Encrypting your Windows hard drives is trivially easy;
choosing which program to use is annoyingly difficult. I still use
Windows -- yes, I know, don't even start -- and have intimate experience
with this issue.
Historically, I used PGP Disk. I used it because I knew and trusted the designers. I even used it after Symantec bought the company. But big companies are always suspect, because there are a lot of ways for governments to manipulate them.
Then, I used TrueCrypt. I used it because it was open source. But the anonymous developers weirdly abdicated in 2014 when Microsoft released Windows 8. I stuck with the program for a while, saying:
BitLocker is Microsoft's native file encryption program. Yes, it's from a big company. But it was designed by Niels Ferguson. (Here's Niels's statement from 2006 on back doors.) It was a snap decision; much had changed since 2006.Specifically, Microsoft made a bunch of changes in BitLocker for Windows 8, including removing something Niels designed called the "Elephant Diffuser."
The Intercept's Micah Lee recently recommended BitLocker and got a lot of pushback from the security community. Last week, he published more research and explanation about the trade-offs. It's worth reading. Microsoft told him they removed the Elephant Diffuser for performance reasons. And I agree with his ultimate conclusion:
Lately, I am liking an obscure program called BestCrypt, by a Finnish company called Jetico. Micah
And in the end, you either have to write your own software or trust someone else to write it for you.
But, yes, this should be an easier decision.
Historically, I used PGP Disk. I used it because I knew and trusted the designers. I even used it after Symantec bought the company. But big companies are always suspect, because there are a lot of ways for governments to manipulate them.
Then, I used TrueCrypt. I used it because it was open source. But the anonymous developers weirdly abdicated in 2014 when Microsoft released Windows 8. I stuck with the program for a while, saying:
For Windows, the options are basically BitLocker, Symantec's PGP Disk, and TrueCrypt. I choose TrueCrypt as the least bad of all the options.But soon after that, despite the public audit of TrueCrypt, I bailed for BitLocker.
BitLocker is Microsoft's native file encryption program. Yes, it's from a big company. But it was designed by Niels Ferguson. (Here's Niels's statement from 2006 on back doors.) It was a snap decision; much had changed since 2006.Specifically, Microsoft made a bunch of changes in BitLocker for Windows 8, including removing something Niels designed called the "Elephant Diffuser."
The Intercept's Micah Lee recently recommended BitLocker and got a lot of pushback from the security community. Last week, he published more research and explanation about the trade-offs. It's worth reading. Microsoft told him they removed the Elephant Diffuser for performance reasons. And I agree with his ultimate conclusion:
Based on what I know about BitLocker, I think it's perfectly fine for average Windows users to rely on, which is especially convenient considering it comes with many PCs. If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway.Micah also nicely explains how TrueCrypt is becoming antiquated, and not keeping up with Microsoft's file system changes.
Whatever you choose, if trusting a proprietary operating system not to be malicious doesn't fit your threat model, maybe it's time to switch to Linux.
Lately, I am liking an obscure program called BestCrypt, by a Finnish company called Jetico. Micah
And in the end, you either have to write your own software or trust someone else to write it for you.
But, yes, this should be an easier decision.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.