Encrypting Windows Hard Drives

Encrypting your Windows hard drives is trivially easy; choosing which program to use is annoyingly difficult. I still use Windows—yes, I know, don’t even start—and have intimate experience with this issue.

Historically, I used PGP Disk. I used it because I knew and trusted the designers. I even used it after Symantec bought the company. But big companies are always suspect, because there are a lot of ways for governments to manipulate them.

Then, I used TrueCrypt. I used it because it was open source. But the anonymous developers weirdly abdicated in 2014 when Microsoft released Windows 8. I stuck with the program for a while, saying:

For Windows, the options are basically BitLocker, Symantec’s PGP Disk, and TrueCrypt. I choose TrueCrypt as the least bad of all the options.

But soon after that, despite the public audit of TrueCrypt, I bailed for BitLocker.

BitLocker is Microsoft’s native file encryption program. Yes, it’s from a big company. But it was designed by my colleague and friend Niels Ferguson, whom I trust. (Here’s Niels’s statement from 2006 on back doors.) It was a snap decision; much had changed since 2006. (Here I am in March speculating about an NSA back door in BitLocker.) Specifically, Microsoft made a bunch of changes in BitLocker for Windows 8, including removing something Niels designed called the “Elephant Diffuser.”

The Intercept’s Micah Lee recently recommended BitLocker and got a lot of pushback from the security community. Last week, he published more research and explanation about the trade-offs. It’s worth reading. Microsoft told him they removed the Elephant Diffuser for performance reasons. And I agree with his ultimate conclusion:

Based on what I know about BitLocker, I think it’s perfectly fine for average Windows users to rely on, which is especially convenient considering it comes with many PCs. If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway.

Whatever you choose, if trusting a proprietary operating system not to be malicious doesn’t fit your threat model, maybe it’s time to switch to Linux.

Micah also nicely explains how TrueCrypt is becoming antiquated, and not keeping up with Microsoft’s file system changes.

Lately, I am liking an obscure program called BestCrypt, by a Finnish company called Jetico. Micah quotes me:

Considering Schneier has been outspoken for decades about the importance of open source cryptography, I asked if he recommends that other people use BestCrypt, even though it’s proprietary. “I do recommend BestCrypt,” Schneier told me, “because I have met people at the company and I have a good feeling about them. Of course I don’t know for sure; this business is all about trust. But right now, given what I know, I trust them.”

I know it’s not a great argument. But, again, I’m trying to find the least bad option. And in the end, you either have to write your own software or trust someone else to write it for you.

But, yes, this should be an easier decision.

Tags: , , , ,

Posted on June 15, 2015 at 6:31 AM143 Comments

Comments

keiner June 15, 2015 7:24 AM

If you don’t pass the US/UK borders, the whole encryption thing of whole disk is not THAT useful, huh?

I enjoyed the part of the essay bringing the whole issue of disk encryption into the right perspective when it comes to “security”….

Steve June 15, 2015 7:36 AM

I still use Windows — yes, I know, don’t even start

Okay I’ll start.

Why do you use Windows??!!!

It’s like walking around drone-filled skies with a huge targeting beacon mounted to your head.

I also know about all the issues but have mistakenly clicked on phishing links.

The only thing that stopped the pwnage were a good /etc/hosts file and NO WINDOWS! One little mistake is all it takes and people make mistakes all the time.

Windows’s threat surface is provable dangerous. I can’t believe we’re still having this discussion.

Winter June 15, 2015 8:06 AM

@keiner
“If you don’t pass the US/UK borders, the whole encryption thing of whole disk is not THAT useful, huh?”

Under VeraCrypt (see previous comments) you can use full disk encryption and choose between booting off the hidden partition or the “front door”.

Plausible deniability

Clive Robinson June 15, 2015 8:29 AM

@ Bruce,

And in the end, you either have to write your own software or trust someone else to write it for you.

The problem with “writing your own” is that for 99.999% of software writers they are just not qualified (and I include myself in that).

The reason is there are so many facets to the problem it takes several years to get them under your belt, and by then MS or who ever has moved the FileSystem forward in some way and don’t release enough information for you to be able to evaluate the changes effectivly, then of course “attacks improve with time” as well so you end up on the “hamster wheel of pain” just trying to keep up, even if it is your full time job.

Winter June 15, 2015 8:32 AM

I have a question about the hidden volume in TrueCrypt/VeraCrypt.

