Windows 7 Ultimate Bitlocker

[NeverBackDown]

I have installed windows 7 ultimate on my computer and i noticed on the retail box the "bitlocker" feature that encrypts any drive i choose.

Now for my question, is it worth encrypting all my drives? Or are there free downloads that do the same thing but perform better? What exactly will it do when i need to access a drive that is encrypted? And will it erase any data on the C drive?

 

[FTLN]

I use Truecrypt AES on all my drives with absolutely zero visible impact on performance.

You can use it on your boot drive and storage drives withouth having to reinstall or lose data.

Just leave it on over night to do its encryption and voila - Your Secure and open source

 

[Master&Puppet]

I use truecrypt in AES mode too, it is very fast on modern processes (other encryption methods are much slower). I hear good things about bitlocker too but I trust and like the performance, history open source nature and extra features of Truecrypt more.

Both can encrypt your C: in place (i.e. whilst you use the PC) without affecting data although you can choose to let Truecrypt format instead if you wish.

Speaking specifically about Truecrypt, there are several modes of operation:

Encrypt entire drives. Require a password to access (or to boot) from. This is the easiest and safest form because literally everything is encrypted and if you have a good, long password is essentially uncrackable.

Encrypt portable drives. Useful for removable drives.

Create a Specific Encryption Container. Create an encrypted folder instead of encrypting the entire drive. Useful if you only need to protect 'my documents' or similar however it will not encrypt other accessed areas like temp files so it isn't fully secure.

Another great method is Hidden Encryption. This encrypts a drive with 2 passwords. At the password prompt entering password 1 gains access to the drive with a hidden area remaining unseeable. Entering password 2 gives access to the hidden section. This is also known as the plausable deniability method. You can reveal one password which 'apparently' accesses the drive but actually still hides another folder which appears to be written with random data as the headers are not revealed.

It is worth noting that encryption is not perfect by itself. The PC can still be physically accessed if you leave it on with the passwords entered...so either don't store sensitive info on the PC or otherwise ensure that you turn off the PC when you leave it.

Have a read of this stuff:

http://www.truecrypt.org/docs/

 

[equk]

I use truecrypt for some encryption, it's pretty good but it is breakable/hackable if someone gets hold of the drive.

I also use LUKS using dm-crypt in linux.

Now for my question, is it worth encrypting all my drives?

Depends on why you are encrypting the volume.

A lot of people only encrypt external removable storage as it can get into the wrong hands easily (eg: USB sticks)

Some just encrypt their user area / home directory in linux on a seperate partition or drive.

 

[NeverBackDown]

So everytime i turn the pc on it asked for a password on top of using my login password?

And i will only encrypt my 2 drives(ssds) just for peace of mind. Or is that not worth it and does it affect the drives built in AES encryption?

 

[equk]

So everytime i turn the pc on it asked for a password on top of using my login password?

And i will only encrypt my 2 drives(ssds) just for peace of mind. Or is that not worth it and does it affect the drives built in AES encryption?

If you are using a SSD there can be complications.
You can see increased load + wear on the drive etc due to sandforce compression as encrypted data cannot be compressed as much as it would if left unencrypted.
There are also possible security issues - http://www.truecrypt.org/docs/?s=wear-leveling

There maybe a slight hit on the IO performance aswell

I found an article comparing truecrypt with bitlocker etc:
http://www.hardwareluxx.de/communit...crypt-vs-bitlocker-vs-diskcryptor-689181.html

 

[NeverBackDown]

That link is in German, i only speak English(little spanish too) so i can not read anything lol.

But judging by the graphs i think i will not end up using any encryption software so my ssds don't die sooner(i would not mind but money is not readily available.) Thanks for all the help everyone

 

[FTLN]

Your SSD may have onboard hardware encryption, check out its specs..

 

[NeverBackDown]

Your SSD may have onboard hardware encryption, check out its specs..

Unfortunatly mine do not. Just TRIM lol

 

[christopher]

If you are using a SSD there can be complications.
You can see increased load + wear on the drive etc due to sandforce compression as encrypted data cannot be compressed as much as it would if left unencrypted.
There are also possible security issues - http://www.truecrypt.org/docs/?s=wear-leveling

There maybe a slight hit on the IO performance aswell

I found an article comparing truecrypt with bitlocker etc:
http://www.hardwareluxx.de/communit...crypt-vs-bitlocker-vs-diskcryptor-689181.html

Equk, I too had these kinds of bad influences earlier on. I wanted the best SSD to be used in my lab for executing my server scripts on SSD. Hence I was digging in to many of the controllers/SSD websites for getting in detail design architecture which could suit my requirement. During this phase, I must say I was fortunate to read this article on the common myths abouts security/encyption in SSDs. I am sure many of you would find it interesting & also correct if you any myths about SF/LSI Ref: http://www.lsi.com/downloads/Public...-Conference_Security_7Myth_Dmitry_Obukhov.pdf