Tell me about BitLocker

Prophet

Prophet

Prophet

Soldato
Joined
5 Oct 2004
Posts
7,395
Location
Notts
There have been a couple of break-ins on my road recently so I'd like to encrypt my data so it can't be accessed if any of the drives are put into another PC.

Is BitLocker decent enough or would a 3rd party application be better?

I'd like it to run silently so I don't have to login to the drive each time I access it but if the drives are removed they're useless.
 
Yes, Bitlock will be fine if used correctly.

Assuming your computers don't have TPM chips, you would need to use a keyfile stored on a USB drive, this would have to be plugged in at each boot up, but if it gets left in (or in your office) overnight then it defeats the point entirely.

I would definitely consider Truecrypt for much more flexibility, and depending on how much data you need to secure, you may find it's more suitable to just encrypt your files in a container rather than the full disk. Unfortunately you cant use USB key files with full disk encryption yet (I don't think) so you would need to enter passwords on each bootup.

So Bitlocker will only work with USB keys on non-TPM machines, and Truecrypt is much more open and flexible but will require passwords on each login.

There are various good practices to follow with disk encryption, such as not leaving PC's turned on overnight with keys in memory, and make sure they are physically well secured. But for your standard thief Bitlocker or Truecrypt will do the job nicely.
 
I'm using the Asus P7P55D Intel Motherboard. Not sure if that has TPM?

If I don't have TPM and use the USB stick could I do the following.. Boot the PC with the USB stick then leave the PC on but locked without the USB stick installed? My PC is on 24/7 as it's my webserver/downloader.
 
Orange Peel said:
I'm using the Asus P7P55D Intel Motherboard. Not sure if that has TPM?

If I don't have TPM and use the USB stick could I do the following.. Boot the PC with the USB stick then leave the PC on but locked without the USB stick installed? My PC is on 24/7 as it's my webserver/downloader.
Click to expand...

Yes you can do that, unless you are going to attract very technical attackers it will be fine and don't worry about it. The main thing is to make sure you don't leave the USB stick lying around. But it's possible to pull encryption keys out of the RAM (eg if your PC is locked but turned on) if someone is motivated enough.

I cant tell if that bored has a TPM chip or not, I think the premium version might do. So you can phraphs just use TPM + PIN to boot up. Just using TPM alone although fully silent is more for integrity of your OS/hardware that confidentiality, so you still really need either a PIN or USB key alongside it.
 
Great, thanks for that :)

The USB stick stays in my pocket most of the time and I'd have a backup print out of the key elsewhere. If it was stolen the PC would obvisouly be powered down and I can't see someone trying to hack it while in my front room..
 
Can you explain a bit more about TrueCrypt please.

Can I set it up on a drives that already have data on them?

I have an OS Drive and 3 Data Drives that I want to encrypt. Am I right in thinking I can encrypt the lot and then just enter a password on boot?
 
You must log in or register to reply here.
Back
Top Bottom