Currently, there are two possible headers in the total volume. This restricts the number of hidden volumes to 1.

Would it not be possible to put the (encrypted) header of the hidden volume at the end of the encrypted Volume? (not a real “header” anymore, but still). After decryption of the hidden volume, the end of decrypted hidden volume could then be another, nested hidden volume in the current hidden Volume. Such nested hidden volume(s) could only be opened by supplying the passwords for all the outer hidden volumes. Or maybe they can be iterated as a list at the end of the encrypted outer Volume?

I suspect I have missed something important. It seems too obvious to have been missed by the creators if it were possible.

Snickers June 15, 2015 8:34 AM

Suppose a company is run by your best friend, who would never lie to you. The NSA can still plant an employee in the company, and manipulate the code to make it vulnerable. And the NSA probably has capabilities of which we are unaware. So a vulnerability might not be detectable, even if a dozen experts are looking right at it. If the NSA is your opponent, don’t put your secrets in electronic form.

Snickers June 15, 2015 8:44 AM

I suspect that TrueCrypt was always an NSA program. Make a secure encryption program, and give it away free to millions of persons. [There is no way that volunteers could make a program with such extensive capabilities in windows, mac, and linux. The number of person-hours of work is too high.] Then have intelligence operatives and assets use it. If caught with the software, they might just be one of the millions of ordinary users.

But then someone decided to put a backdoor in the civilian version of the software, and the lead developers baulked and shut it down. I’m guessing.

Open source software is more vulnerable than corporation software, since the NSA can easily have some of its own people “volunteer” to work on the code. As I said, the NSA can set up vulnerabilities that only they can make use of, given their superior capabilities.

Winter June 15, 2015 8:52 AM

@Snickers
“Open source software is more vulnerable than corporation software, since the NSA can easily have some of its own people “volunteer” to work on the code.”

You do not actually read this blog, do you?

Thoth June 15, 2015 8:58 AM

@all
For Bitlocker to even gain momentum in the open community space, they have to be willing to sacrifice some things they value and cross a couple of rather big hurdles.

1.) Source code from the MS Crypto API all the way up to Bitlocker source code (and probably use an Open Source License).

2.) Open source and also utilize Open Source Licenses for TPM module drivers.

It seems like I have only 2 hurdles I deem they need to cross. Maybe someone else have different opinions and may want to add more necessary hurdles to get back the trust.

Truecrypt’s successors are Veracrypt and Ciphershed. The basic hurdle they have is to keep their small developer base intact despite all the political storms. How well they can weather these political storms depend on their leadership and vision. If they can be mobile and can have a higher assurance development procedure (something @Nick P drums at) with good backup plans to have no single point of failure if someone or some organisation decides to disrupt their better assured development cycles and distribution, they might outlive many cryptographic products out there. Of course they need to stay relevant to the latest technologies and still be secure.

WitherDust June 15, 2015 9:01 AM

I am still completely stumped how and why you trust the proprietary OS, which could easily have an engineered backdoor forced on it by the NSA, that logs and ships your keystrokes. And in spite of this, you focus your energy on file encryption. What am I missing? So is the adversarial threat you are protecting against not the NSA?

Commentator June 15, 2015 9:05 AM

Personally I don’t see anything wrong with using Microsoft Windows. All the leading software is developed for the platform and files created on it can be opened by the majority of users. Unlike Apple and Linux, documents and software are backwards compatible, the OS is well supported (and maintained for very many years) and patches published regularly. It also receives the most scrutiny (as it’s the most used) compared to the various flavours of Linux which even Linus Trovalds criticises.

Bruce is an academic and will communicate with others in the community who use Windows. It simply isn’t practicable to waste hours learning how to fix the minor irritating issues that come with Linux. Secondly being able to distribute files natively without needing to convert them back and forth saves a great deal of time.

In terms of Windows I don’t see anything wrong with BitLocker providing that you DO NOT escrow the keys to OneDrive (the default option!) For additional security something like TrueCrypt or VeraCrypt can be used to create an encrypted volume; so if BitLocker was compromised your files are as safe as possible (excluding forensic analysis of file remnants).

The one thing I really like with BitLocker is that it supports two factor authentication: TPM with USB and PIN. And if you lose/forgot one of those you can use your recovery key; although common sense dictates this should be kept in a very safe place. Using BitLocker with UEFI Secure Boot gives additional assurance.

