Sign in with
Sign up | Sign in

System Encryption: BitLocker And TrueCrypt Compared

System Encryption: BitLocker And TrueCrypt Compared
By

Now that Intel offers hardware-based AES acceleration in a number of its mainstream processors, it's time to take a look at two of the most popular system encryption tools, BitLocker and TruCrypt, both of which are able to harness the hardware feature.

Microsoft has been shipping BitLocker drive encryption tool with Windows Vista and Windows 7 operating systems, but it's only available on the two highest-end editions, Enterprise and Ultimate. Fortunately, there is a powerful alternative to BitLocker for everyone else. TrueCrypt is open source and offers even more flexibility. We decided to compare the features and performance of both solutions.

We published a comprehensive article on TrueCrypt 6.1 just over a year ago. That story looked at the process of how to encrypt a Windows system partition, and we ran benchmarks, in addition to battery runtime tests on a notebook. The conclusion was promising: TrueCrypt 6 lets you encrypt and password-protect your entire system on the fly with only minor performance and battery life penalties.

By now, there's really no need to rehash the merits of encrypting user data, especially for the folks who handle sensitive information. Losing information to a failed drive is one thing, and it can typically be addressed, even if it's an expensive proposition (then again, you already know you should be running regular backups, right?). But data falling into the wrong hands can be an even more dire problem for businesses.

This time around, we wanted to double-check our findings with TrueCrypt against Microsoft's value-added BitLocker. Does it make sense to pay up for a higher-end Windows version to get this extra functionality, or will TrueCrypt do the exact same thing at no cost? Another reason to revisit encryption solutions is the availability of AES new instructions (AES-NI) in Intel’s Core i5 mainstream dual-core processors (Clarkdale) and the top-end, six-core Core i7 (Gulftown). Can BitLocker and TrueCrypt truly showcase the benefits of hardware-based AES acceleration? Let's find out.

Ask a Category Expert

Create a new thread in the Reviews comments forum about this subject

Example: Notebook, Android, SSD hard drive

Display all 54 comments.
This thread is closed for comments
Top Comments
  • 16 Hide
    Anonymous , April 28, 2010 6:19 AM
    TrueCrypt is
    1-open source
    2-multipe OS
    3-free
    there for its the best chose for every one.
  • 12 Hide
    palladin9479 , April 28, 2010 7:35 AM
    Ohhh kay ..... their acting like hardware based encryption is new or something Intel invented / pioneered. Via was doing it for years before Intel, they even have hardware based random number generation and SHA hashing.
Other Comments
  • 16 Hide
    Anonymous , April 28, 2010 6:19 AM
    TrueCrypt is
    1-open source
    2-multipe OS
    3-free
    there for its the best chose for every one.
  • 12 Hide
    palladin9479 , April 28, 2010 7:35 AM
    Ohhh kay ..... their acting like hardware based encryption is new or something Intel invented / pioneered. Via was doing it for years before Intel, they even have hardware based random number generation and SHA hashing.
  • 5 Hide
    amnotanoobie , April 28, 2010 8:21 AM
    palladin9479Ohhh kay ..... their acting like hardware based encryption is new or something Intel invented / pioneered. Via was doing it for years before Intel, they even have hardware based random number generation and SHA hashing.


    Though VIA technically doesn't really have a large enough market share to push trends with software makers. Once Intel does include a feature (unique or other-wise), it usually makes people pay attention just simply due to their size and reach.
  • 0 Hide
    Anonymous , April 28, 2010 8:33 AM
    Honestly if you are in a situation that Truecrypt is the only option and you need that functionality, go for it. But IMHO if you can use BitLocker I would choose that over TC since, contrary to popular belief, I'd think MS has it engineered fairly well to work without stuff breaking all over the place. And I'm sure they've documented it well enough to cover all caveats and pros/cons of its usage.

    Though, personally, I love TC from the drive-inside-a-drive encryption standpoint. Just makes sense.
  • 5 Hide
    martel80 , April 28, 2010 8:43 AM
    What about testing slowdown of a SSD-equipped computer? (Drive benchmarks comparing throughput with/without encryption)
  • 1 Hide
    Anonymous , April 28, 2010 8:55 AM
    "AES-NI is included on all Core i5 desktop processors"

    Not all desktop i5 processors have AES. The quad cores do not.
  • 2 Hide
    DSpider , April 28, 2010 9:26 AM
    Full encryption is only "needed" if you use a laptop with sensitive material on it. And I'm not talking about porn here... Bussiness stuff. Patents, ideas, MacDonalds recepies. Other uses imply a USB stick and external HDDs.

