Encrypting USB Drives & External Drives

OspreyO · 3 Jan 2020 at 13:45

What do you use. I use a mix of Truecrypt (Yes I know about Veracrypt) and Bitlocker.

Is Bitlocker secure enough, or are there any precautions you need to take around the Admin password?
I think TrueCrypt is a little more secure, but Bitlocker is simpler, one drive letter etc.

Glanza · 3 Jan 2020 at 13:49

Bitlocker

Semple · 3 Jan 2020 at 14:23

OspreyO said:
I think TrueCrypt is a little more secure

I thought TrueCrypt had been abandoned because there were some vulnerabilities or someone had managed to decrypt a truecrypt volume or something.

Either way i moved off TrueCrypt years ago, and now only use BitLocker.

OspreyO · 3 Jan 2020 at 14:46

The main issue with Truecrypt was the developers abandoned it. Veracrypt is better. But its a clunky.
https://en.wikipedia.org/wiki/TrueCrypt#Legal_cases
I don't need to to be protected from Govt.
Just normal privacy, and if my devices get stolen or lost etc.

Bitlocker is simpler especially for less technical users. I can give the OH a USB key and all she needs is a password.
She needs how to use Turecrypt and Veracrypt if I use them.
Bitlocker can't do file containers which is a pity as it was a handy feature.
I guess with a USB flash drive I can partition it so I can still use it to share media, but still have part of it bit locker protected.

mattydoughts · 3 Jan 2020 at 14:55

Bitlocker all the way

OspreyO · 3 Jan 2020 at 15:01

There was something online about removing the admin password for bitlocker as it can be used to recover and decrypt the volume.

Anyone know anything about that.

Admiral Huddy · 3 Jan 2020 at 15:06

Providing your system has a TPM, which it should do, then BitLocker is the way to go but bear in mind there is a slight performance trade-off.

Make sure you keep the 48-char recovery password safe, secure and away from the device being protected as there is no workaround without reset your PC and the data that's on it..

OspreyO said:
There was something online about removing the admin password for bitlocker as it can be used to recover and decrypt the volume.

Anyone know anything about that.

As far as I know, there is no "Back door" processing to decrypt the drive. MS make it perfectly clear that that they have no work-around for lost key information.

OspreyO · 3 Jan 2020 at 15:13

TBH I don't keep data on my laptops and PCs. Because I'm not always on the same device or sometimes have to use someone else device.

Admiral Huddy · 3 Jan 2020 at 15:57

ok so are you saying the data is on a portable drive or cloud?

If its on a portable device then you can use Bit-Locker to go.. which is no different to the normal Bit-Locker accept by the way you define the encryption method during the encryption wizard. You can activate this feature on your portable device by turning on Bit-locker within Windows Explorer on the device you want to secure .. then select select "Compatible mode ( best for drives that can be moved away from the PC) in the encryption type. This then deactivates, as far as I know, the dependency for the TPM.. but it means the drive can only be encrypted by those with the key.

Bit-Locker is not available on Home edition unfortunately.

By the way, you can turn off TPM by updating the Group Policy

Office 365 now comes with an encrypted vault which may suit you better if using cloud storage.

OspreyO · 3 Jan 2020 at 16:30

Many portable drives

I already using bitlocker and some on truecrypt. I've not bothered with the TPM yet.