I am quite unsatisfied with the current state of full disk encryption solutions available for use with Windows 10 on a Laptop with SSD. This blag post will mirror some of what [Bruce Schneier already said on the matter][Schneier2]: I will discuss some of the options and point out problems. I am not offering a solution, just a variety of bad choices to pick from. [Schneier2]: https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html Do you want to know more?
My lamenting will be about the overall way in which device encryption is implemented in Android. This is mostly a collection of links where you can find out more about how it ~~worked across the recent versions~~ all went south. This article strictly expresses my own, badly informed opinion and you should check all the provided references carefully before forming your own.
Just recently, the latest CyanogenMod nightly began supporting encryption on my phone, even though the bugreport still says it's an open issue. I don't mind. Anyway, this allowed me to finish a major project of mine: Protect the data on my phone, even in the case of a theft, while maintaining the ability to use the device conveniently. The goal. I want a strong disk encryption password, but i want a weak screen password or PIN, because unlocking the device is a frequent task. In such a scenario, it makes sense to implement an account lockout policy: In other words, we want the phone to shut down after, say, 3 failed attempts to unlock the screen. This prevents the screen password from being brute forced. Your device needs to be rooted to do everything I did. You will also need the Android studio if you want to do this properly, and it's a large download, you might as well start now. Click here if you're still interested.
TrueCrypt is pretty dead. We need some options here, and as far as I can see, there are only
* CipherShed. Currently a vanilla fork of TrueCrypt.
* VeraCrypt. A fork of TrueCrypt with some fixes and improvements.
* Keep using TrueCrypt.
Neither of the two alternatives has had an official source code audit or anything. They are both open source. I will give a quick summary of the facts on both forks, concluding that I have no clue and will probably flip a coin roll a D3. Whether these facts are pro or con is up to your discretion.
- They are on github.
- They seem dedicated. Meaning, the information on their homepage sounds like they thought this through.
- Not much has happened yet, they only forked TrueCrypt.
- There is only a pre-alpha version available, which I won't touch.
- They do not have any licensing information at all.
- Longterm Plans are a bit fuzzy, according to their wiki they want to
- Secure the code through audits, simplification, and a secure architecture.
- Migrate towards a OSI-approved licensed codebase
- Work closely with existing efforts such as OpenCryptoAuditProject, LUKS, GELI, and tc-play.
- According to the author in this thread, VeraCrypt was first published on June 22nd 2013, so it has already aged a bit.
- In fixing some of the security flaws in TC, they break backwards-compatibility. There is a conversion tool available.
- They are on CodePlex and the software is under Microsoft Public License.
- Binaries are available for download, cross-platform.
- Most relevant longterm plan is the ability to encrypt Windows system partitions/drives on UEFI-based computers (GPT).
So. If you have additional information, let me know in comments or by eMail. I am rattled beyond my usual level of confusion as to what I should do. Currently, I will probably give the VeraCrypt binaries a test ride on some machine.