I am quite unsatisfied with the current state of full disk encryption solutions available for use with Windows 10 on a Laptop with SSD. This blag post will mirror some of what [Bruce Schneier already said on the matter][Schneier2]: I will discuss some of the options and point out problems. I am not offering a solution, just a variety of bad choices to pick from.
[Schneier2]: https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html
<a href="https://blag.nullteilerfrei.de/2017/12/23/the-full-disk-encryption-dilemma-for-windows-10/#more-4393" class="more-link">Do you want to know more?</a>
My lamenting will be about the overall way in which device encryption is implemented in Android. This is mostly a collection of links where you can find out more about how it ~~worked across the recent versions~~ all went south. This article strictly expresses my own, badly informed opinion and you should check all the provided references carefully before forming your own. <a href="https://blag.nullteilerfrei.de/2017/07/28/encryption-on-android-gets-worse-in-every-version/#more-4191" class="more-link">`read();`</a>
Just recently, the latest <a href="http://www.cyanogenmod.org" target="_blank">CyanogenMod</a> nightly began supporting encryption on my phone, <a href="https://jira.cyanogenmod.org/browse/CYAN-6670" target="_blank">even though the bugreport still says it's an open issue</a>. I don't mind. Anyway, this allowed me to finish a major project of mine: Protect the data on my phone, even in the case of a theft, while maintaining the ability to use the device conveniently.
<b>The goal.</b> I want a strong disk encryption password, but i want a weak screen password or PIN, because unlocking the device is a frequent task. In such a scenario, it makes sense to implement an account lockout policy: In other words, we want the phone to shut down after, say, 3 failed attempts to unlock the screen. This prevents the screen password from being brute forced.
Your device needs to be rooted to do everything I did. You will also need the <a href="http://developer.android.com/sdk/index.html" target="_blank">Android studio</a> if you want to do this properly, and it's a large download, you might as well start now. <a href="https://blag.nullteilerfrei.de/2015/11/09/protect-your-android-and-still-enjoy-it/#more-3513" class="more-link">Click here if you're still interested.</a>
TrueCrypt <a href="http://www.truecrypt.org/" target="_blank">is pretty dead</a>. We need some options here, and as far as I can see, there are only <strike>two</strike> three:
* <a href="https://ciphershed.org/" target="_blank">CipherShed</a>. Currently a vanilla fork of TrueCrypt.
* <a href="https://veracrypt.codeplex.com/" target="_blank">VeraCrypt</a>. A fork of TrueCrypt with some fixes and improvements.
* Keep using <a href="https://truecrypt.ch/" target="_blank">TrueCrypt</a>.
Neither of the two alternatives has had an official source code audit or anything. They are both open source. I will give a quick summary of the facts on both forks, concluding that I have no clue and will probably <strike>flip a coin</strike> roll a D3. Whether these facts are pro or con is up to your discretion.
<div style="width:56%;float:left">
<h3>CipherShed Facts</h3>
<ul>
<li> They are on <a href="https://github.com/CipherShed/CipherShed/" target="_blank">github</a>.
<li> They seem <i>dedicated</i>. Meaning, the information on their homepage sounds like they thought this through.
<li> Not much has happened yet, they only forked TrueCrypt.
<li> There is only a <a href="https://ciphershed.org/pre-alpha-testing-started/" target="_blank">pre-alpha version available</a>, which I won't touch.
<li> They do not have any licensing information at all.
<li> Longterm Plans are a bit fuzzy, according to <a href="https://wiki.ciphershed.org/" target="_blank">their wiki</a> they want to
<ul>
<li> Secure the code through audits, simplification, and a secure architecture.
<li> Migrate towards a OSI-approved licensed codebase
<li> Work closely with existing efforts such as <a href="https://opencryptoaudit.org/">OpenCryptoAuditProject</a>, <a href="https://code.google.com/p/cryptsetup/">LUKS</a>, <a href="https://en.wikipedia.org/wiki/Geli_(software)">GELI</a>, and <a href="https://github.com/bwalex/tc-play">tc-play</a>.
</ul></ul></div>
<div style="width:40%;float:left">
<h3>VeraCrypt Facts</h3>
<ul>
<li> According to the author in <a href="https://forum.truecrypt.ch/t/why-not-veracrypt/133" target="_blank">this thread</a>, VeraCrypt was first published on June 22nd 2013, so it has already aged a bit.
<li> In fixing some of the security flaws in TC, they break backwards-compatibility. There is a conversion tool available.
<li> They are on <a href="https://www.codeplex.com/" target="_blank">CodePlex</a> and the software is under Microsoft Public License.
<li> Binaries are available for download, cross-platform.
<li> Most relevant <a href="https://veracrypt.codeplex.com/wikipage?title=Future%20Development" target="_blank">longterm plan</a> is the ability to encrypt Windows system partitions/drives on UEFI-based computers (GPT).
</ul></div>
<p style="clear:both">So. If you have additional information, let me know in comments or by eMail. I am rattled beyond my usual level of confusion as to what I should do. Currently, I will probably give the VeraCrypt binaries a test ride on some machine.</p>