BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] BitLocker

Subject: [Discuss] BitLocker
From: tmetro-blu at vl.com (Tom Metro)
Date: Tue, 03 Jan 2012 16:22:48 -0500
In-reply-to: <18C7E088-AF0C-4509-B312-5D3E1754CE98@gmail.com>
References: <4F025206.5000905@vl.com> <18C7E088-AF0C-4509-B312-5D3E1754CE98@gmail.com>

Richard Pieri wrote:
> On Jan 2, 2012, at 7:55 PM, Tom Metro wrote:
>> What makes Microsoft BitLocker better than TrueCrypt?
> 
> "... because it protects against more attack modes than other software."

Granted, I was being lazy by asking the question rather than looking it
up, but repeating the quote I included doesn't exactly answer the question.

Chris O'Connell wrote:
> I prefer BitLocker for a couple of  reasons:
> 
> The password used to decrypt the disk and log in to Windows is the same.
> Thus the process is more transparent for users.

Makes sense. More convenient. Though less secure. (An attacker has more
opportunity to get at your network login password using social
engineering, fake login prompts, and server hacking.)

Kyle Leslie wrote:
> At my company we are using BitLocker.
> 
> One of the huge benefits I think is that the encryption keys/recovery keys
> can be stored in AD.  So that if you need to unlock or change the drives
> around you don't need to have the user store that some place to get
> lost/stolen.  It stores in AD and can be recovered when we need it.

OK, so again more convenient, but in the grand scheme of things, not
more secure.

Edward Ned Harvey wrote:
> Bitlocker is easier to use - No password necessary at boot time.  The TPM
> performs some system biometrics (checksum the BIOS, serial number, various
> other magic ingredients, and only unlock the hard drive if the system has
> been untampered.  Therefore you are actually as secure as your OS.)

This finally suggests a Bitlocker security advantage. I gather TrueCrypt
doesn't use the TPM? Answered in their FAQ:

http://www.truecrypt.org/faq

  Will TrueCrypt use TPM?

  No. Those programs use TPM to protect against attacks that require the
  attacker to have administrator privileges, or physical access to the
  computer, and the attacker needs you to use the computer after such an
  access. However, if any of these conditions is met, it is actually
  impossible to secure the computer (see below) and, therefore, you must
  stop using it (instead of relying on TPM).

  If the attacker has administrator privileges, he can, for example,
  reset the TPM, capture the content of RAM (containing master keys) or
  content of files stored on mounted TrueCrypt volumes (decrypted on the
  fly), which can then be sent to the attacker over the Internet or
  saved to an unencrypted local drive (from which the attacker might be
  able to read it later, when he gains physical access to the computer).

  If the attacker can physically access the computer hardware (and you
  use it after such an access), he can, for example, attach a malicious
  component to it (such as a hardware keystroke logger) that will
  capture the password, the content of RAM (containing master keys) or
  content of files stored on mounted TrueCrypt volumes (decrypted on the
  fly), which can then be sent to the attacker over the Internet or
  saved to an unencrypted local drive (from which the attacker might be
  able to read it later, when he gains physical access to the computer
  again).

  The only thing that TPM is almost guaranteed to provide is a false
  sense of security (even the name itself, "Trusted Platform Module", is
  misleading and creates a false sense of security). As for real
  security, TPM is actually redundant (and implementing redundant
  features is usually a way to create so-called bloatware). Features
  like this are sometimes referred to as security theater.

  For more information, please see the sections Physical Security and
  Malware in the documentation.

The Wikipedia article on TPM[1] points out another advantage to it: it
provides hardware prevention of dictionary attacks so "the user can opt
for shorter or weaker passwords which are more memorable."

1. http://en.wikipedia.org/wiki/Trusted_Platform_Module

A dated (2008, TrueCrypt v.5) comparison of BitLocker and TrueCrypt says:

http://4sysops.com/archives/system-drive-encryption-truecrypt-5-vs-bitlocker/

  So Bitlocker's biggest advantages are its TPM support and its
  sophisticated recovery options [like storing keys on a USB drive or in
  ActiveDirectory]. TrueCrypt is much easier to handle and practically
  needs no preparations.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

References:
- [Discuss] Full disk encryption
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] Full disk encryption
  - From: richard.pieri at gmail.com (Richard Pieri)

Prev by Date: [Discuss] Full disk encryption
Next by Date: [Discuss] Full disk encryption, why bother?
Previous by thread: [Discuss] Full disk encryption
Next by thread: [Discuss] Full disk encryption, why bother?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org