Simply software like TrueCrypt is dying out because it no longer fully supports modern operating systems. Fully integrated software like BitLocker is made for, and supported by, Microsoft and therefore invariably works as expected.

Another good alternative is DiskCryptor, again open source, supports encryption cascades and is tiny 978 KB.

Good Feelings June 15, 2015 9:05 AM

Isn’t it foolish to choose to entrust your privacy, to recommend that people entrust theirs, all based on a good feeling?

A honest person with the best intentions could unintentionally produce a backdoored solution, if working with a team of incompetent people and other planted criminals.

I would strongly prefer using the open, publicly audited, battle-tested solution based on technical grounds rather than some of your friend’s “gold certified” black box.

Commentator June 15, 2015 9:07 AM

@WitherDust – Bruce has previously said that ‘if the NSA wants in, they’re in’. There are so many realistic side-channel attacks that it’s not really possible to fully exclude them. Using BitLocker is making the best of a bad situation.

There’s nothing stopping him augmenting whole drive encryption with volume-specific encryption as alluded to in my post above.

TimH June 15, 2015 9:26 AM

Worth noting that Truecrypt now has compatability issues for FDE, it remains a fine choice for cross-OS-compatible general encrypted containers. Use whatever for your FDE, on whatever OS, but put the extra sensitive stuff in one or more TC container. Ditto backup on external drives.

Elvis June 15, 2015 9:36 AM

I think russians and chinesse actually broke into Snowden filed from Bruce computer.

rgaff June 15, 2015 9:40 AM

Let’s see… for those willing to trust Microsoft’s backdoors within its main operating system ANYWAY…. hell, sure, why not trust the exact same company’s backdoors in their encryption product ALSO…. I mean, how much worse can it get? You’re just in bed with the same devil that you already have anyway….

Those who don’t want to trust a big company like Microsoft to begin with should just look to open source operating systems to start with. It’s very much that simple.

CouldntPossiblyComment June 15, 2015 9:47 AM

@Thoth – Microsoft might surprise you there. Nobody would have predicted NET Framework going open source a few years back. A number of companies have begun to figure that open sourcing some stuff is beneficial.

@Steve ‘Windows’s threat surface is provable dangerous. I can’t believe we’re still having this discussion.

As opposed to what? For what threat model?

For the bulk of users, having actual work to do and getting it done on Windows, I’d agree with Bruce, BitLocker works well enough. It’s unlikely to result in source code breaches when thieves steal your laptop etc. (if the NSA wants said source code, in my case it’s in an American company they can just tap on the shoulder). This ignores the huge feasibility & ease of use aspects of different OSes which I’m going to skip as it’s subjective.

Sure, for certain threat models, Windows would indeed be insane. Then again, probably so are iOS, Android, OS X, and a few distros of Linux. I don’t see a legion of Operations professionals (as opposed to the gifted amateurs who run perhaps one or two boxes) sat around going ‘gee, nothing to patch on my farms this week’ – quite the opposite. Lets’ not forget that the totally open OpenSSL had that little Heartbleed bug sitting around for years. OS choice is hardly a panacea.

keiner June 15, 2015 9:48 AM

@Commentator

This is comedy, right? Windows is well-maintained? To which standards?

If I had a car “well-maintained” as Windows, I would go 25 km/h at the most and control oil every 20 km… Just saying.

Igor June 15, 2015 9:54 AM

@Bruce,
given the trust model you have presented here in terms of having personally met some of these developers, do you believe that the people that reengineered Skype and Outlook to have preencryption backdoors present are in fact different groups? My opinion may be different were I in your position of being personally known to Ferguson/Zimmerman et al, however the fact that I do not personally know whether the former especially has been influenced by the Skype/Outlook engineers in some way, simply does not sit well with me. In other words, just the fact that a large company has sacrificed security in two of its products in the name of NSA cooperation automatically disqualifies any of their security products from use by myself.

Commentator June 15, 2015 9:58 AM

@rgaff – As Bruce has said IF BitLocker or Windows has a backdoor then you’ve got far more to worry about.

By that I assume he’s stating the obvious although some people seem to be missing the point: with a backdoored OS, no encryption software can be secure.

You’ve got to compromise. Even open source software has been found with ‘vulnerabilties’ which, in the right hands, are backdoors. But they can be explained away as minor coding errors.

For what it’s worth Microsoft do allow companies and governments to examine the source code upon signing an NDA. Who knows, Bruce may have examined the code but can’t say? However I’m fairly sure that even an NSL couldn’t compel him to ‘recommend’ the product or force him to say he uses it.