    The simple fact that you can run TrueCrypt from Linux and OS X (especially if you have a MacBook) makes it a very good choice. Also, for this type of security I think open source is better because closed sources may have developer "backdoors" built-in.
  • 0 Hide
    DSpider , April 28, 2010 9:30 AM
    Oh, and I would suggest you stick to containers instead of full drive encryption. Why ? Because if you have a 500 GB drive fully encrypted and there's a problem with it (bad sectors for instance) you basically loose everything on it.
  • 3 Hide
    WR , April 28, 2010 12:08 PM
    Not true. These are block-based encryption algorithms. If you have a bad sector all you'd lose is that block. The TC driver processes 512 bytes at a time, which means you'd lose one sector.
  • 1 Hide
    nukemaster , April 28, 2010 12:36 PM
    I am not paranoid enough about my files yet.
  • -2 Hide
    tommysch , April 28, 2010 1:13 PM
    TrueCrypt is by far superior.
  • -3 Hide
    gogogadgetliver , April 28, 2010 2:06 PM
    I don't think they're giving Microsoft enough credit here.

    Some of us could care less about features. I want my data to be safe and I want whatever is doing that to GTF out of my way. The only feature I really care about is the "on" switch. That said I think
    Microsoft's slightly better performance lands the deal.

    Your talking MSFT vs an Opensource solution though so the Fanboyism is probably going to run rampant. I'll give my Kudos: Trucrypt is a solid product. I'm just choosing the competitor.
  • 3 Hide
    dman3k , April 28, 2010 2:28 PM
    AnonymousTrueCrypt is1-open source2-multipe OS3-freethere for its the best chose for every one.
    open source not not mean better - plenty of bad open source stuff out there; multiple oses depends on your network... most companies choose to have everyone using the same OS for security update purposes; bitlocker comes included in business tier/ultimate editions of the most popular OS in the world.

    Your points are completely invalid.

    I chose bitlocker because I was told it was way faster, and apparently that's not true. Seeing that TrueCrypt can do hidden partitions, I'm going to ask the IT team to look into switching. This feature is excellent for a cost of few more processing power.

    Don't be a fanboy.

    Excellent article. Thank you, Tom's.
  • 1 Hide
    killerclick , April 28, 2010 3:05 PM
    TrueCrypt is better, that's why I use it.
  • -2 Hide
    CChick , April 28, 2010 3:05 PM
    I loled so hard at the Secret Partition part.

    I was told by my professor that when Government throw their "used to be top secret" stuff away (say, a HDD), they usually re-write it 7 times with other data, then they will burn it. cuz this almost guarantees that nothing can be recovered.

    I guess I will rewrite my drive 10 times with the TrueCyrpt :) , Cuz I dont really like the idea of other people reading my data, even my drive has nothing important.
  • -5 Hide
    htoonthura , April 28, 2010 4:16 PM
    One thing i do not like about truecrypt is : it asks password to load windows. because of that, truecrypt is only suitable for personal use.
  • 1 Hide
    Skippy27 , April 28, 2010 4:55 PM
    CChick I think you misunderstood it. First off, he made clear that there is not a government in the world that can crack the 256-bit encryption so anything in there is safe anyway. Secondly, what you are speaking of is a drive "wiping" to make anything on there none recoverable. DOD standards require 7 passes if I am not mistaken.

    If you are getting rid of a none encrypted drive I would certainly recommend you get a produce like KillDisk and use the DOD wipe on it. At work, we use an encrypted drive so we only use the 1 pass wipe of the drive. If a drive is not encrypted for some reason (server drives) we are required to use the DOD approach.
  • 0 Hide
    douglaskuntz , April 28, 2010 5:40 PM
    htoonthuraOne thing i do not like about truecrypt is : it asks password to load windows. because of that, truecrypt is only suitable for personal use.


    Because business users are unable to type in passwords?

    Though one thing they forgot to mention: You can not do WDE on OS X yet, with True Crypt... You can with PGP WDE, though.
  • 3 Hide
    jasperjones , April 28, 2010 5:48 PM
    Truecrypt is NOT open-source software in the conventional sense. Yes, the source code (of the latest version only) is available. But the license they use does not meet the open source definition and hence is not recognized by the Open Source Initiative.

    Virtually all major Linux distros consider Truecrypt not free as well.
  • 0 Hide
    dreamer77dd , April 28, 2010 6:42 PM
    is their any plans to make these software be hardware accelerated, use multi cores like 8 because we know thats coming around the corner? any news or knowledge about this? the future is always interesting
Display more comments