[Discuss] Full disk encryption
Chris O'Connell
omegahalo at gmail.com
Mon Jan 2 20:10:55 EST 2012
I've used both TrueCrypt and BitLocker. I prefer BitLocker for a couple of
reasons:
The password used to decrypt the disk and log in to Windows is the same.
Thus the process is more transparent for users. Instead of having to
enter two (sometimes unrelated) passwords with Truecrypt, BitLocker users
only enter one password.
My users HATE truecrypt. They are prompted twice for passwords (Once
preboot and once to log into Windows). Also, the preboot password doesn't
correlate with the login password, especially if the Windows Password
policy forces users to change their passwords at some interval.
Hibernation and suspend is smoother and more reliable with BitLocker.
Truecrypt sometimes requires you to enter the PreBoot password to resume
your system, where as BitLocker has the standard Windows login screen when
you resume.
>From a deployment standard Truecrypt is easier. BitLocker requires some
strange partitioning setups (a 1.5GB Boot Partition followed by a system
partition). I've not found a way to reliably resize these partitions
without repartitioning and reinstalling Windows.
As for OS X encryption, it sucks. FileVault doesn't work reliably with
Time Machine. My experience prevented me from restoring a TimeMachine
backup from an encrypted machine to my laptop when my hard disk crashed. I
don't trust it.
Chris
On Mon, Jan 2, 2012 at 7:55 PM, Tom Metro <tmetro-blu at vl.com> wrote:
> The EFF recently tweeted
> (http://twitter.com/#!/EFF/status/153306301965938688):
> @EFF
> Call to action for 2012: full disk encryption on every machine you
> own! Who's with us? eff.org/r.3Ng
>
> Which links to this article:
>
> https://www.eff.org/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own
>
> Many of us now have private information on our computers: personal
> records, business data, e-mails, web history, or information we have
> about our friends, family, or colleagues. Encryption is a great way
> to ensure that your data will remain safe when you travel or if your
> laptop is lost or stolen.
> [...]
> Choosing a Disk Encryption Tool
> [...]
> -Microsoft BitLocker in its most secure mode is the gold standard
> because it protects against more attack modes than other software.
> Unfortunately, Microsoft has only made it available with certain
> versions of Microsoft Windows.
> -TrueCrypt has the most cross-platform compatibility.
> -Mac OS X and most Linux distributions have their own full-disk
> encryption software built in.
>
>
> What makes Microsoft BitLocker better than TrueCrypt?
>
> Are you using full disk encryption? If so, what tool are you using?
>
> -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
--
Chris O'Connell
http://outlookoutbox.blogspot.com
More information about the Discuss
mailing list