[Discuss] BitLocker
Tom Metro
tmetro-blu at vl.com
Tue Jan 3 16:22:48 EST 2012
Richard Pieri wrote:
> On Jan 2, 2012, at 7:55 PM, Tom Metro wrote:
>> What makes Microsoft BitLocker better than TrueCrypt?
>
> "... because it protects against more attack modes than other software."
Granted, I was being lazy by asking the question rather than looking it
up, but repeating the quote I included doesn't exactly answer the question.
Chris O'Connell wrote:
> I prefer BitLocker for a couple of reasons:
>
> The password used to decrypt the disk and log in to Windows is the same.
> Thus the process is more transparent for users.
Makes sense. More convenient. Though less secure. (An attacker has more
opportunity to get at your network login password using social
engineering, fake login prompts, and server hacking.)
Kyle Leslie wrote:
> At my company we are using BitLocker.
>
> One of the huge benefits I think is that the encryption keys/recovery keys
> can be stored in AD. So that if you need to unlock or change the drives
> around you don't need to have the user store that some place to get
> lost/stolen. It stores in AD and can be recovered when we need it.
OK, so again more convenient, but in the grand scheme of things, not
more secure.
Edward Ned Harvey wrote:
> Bitlocker is easier to use - No password necessary at boot time. The TPM
> performs some system biometrics (checksum the BIOS, serial number, various
> other magic ingredients, and only unlock the hard drive if the system has
> been untampered. Therefore you are actually as secure as your OS.)
This finally suggests a Bitlocker security advantage. I gather TrueCrypt
doesn't use the TPM? Answered in their FAQ:
http://www.truecrypt.org/faq
Will TrueCrypt use TPM?
No. Those programs use TPM to protect against attacks that require the
attacker to have administrator privileges, or physical access to the
computer, and the attacker needs you to use the computer after such an
access. However, if any of these conditions is met, it is actually
impossible to secure the computer (see below) and, therefore, you must
stop using it (instead of relying on TPM).
If the attacker has administrator privileges, he can, for example,
reset the TPM, capture the content of RAM (containing master keys) or
content of files stored on mounted TrueCrypt volumes (decrypted on the
fly), which can then be sent to the attacker over the Internet or
saved to an unencrypted local drive (from which the attacker might be
able to read it later, when he gains physical access to the computer).
If the attacker can physically access the computer hardware (and you
use it after such an access), he can, for example, attach a malicious
component to it (such as a hardware keystroke logger) that will
capture the password, the content of RAM (containing master keys) or
content of files stored on mounted TrueCrypt volumes (decrypted on the
fly), which can then be sent to the attacker over the Internet or
saved to an unencrypted local drive (from which the attacker might be
able to read it later, when he gains physical access to the computer
again).
The only thing that TPM is almost guaranteed to provide is a false
sense of security (even the name itself, "Trusted Platform Module", is
misleading and creates a false sense of security). As for real
security, TPM is actually redundant (and implementing redundant
features is usually a way to create so-called bloatware). Features
like this are sometimes referred to as security theater.
For more information, please see the sections Physical Security and
Malware in the documentation.
The Wikipedia article on TPM[1] points out another advantage to it: it
provides hardware prevention of dictionary attacks so "the user can opt
for shorter or weaker passwords which are more memorable."
1. http://en.wikipedia.org/wiki/Trusted_Platform_Module
A dated (2008, TrueCrypt v.5) comparison of BitLocker and TrueCrypt says:
http://4sysops.com/archives/system-drive-encryption-truecrypt-5-vs-bitlocker/
So Bitlocker's biggest advantages are its TPM support and its
sophisticated recovery options [like storing keys on a USB drive or in
ActiveDirectory]. TrueCrypt is much easier to handle and practically
needs no preparations.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list