With the strange goings-on this week concerning TrueCrypt, I decided to take a look at Windows 8.1 and Bitlocker. I found it's much improved over the Windows 7 version in that it can be used much like TrueCrypt with a pre-boot password and without a TPM, and it's just as seamless WRT to secondary drives and drive letters, it's more seamless WRT to Windows integration (no drive letters for the RAW partitions that need to be hidden and so forth), and it doesn't disable TRIM and VSS on non-system drives. I like it.
I'm wondering if there is a white paper for Bitlocker and the Terabyte products corresponding to the very helpful one on TrueCrypt. I am particularly interested in the TBWinRE environment and whether it's possible to backup and restore with Bitlocker encrypting/decrypting on the fly. I presume manage-bde would be used to mount the relevant partitions inside WinRE. Ideally, I would backup the unencrypted data and restore it with Bitlocker encrypting it on the fly. This was possible with TrueCrypt data drives, but I never could get a bootable system for System drives, so I would have to restore System drives to unencrypted drives and re-encrypt when done.
Bitlocker procedures?
Re: Bitlocker procedures?
On Sun, 1 Jun 2014 14:00:34 PDT, just as I was about to take a herb,
crawfish disturbed my reverie and wrote:
>With the strange goings-on this week concerning TrueCrypt, I decided to take a look at Windows 8.1 and Bitlocker.
TrueCrypt is still safe and the security audit is going well. Check
out http://truecrypt.ch/.
I would not trust Microsoft's encryption and would much rather use
other programs.
Beware of you unlimit primaries and do NOT have a 100MB system
partition. One will be created if you enable Bitlocker and could trash
your data as in that situation only BIBM should manipulate partitions.
--
Cheers,
DrT
** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.
crawfish disturbed my reverie and wrote:
>With the strange goings-on this week concerning TrueCrypt, I decided to take a look at Windows 8.1 and Bitlocker.
TrueCrypt is still safe and the security audit is going well. Check
out http://truecrypt.ch/.
I would not trust Microsoft's encryption and would much rather use
other programs.
Beware of you unlimit primaries and do NOT have a 100MB system
partition. One will be created if you enable Bitlocker and could trash
your data as in that situation only BIBM should manipulate partitions.
--
Cheers,
DrT
** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.
Re: Bitlocker procedures?
I'm very much aware of the positive results from the intitial phase of the ongoing audit and the mystery of the takedown. I used to post in the TrueCrypt forums and described how I used IFL with it several times when people asked about backing up, and that's how I found out about the takedown, when I visited the forums as I've done pretty much every day for the last few years. To say I was surprised would be an epic understatement. I have a couple dozen drives, all single partition, all fully encrypted with TrueCrypt, amounting to tens of TBs of data and backups, so I don't take moving away from it lightly.
As for the concerns you mentioned, I gave up on multibooting when I started using TrueCrypt and use BIBM only for partition work, so unlimited primaries isn't an issue for me. My system drives are all MBR, and as I said in my first message, I don't have a TPM and would use a password in Bitlocker.
About Bitlocker security, Microsoft has said they've denied requests by government agencies to insert backdoors in Bitlocker, and I'm no more aware that Bitlocker has ever been broken than I am that TrueCrypt has ever been broken. Same thing with bugs resulting in data loss. Bitlocker has been around since at least the Vista days and is becoming more and more widely used. I don't care about hidden OSes or encrypted containers, so I wouldn't miss those TrueCrypt features. As I described in my first post, Bitlocker works a lot more smoothly than TrueCrypt, and the latter also knocks out features like TRIM and VSS on volumes outside the scope of system encryption, which has been a pain for me. Sticking with TrueCrypt for system encryption also locks you into Windows 7 or earlier. So Bitlocker really does have many, many advantages. The thing that gives me most pause is the inability to use IFL and other Linux environments to work on the system outside of Windows, that and the experimenting I'm having to do to see what does and doesn't work with IFW, hence my asking about a white paper for Bitlocker.
As for the concerns you mentioned, I gave up on multibooting when I started using TrueCrypt and use BIBM only for partition work, so unlimited primaries isn't an issue for me. My system drives are all MBR, and as I said in my first message, I don't have a TPM and would use a password in Bitlocker.
