Bitlocker/HD Encryption Questions

[MichaelD]

I want to encrypt an external HD so I can confidently store it offsite. If I use Bitlocker on that external HD, can it then only be read on the computer that encrypted it?

In a nutshell, I want to encrypt an external HD and be able to read it on any Windows PC. Is Bitlocker what I want to use, or should I go w/TrueCrypt or other 3rd party program?

Thanks.

 

[John Connor]

I would go with Truecrypt.

https://groups.google.com/forum/#!topic/alt.2600/T6is72zuxMs

I would use a hidden partition on the drive using Truecrypt.

If you still want to use Bitlocker here's how. http://www.techrepublic.com/blog/wi...sb-drives-with-bitlocker-to-go-for-windows-7/

 

[Blazer7]

Bitlocker is quite good and you can use it to encrypt removable drives. Other than that Truecrypt and Diskcryptor are also quite good. Truecrypt has more features than Diskcryptor but there are concerns as to who is developing the program and how secure it really is. This of course goes for all encryption programs out there.

 

[smakme7757]

A Bitlocker drive can be unlocked on any computer supporting Bitlocker. So any newer release of Windows will be able to unlock the drive as long as you have the password (Vista, 7, 8).

Bitlocker 2 Go volumes (USB sticks and so on) are supported on Vista and XP with the Bitlocker To Go Reader software. http://windows.microsoft.com/en-us/windows7/what-is-the-bitlocker-to-go-reader

Truecrypt is also a good piece of software, but there isn't any major reason to use it over Bitlocker for a security perspective unless you buy into the whole Bitlocker back door stuff or you require support for Linux or Mac

For simple storage of data offsite encrypting with Bitlocker or Truecrypt is fine. There is no reason to mess with hidden partitions or multiple levels of encryption. Simply encrypting the drive with either product will yield near impenetrable encryption to all but the most determined thief.

I personally use Bitlocker for all my data encryption. It's a solid product and i enjoy working with it. However If you feel you might need to access the drive on a Linux based system or Mac then you should go with Truecrypt.

 

[imagoon]

Either works. Truecrypt has a bit of advantage that you can use a keyfile that you then store else where that unlocks the disk. That tends to be stronger than pure passwords. The hidden partition stuff however is useless for secure off site backups as there is no reason for the ability to deny you have back up...

I am not sure about bitlocker but truecrypt can use the Sandy Bridge / Ivy bridge AES modules so encryption because disk speed rather than CPU limited which can matter if you are backing up a few terabytes of data.

 

[MichaelD]

Thank you all for the very informative replies. I'm looking at encrypting roughly 300GB of data, so sort of a small amount in today's age of 4TB HDs. I have a pretty fast system, so CPU speed shouldn't be too much an issue w/the encryption.

I'm leaning towards Bitlocker but I do like Truecrypt's ability to use a keyfile instead of a password. But then again, am I more likely to misplace the keyfile stored on a USB stick, or forget the password to a HD that I will probably only update twice a year?

This external HD will be my "offsite backup to the backup." I have three copies of my important data all on different HDs, but they are all stored in my house. So if they get stolen or damaged, I'm screwed. I should've done this a long time ago. I've been lucky so far as the worst things that's happened is I have dropped a drive on the RAID array that is the main copy of the data.

Thanks again.

 

[thewhat]

BitLocker supports eDrive, which is still very new stuff, but promises huge improvements.

Maybe this would also work with TrueCrypt, but I doubt it.

 

[imagoon]

BitLocker supports eDrive, which is still very new stuff, but promises huge improvements.

Maybe this would also work with TrueCrypt, but I doubt it.

Truecrypt does the encryption using the AES module on the CPU if available making it more universal than eDrive. The truecrypt team also is a bit "shy" about using someone else's encryption tech so they would not jump on using an on drive mechanism unless it could be verified through testing like the AES modules on the CPUs have been.

 

[thewhat]

Truecrypt does the encryption using the AES module on the CPU if available

So does Bitlocker.
And I think eDrive would be used in addition to that, not in its place.

 

[imagoon]

So does Bitlocker.
And I think eDrive would be used in addition to that, not in its place.

eDrive is AES on the drive so yes it would replace it.