Slashdot Mirror

← Back to Stories (view on slashdot.org)

Whole Disk Encryption For Vista?

Posted by timothy on from the just-wait-for-it dept.

Q7U writes "After reading about several laptop thefts and losses, my boss wants me to set up whole disk encryption for her Vista travel laptop. After doing some research, it seems she has three options: Bitlocker (part of Vista Ultimate), PGP Whole Disk Encryption, and TrueCrypt. My main problem now is choosing one. I can't find any comparitive reviews of these products to determine which will be the best choice, so I was hoping the Slashdot crowd could suggest which product they would go with and tell us what they liked about their choice."

6 of 125 comments (clear)

  1. No Comparisons? by toleraen · · Score: 5, Insightful

    You could always, you know, type it into Google.

  2. Re:If it's business, enterprise or ultimate by Joe+U · · Score: 3, Insightful

    I recommend TrueCrypt for the average home user, but Bitlocker's AD integration makes it a no-brainer for a Windows network. If you don't have a TPM laptop, then you can use a thumb drive. The Bitlocker certificate is just a text file on the thumb drive. Just keep the thumb drive and the laptop away from eachother when not booting, losing both together doesn't offer any protection.

  3. Re:Why whole disk? by Nos. · · Score: 5, Insightful

    Just truecrypt the saved data.

    Because there are too many "gotchas" to not do FDE these days. Did you configure all your applications to only cache/auto-save/etc to the "secure" area of the drive? Did that last update to application Y override those changes? What about hibernation mode? The pagefile?

  4. Data Recovery is most important!!! by rtechie · · Score: 4, Insightful

    When evaluating these products it's very important to remember that while one of your laptops MIGHT get stolen, MANY of your users WILL forget the password for their laptop and WILL get locked out. So key recovery is BY FAR the most important feature of these products. This really can't be stressed enough.

    Which is why I'll tentatively recommend Bitlocker, since it's got the best data recovery capabilities (keys are automatically backed up to the AD server, etc.).

  5. Re:Only one really secure option by this+great+guy · · Score: 3, Insightful

    Nope. Whether the solution is software or hardware is absolutely irrevelant to the security of the cryptographic routines. Plus, the fact is that virtually all hardware products are proprietary and lack the peer-reviews that open standards or open source software enjoy. Just ask any decent cryptographer whether she would trust a black box (storage device with built-in encryption, proprietary "secure" protocol, etc), or peer-reviewed, open, standard solutions (TLS/SSL, IPsec, TrueCrypt, etc). BTW I look forward to the IEEE P1619 project coming up with a final standard.

    Just look up the numerous stories about USB keys with built-in encryption that have been cracked for example.

  6. Re:Why whole disk? by Anonymous Coward · · Score: 3, Insightful

    Wow, it amazes me that people are so quick to be dicks to each other. What the fuck is wrong with the world? Couldn't you have said the same thing but without the venom? Oh yeah, fuck you.