About Bitlocker security, Microsoft has said they've denied requests by government agencies to insert backdoors in Bitlocker, and I'm no more aware that Bitlocker has ever been broken than I am that TrueCrypt has ever been broken. Same thing with bugs resulting in data loss. Bitlocker has been around since at least the Vista days and is becoming more and more widely used. I don't care about hidden OSes or encrypted containers, so I wouldn't miss those TrueCrypt features. As I described in my first post, Bitlocker works a lot more smoothly than TrueCrypt, and the latter also knocks out features like TRIM and VSS on volumes outside the scope of system encryption, which has been a pain for me. Sticking with TrueCrypt for system encryption also locks you into Windows 7 or earlier. So Bitlocker really does have many, many advantages. The thing that gives me most pause is the inability to use IFL and other Linux environments to work on the system outside of Windows, that and the experimenting I'm having to do to see what does and doesn't work with IFW, hence my asking about a white paper for Bitlocker.
-
TeraByte Support
- Posts: 3627
- Joined: Thu May 05, 2011 10:37 pm
Re: Bitlocker procedures?
If the idea is for stolen computer then if your system BIOS supports drives
with built-in encryption - you can just get a drive that supports AES256
encryption built-in and everything is encrypted on the drive. Simply enter
a password in the BIOS on system startup to unlock drive drive, then it
works just like a normal drive with no fuss. Many BIOSes don't have
support for it, but really it would take hardly any code for them to
implement (25 lines of ASM code?)
If you don't want access at sometimes while system is on, container based
encryption is probably best.
"crawfish" wrote in message news:8122@public.image...
With the strange goings-on this week concerning TrueCrypt, I decided to take
a look at Windows 8.1 and Bitlocker. I found it's much improved over the
Windows 7 version in that it can be used much like TrueCrypt with a pre-boot
password and without a TPM, and it's just as seamless WRT to secondary
drives and drive letters, it's more seamless WRT to Windows integration (no
drive letters for the RAW partitions that need to be hidden and so forth),
and it doesn't disable TRIM and VSS on non-system drives. I like it.
I'm wondering if there is a white paper for Bitlocker and the Terabyte
products corresponding to the very helpful one on TrueCrypt. I am
particularly interested in the TBWinRE environment and whether it's possible
to backup and restore with Bitlocker encrypting/decrypting on the fly. I
presume manage-bde would be used to mount the relevant partitions inside
WinRE. Ideally, I would backup the unencrypted data and restore it with
Bitlocker encrypting it on the fly. This was possible with TrueCrypt data
drives, but I never could get a bootable system for System drives, so I
would have to restore System drives to unencrypted drives and re-encrypt
when done.
with built-in encryption - you can just get a drive that supports AES256
encryption built-in and everything is encrypted on the drive. Simply enter
a password in the BIOS on system startup to unlock drive drive, then it
works just like a normal drive with no fuss. Many BIOSes don't have
support for it, but really it would take hardly any code for them to
implement (25 lines of ASM code?)
If you don't want access at sometimes while system is on, container based
encryption is probably best.
"crawfish" wrote in message news:8122@public.image...
With the strange goings-on this week concerning TrueCrypt, I decided to take
a look at Windows 8.1 and Bitlocker. I found it's much improved over the
Windows 7 version in that it can be used much like TrueCrypt with a pre-boot
password and without a TPM, and it's just as seamless WRT to secondary
drives and drive letters, it's more seamless WRT to Windows integration (no
drive letters for the RAW partitions that need to be hidden and so forth),
and it doesn't disable TRIM and VSS on non-system drives. I like it.
I'm wondering if there is a white paper for Bitlocker and the Terabyte
products corresponding to the very helpful one on TrueCrypt. I am
particularly interested in the TBWinRE environment and whether it's possible
to backup and restore with Bitlocker encrypting/decrypting on the fly. I
presume manage-bde would be used to mount the relevant partitions inside
WinRE. Ideally, I would backup the unencrypted data and restore it with
Bitlocker encrypting it on the fly. This was possible with TrueCrypt data
drives, but I never could get a bootable system for System drives, so I
would have to restore System drives to unencrypted drives and re-encrypt
when done.