The Full Disk Encryption Dilemma for Windows 10

technology 2017-12-23
I am quite unsatisfied with the current state of full disk encryption solutions available for use with Windows 10 on a Laptop with SSD. This blag post will mirror some of what [Bruce Schneier already said on the matter][Schneier2]: I will discuss some of the options and point out problems. I am not offering a solution, just a variety of bad choices to pick from. [Schneier2]: https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html Do you want to know more?

Which FalseCrypt is the true Crypt?

technology 2015-04-07
TrueCrypt is pretty dead. We need some options here, and as far as I can see, there are only two three: * CipherShed. Currently a vanilla fork of TrueCrypt. * VeraCrypt. A fork of TrueCrypt with some fixes and improvements. * Keep using TrueCrypt. Neither of the two alternatives has had an official source code audit or anything. They are both open source. I will give a quick summary of the facts on both forks, concluding that I have no clue and will probably flip a coin roll a D3. Whether these facts are pro or con is up to your discretion.

CipherShed Facts

  • They are on github.
  • They seem dedicated. Meaning, the information on their homepage sounds like they thought this through.
  • Not much has happened yet, they only forked TrueCrypt.
  • There is only a pre-alpha version available, which I won't touch.
  • They do not have any licensing information at all.
  • Longterm Plans are a bit fuzzy, according to their wiki they want to
    • Secure the code through audits, simplification, and a secure architecture.
    • Migrate towards a OSI-approved licensed codebase
    • Work closely with existing efforts such as OpenCryptoAuditProject, LUKS, GELI, and tc-play.

VeraCrypt Facts

  • According to the author in this thread, VeraCrypt was first published on June 22nd 2013, so it has already aged a bit.
  • In fixing some of the security flaws in TC, they break backwards-compatibility. There is a conversion tool available.
  • They are on CodePlex and the software is under Microsoft Public License.
  • Binaries are available for download, cross-platform.
  • Most relevant longterm plan is the ability to encrypt Windows system partitions/drives on UEFI-based computers (GPT).

So. If you have additional information, let me know in comments or by eMail. I am rattled beyond my usual level of confusion as to what I should do. Currently, I will probably give the VeraCrypt binaries a test ride on some machine.

Authors have copyrights. People say these things in footers.
All Hail the Great Yawgmoth, Father of Machines.