(Last updated April 20 ,2014)
BitLocker and TrueCrypt are data encryption software packages. The question is which one to use and why? BitLocker comes with Windows 7 Ultimate edition. It is also available in Windows 8.1 Pro, Windows 8.1 Enterprise editions and Windows Server 2012 R2. TrueCrypt is free open source software. As of this last update, TrueCrypt does not support Windows 8. You can find the supported operating systems here.
Michael Pietroforte at 4SYSOPS has two very interesting articles. In the first article he comparesTrueCrypt 5 vs. Bitlocker. There are no significant speed differences between the two programs. The second article is a discussion about Windows 7 BitLocker. Good news is that with Windows 7 using BitLocker is much easier comparing with Windows Vista.
With BitLocker if your computer does not have a Trusted Platform Module chip the start up key in a USB stick. On the other hand TrueCrypt wants to only to memorize a pass phrase.
Which one to use?
- Can be used in a whole Windows environment
- Allows storage of startup key in USB stick
- Allows IT Administrators to enforce Group policy
- Can be used with many operating systems including Microsoft and Linux
- It is free and open source.
- It does not require to store a start up key to any device. You must remember the pass phrase. Of course you can store your pass phrase in any storage media at your own risk.
From the above discussion, I believe that for large corporations the preferred solution would be BitLocker. For smaller businesses or for your personal computer or laptop TrueCrypt offers a really great solution.
For the security perspective there is the ‘Evil Maid’ attack that can be used to TrueCrypt to acquire the pass phrase. BitLocker uses trusted boot that can be attacked too. So, what is the ‘Evil Maid’ attack? In a nutshell the attack is as follows:
- You leave your laptop into your hotel room and you go for breakfast.
- An evil maid (enemy) enters your room and changes the boot-loader.
- Next time you will operate your computer and enter your key it will be transmitted to the eavesdropper.
As a conclusion, both BitLocker and TrueCrypt are excellent programs that can encrypt data. Now that you know the pros and cons of the programs and also the attack methods I hope it is easier to select the appropriate one for your needs.
My personal preference is TrueCrypt for the simple reason that is open source. Being open source makes it very difficult to add a backdoor. The code is visible, anyone can spot it. This might not be the same with commercial products.
(Update April 2014) US consultancy iSEC has completed on April 2014 a detailed two – person code audit of the software seeking security holes. The audit has turned up a dozen bugs in the code that is TrueCrypt, but not signs of backdoors or other critical security holes. You can access the full report in pdf fprmat here.