky business. I have already read horror stories of people who lost their data because of one of those “common problems”.

  9. Avatar
    Tomas M. 16 years ago

    Perhaps trasshbox had problems with error: “Insufficient memory for encryption”, but it was fixed in the 5.0a maintenance release:

  10. Avatar
    ovancantfort 16 years ago


    Sorry, but you are wrong about TrueCrypt Rescue Disk. You have to understand how TrueCrypt works. It is using block encryption using a Master key that is stored in the header of the volume or partition. This Master key is encrypted with your password. During the rescue disk creation, it will backup the header containing the Master key, but this key is in its encrypted form! So you still need the password. For recovery, you have to backup the header AND note the corresponding password (not at the same place if you are paranoïd).
    Remember that these serious encryption software are designed with as few holes as possible, and a rescue disk that would open all doors would be a big one!

  11. Avatar

    ovancantfort, did you read the part in the FAQ that starts with “We use TrueCrypt in a corporate environment”? It seems that an admin is able to reset the volume to the original admin pw. I guess he needs this original pw for this. I didn’t try this yet, though.

  12. Avatar
    cpfoutz 16 years ago

    tp expand on ovancantfort’s answer the header file is unlocked by a password…so when you originally install truecrypt, you save off the header file, which is locked by the first password. Give it to your employee and they change the password, quit then give you back the computer. You’d use the rescue disk to cover the data, decrypting the header file witht he original password you assigned. Each time you save off a rescue disk, the header file is encrypted with the current password, thus allowing you to decrypt your volume with any of the past passwords you’ve assigned.

  13. Avatar
    phic 15 years ago

    Another big feature of TrueCrypt is that there also is a linux version (from v5 also the GUI). It’s the main reason for me! it! It’s so flexible and adapts to every situation. Ok for the moment I’m only using it for private reasons and for the laptop I use for business.
    Using TC you can also create single encrypted files, or single partitions (with the option of hidden other partitions in it, for ultra high security). You can even choose many algortims (or combination of them). It the best (worse case?) you can use AES, Twofish AND serpent together… as result you have a 256*3=768bit encryption. Should be enough eheheh.

    Tried with BitLocker and had the first error message saying that the drive is not ready for it. Ok I know I should create two partitions…. Then I’ll get the second error: No TPM found or no compatible BIOS, even when I have a TPM 1.2 chip. That was enough for me to trash the idea of using BitLocker.

    But… thanks really for the review, it’s short but it exactly compares what I wanted to know. Now that you told me of the BitLocker Active Directory integration and the password recovery features, I’ll check it again when I’ll deploy it on more machines of my company.

    Just one question, is there some min requirement for the active directory integration? Server 2007 perhaps?

    Thank again for the review.

  14. Avatar
    hs 15 years ago

    Nice comparison.
    I made performance comparison (under VMware) truecrypt vs compusec:

  15. Avatar
    Andy 15 years ago

    – This is exactly how I would have put if I knew all that before I read it !!! – I recently got TrueCrypt (I’m on Vista Bus) – and it’s got a proper – respectable office blue interface and a beginners tutorial on off site.
    – I’ve encrypted DVD – RW’s. No problems at all.
    – The simple truth is that big companies will insist on paid version – especially to acquire more responsibility towards themselves.

  16. Avatar
    Christoph 14 years ago

    Never, ever use a closed source encryption utility. Period.

  17. Avatar

    Christoph, old argument, never ever convincing. Exclamation mark. 😉

  18. Avatar
    DooDee 14 years ago

    As an average computer litterate, I had a surprisingly pleasant experience with Truecrypt 5, solid software easy to use and versatile.

    True crypt loader cd does not back up your password, which if you loose or forget, won’t let you access your encrypted volume or partition ( which makes this encryption impenetrable).

    A real SERIOUS SOLID encryption software easy to use and free !

  19. Avatar
    Nikhil Tom 14 years ago

    I’m using TrueCrypt for 2 years and I’m really happy with it,
    I use it to encrypt my system harddisk, external harddisk, Pen drives,CD’s & DVD’s,
    I never got any single problem,
    Well, somebody may think that I’m just bluffing about TC, or a I’m againest the evil empire (ms);), I’m not,

    Instead what I said is from my on experience

  20. Avatar
    LAR 13 years ago

    Truecrypt is great and stable.

    Truecrypt drived by the features and marketing strategies.
    Then People and IT Pros like it.
    They just don’t care if it is 100% safe.

    But any security product which is not 100% open sourced is very dangerous for keeping very sensitive data on your expensive laptop or your super tiny usb flash disk.

    We can’t prove that it is really safe if we do not have the complete source code and a certification.

    Imagine have sex with someone you don’t really know.
    Then 1 week later you are positive.

    Forum is not also open to anyone.

    I believe any security free/open source products should be certified (not recognized) as 100% safe (certified (not by anyone but by a legit institution like NIST)

    If i am working on the goverment.
    Should I tell anyone that the conspired product gave us backdoor on it.
    If i am one of the developer.
    Should i tell anyone that i created a personal backdoor on it.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account