Matt June 15, 2015 10:09 AM

@keiner

It makes sense to use disk encryption even if you don’t cross boarders.

Full disk encryption protects you if you laptop gets lost of stolen. It is very easy to use now on Windows, so more people will actually use it correctly. This leads to a better safer world.

Bob S. June 15, 2015 10:13 AM

As I recall, MS was indeed contacted and strong armed by the government about access to bitlocker files. MS rightfully balked at a govt. controlled backdoor, but suggested if anyone stored credentials in the cloud of course the government might have that. But was that report true? Regardless,

Lesson: Don’t store credentials in the Cloud.

(I am experimenting with the Jetico firewall. LOL. It crashed my ‘puter on install and after doing the usual dance to get it working blocks…EVERYTHING….and I do mean everything then waits for the “allow” box to be checked. Don’t have the patience to fool with it today…however, it would appear to be very strong and very granular for those who like it that way.)

Zuranium June 15, 2015 10:15 AM

Question on Windows encryption on servers.
If data on servers is not able to be in DBs, where there is more native encryption technologies, which of these or others would best fit? EFS is the go to thought, but curious about these developed tools for use in this arena.

In reading about most of these technologies, they are very much geared for the desktop/laptop environments. However, file servers or doc repositories on the Windows file level are a concern.

Cassandra June 15, 2015 10:51 AM

Visibility of what Micosoft claim to be the source code is not sufficient to assure yourself of the bona fides of what is on your PC: you need to be able to build the binary from the source and show that it is idenitical with the binaries you run – and even then, as we all know, there are famous ways round that, so you actually need to be able to build using tools that you have independently verified as well.
Verification that you are not running backdoored code is easier when the code you run is open source. Note I am not saying it is easy, just easier.

Anon June 15, 2015 10:52 AM

It’s worthwhile to remember that there is suspicion that TrueCrypt shut down because they received a NSL and the weird shutdown was the warrant canary. See https://grahamcluley.com/2014/06/truecrypt-hidden-message/ for example.

If that is true, and the NSA had bothered to go after a small Podunk product like TrueCrypt, then what are the odds the industry leader (with a long tradition in co-operating with the NSA), has not received the same letter many years earlier?

I’ll trust Microsoft for a lot of things, but security from the United States government is not one of them.

Seriously Bruce, you expect that just because he’s your friend, that he’s going to spill one of the company’s biggest secrets (that if leaked could cost them 100s of millions), and risk going to jail by violating a gag order. That’s a good friend…

albert June 15, 2015 11:04 AM

I switched to Linux some years ago. I use LibreOffice and have no problem exchanging Word and Excel docs with Windows users. Yes, I miss Orcad and Encore :), but I have Gimp and Ardour, and a shipload of other cool, free software choices. Linux niggling problems can be a PITA, and developers seem to be getting more arrogant as the years pass (or is that my imagination?)
.
It IS cool to be able to track error messages in the source code, if you have the time. In general, I do think that the Linux code base may be starting to ‘get away’ from developers (like Windows did). And why do Ubuntu have to eff around with it on every release?
.
I tried Stallmans Stonehenge text browser the other day. Like being in another galaxy. I always found it weird using the terminal in Linux, running browser, photo and sound software from the command line 🙂
.
So cut Bruce a little slack. His business is likely mostly Windows-based. I speak as a OT who started on CPM, and 20+ years a Windows slave.
.
Bruce, I hope you have a little LPS-style Linux box for your banking and online ordering 🙂

me June 15, 2015 11:35 AM

Bruce running Windows on an Intel chip must be the joke of the century. And we’re only a few years in!

Roboticus June 15, 2015 12:07 PM

Windows isn’t that bad, I’ve been using MS on most of my computers for more than 25 years and have been infected exactly once, from sharing floppies with an infected windows 98 machine. Meanwhile I get macs in the shop pretty regularly with trojans. Not as often as windows but still more than people seem to realize. I think the only reason I don’t get more linux machines is most linux users can take care of themselves without having to pay me to fix it.

Danny June 15, 2015 12:32 PM

@Bruce
“Lately, I am liking an obscure program called BestCrypt,…”
Obscure? I am using it since 1999, hardly this one is obscure at all.

