Latest update: Truecrypt Shut Down. The sourceforge page informs Truecrypt users to migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
BitLocker and TrueCrypt are data encryption software packages. The question is which one to use and why? BitLocker comes with Windows 7 Ultimate edition. It is also available in Windows 8.1 Pro, Windows 8.1 Enterprise editions and Windows Server 2012 R2. TrueCrypt is free open source software. As of this last update, TrueCrypt does not support Windows 8. You can find the supported operating systems here.
Michael Pietroforte at 4SYSOPS has two very interesting articles. In the first article he comparesTrueCrypt 5 vs. Bitlocker. There are no significant speed differences between the two programs. The second article is a discussion about Windows 7 BitLocker. Good news is that with Windows 7 using BitLocker is much easier comparing with Windows Vista.
With BitLocker if your computer does not have a Trusted Platform Module chip the start up key in a USB stick. On the other hand TrueCrypt wants to only to memorize a pass phrase.
Which one to use?
BitLocker:
TrueCrypt:
From the above discussion, I believe that for large corporations the preferred solution would be BitLocker. For smaller businesses or for your personal computer or laptop TrueCrypt offers a really great solution.
For the security perspective there is the ‘Evil Maid’ attack that can be used to TrueCrypt to acquire the pass phrase. BitLocker uses trusted boot that can be attacked too. So, what is the ‘Evil Maid’ attack? In a nutshell the attack is as follows:
The attack, along with the software is explained by Joanna Rutkowska. There is also a very interesting discussion about “Evil Maid’ in Bruce Schneier’s blog.
As a conclusion, both BitLocker and TrueCrypt are excellent programs that can encrypt data. Now that you know the pros and cons of the programs and also the attack methods I hope it is easier to select the appropriate one for your needs.
My personal preference is TrueCrypt for the simple reason that is open source. Being open source makes it very difficult to add a backdoor. The code is visible, anyone can spot it. This might not be the same with commercial products.
(Update April 2014) US consultancy iSEC has completed on April 2014 a detailed two – person code audit of the software seeking security holes. The audit has turned up a dozen bugs in the code that is TrueCrypt, but not signs of backdoors or other critical security holes. You can access the full report in pdf fprmat here.
]]>