Disk encription software.

By Mirek on (tags: BitLocker, Encryption, Security, TrueCrypt, categories: infrastructure)

Recently I had to install an encryption software because I have started to keep some confidential data on my laptop and wanted to be sure it will not be compromised in case of my laptop is stolen.
I was really surprised when notice the mass of encryption software available on the market. There is various options and features which such software can serve and they are quite neatly described on Wikipedia.

I needed to choose one solution so I started with set up the requirements for the encryption software I wanted it to meet:

  1. Encryption of whole partition, not only files.
  2. Boot authentication – encrypting whole operating system partition.
  3. Uses most safe encryption algorithm AES.
  4. Does not decrease work performance noticeable.
  5. Reliable and rich help and support.

The costs of the software were not very important so I have also considered commercial solutions as well. I did not want to get too deep into the topic and after some research I get the list of following software:

  1. Microsoft BitLocker
  2. TrueCrypt (Free)
  3. DriveCrypt (Commercial)
  4. Check Point Full Disk Encryption (Commercial)
  5. Symantec Endpoint Encryption Full Disk Encryption (Commercial)

I will not discuss points 4 and 5 because I could not get even a trial versions of that programs, anyway I have notice that these are recommended by many people as a solid encryption solutions.

BitLocker allows encrypting whole disk partitions as well as operating system partition using boot authentication. Uses AES encryption and is reliable, since developed by Microsoft. Unfortunately it works only on Ultimate and Enterprise versions of Windows Vista and Windows 7. It uses TPM (Trusted Platform Module) installed on the machine to allow boot authentication or USB key to store the encryption key on it. The second option requires some additional configuration to be made in Group Policy Editor (gpedit) [4].

TrueCrypt seems to be most known encryption software. Although it is free, there is a rich documentation, tutorials and FAQ base. It meets all above requirements and more. For example it requires that during encrypting boot partition the Rescue CD is created. Rescue Disk can not be used to restore the forgotten password used, but is helpful when the boot loader is corrupted or were modified and system can not start.

TrueCrypt_BootAuth
TrueCrypt authentication at computer boot before Windows load.

DriveCrypt is an commercial software developed by SecurStar. It provides all listed features and and seems to be quite reliable and decent solution. For details see DriveCrypt website.

Anyway I have focused on TrueCrypt and Bitlocker.
The first point goes to TrueCrypt since it is free and BitLocker requires buying an expensive version of Windows. TrueCrypt has rich documentation and manual. Using it is simple, because of step-by-step tutorials which guides even beginner person through encryption process.

The pros for BitLocker is for its integration into the operating system, which makes the encrypting and decrypting almost invisible for the user. On the other hand using TrueCrypt to encrypting non system partition results in situation when there is our old partition inaccessible (Windows claims it has to be formatted) and there is new one partition which in fact is some kind of encrypting/decrypting channel  mounted as a drive in the system.

Although TrueCrypt is free it is absolutely alive software. There was 3 releases in year 2010 and four in 2009 which you can see in the TrueCrypt release history.
Bitlocker is update process is integrated into the Windows Update mechanism.

I tried to compare the speed of encrypting and decrypting data with both of these software. The test consists of copying 4.23 GB of files and folders to encryption disk and then from encryption disk. The machine used for that had 2GB of RAM and 2.1GHz Intel Core i3 processor.

Normal copying this chunk of data took 00:03:30 with approximately speed 20,1 Mb/s. The results for encryption and decryption are presented below

  encrypt. time encrypt. speed decrypt. time decrypt. speed
BitLocker 00:03:30 20,1 Mb/s 00:04:30 15,6 Mb/s
TrueCrypt 00:03:40 19,2 Mb/s 00:04:37 15,3 Mb/s
DriveCrypt 00:03:55 18 Mb/s 00:04:30 15,6 Mb/s

As a conclusion for that we can say that copying data into the encrypted drive is almost unnoticeable and copying data from it (decrypting) is about 25% slower than regular copying.

As a conclusion I would choose BitLocker if I had WIndows 7 Ultimate or Vista Enterprise already installed on my PC and TrueCrypt if I hadn’t.

The beginners guide for TrueCrypt can be found here.

References:
[1] Wikipedia - Comparison of disk encryption software
[2] Best File System and Whole Disk Encryption Software for Windows
[3] Arun Kumar - Review of the Best Disk Encryption Software
[4] How To Use BitLocker on Drives without TPM
[5] TrueCrypt
[6] DriveCrypt