CouldntPossiblyComment June 15, 2015 12:36 PM

Lets’ play Devil’s Advocate for a moment. Bruce himself pointed out that the government backdoors of today are the organised crime attacks of tomorrow and the script kiddie targets the day after. If a real Windows ‘we can watch everything you do’ backdoor existed, it would be in use. Put another way – it seems like there are enough zero-day exploits found in critical libraries (independent of OS) that real engineered backdoors seem almost redundant/impossible to distinguish.

If you were the NSA, would you look for existing bugs and keep quiet about them, or take the risk of introducing them and having another (Microsoft) Snowden? The former is certainly more stealthy & has deniability. They can afford to employ very dedicated people to break into running code, and happily, developers introduce bugs all the time.

I struggle to resolve the likes of Flame & GrayFish (very clever, well-written malware, designed to evade detection, bridge airgaps, target specific PCs, take advantage of exploits on Windows) with the same organisations requiring Microsoft to insert backdoors directly & brazenly into the same operating system. Simultaneously, we have the likes of the FBI complaining about encryption in smartphones and demanding known ‘frontdoors’.

I’m not naive enough to believe they’d never try to introduce bugs – it just doesn’t feel like someone walked up to Microsoft and said ‘let us in any time we like’. That they might well have nudged an individual developer to introduce some code is possible; the same can be said of any software project with too many hands and not enough experienced eyes. When Heartbleed came out, it was indeed asked ‘could this have been a subtle backdoor?‘ and frankly we’ll probably never know. It wasn’t even as subtle as stuff in Underhanded C.

The only advantage OSS brings is the potential for experienced eyes, and we already know there aren’t yet enough to go around. I don’t believe Windows is automatically damned; I theorise that any backdoors are subtle and just as likely to be taken as a bug & fixed as any other. I probably wouldn’t use Windows or Bitlocker for something truly critical with an adversary like the NSA, but the steps Cassandra outlined for such a scenario are simply not applicable to day-to-day life of the majority.

Marcus June 15, 2015 12:40 PM

If you must encrypt, and you don’t trust any of the solutions for Windows then…

Use Linux, logical volume manager (LVM), LUKS, and Qemu/KVM. Create an encrypted volume under Linux and use it for your virtual Windows hard drive.

Problem solved.

rgaff June 15, 2015 12:55 PM

@ Bruce

Your buddy Niels said:

“The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data…. Over my dead body….. The official line from high up is that we do not create back doors.”

So…. the company officially doesn’t create backdoors…. except when it’s PROVEN THAT THEY DO in products like Skype!!! Bald faced liars they are!

@ Commentator

You seem to be anti-open-source. The point of open source isn’t that it’s some kind of magic that makes things free of backdoors, it’s so that because it’s open all backdoors CAN be discovered (someday)…. It raises the bar and makes it much more difficult to implant them purposefully, because of the openness.

Whereas closed source can much more easily have a backdoor purposefully and willfully implanted, and it can easily just be there forever with no hope of ever being discovered and the company lying through their teeth forever about it, with total immunity in courts and everything… That’s the difference. This is not merely a theoretical difference, documents prove that this does happen.

In both cases you can have backdoors. In one they can be discovered by anyone with the skills to do it, in the other they can be hidden forever with no hope of discovery short of a whilsleblower going to prison or exile.

Bob B June 15, 2015 12:58 PM

Bruce,

Have you heard about the GCHQ basically alluding that AES has been fully compromised? The CIA is pulling spies from various places (so they claim) because they say that Snowden’s data has been decrypted. Story here:

http://www.zerohedge.com/news/2015-06-14/uk-said-withdraw-spies-after-russia-china-hack-snowden-encryption-sunday-times-repor

They are basically making 2 statements without exactly coming out and saying, neither of which I believe:

1 AES has been fully broken
2 Snowden used AES only

Have you heard so much as a whisper about this. I assume this is techno-bluster from the idiots in these various departments, but I’d like some more confirmation.

Thanks,

Anon June 15, 2015 1:12 PM

@Bob B:
That whole story in the Sunday Times is dubious at best.
For example, an excerpt from the Greenwald article in the intercept refuting it:

“Moreover, as pointed out last night by my colleague Ryan Gallagher — who has worked for well over a year with the full Snowden archive — “I’ve reviewed the Snowden documents and I’ve never seen anything in there naming active MI6 agents.””

George West June 15, 2015 1:15 PM

VeraCrypt is impressive. It is improved over TrueCrypt. The weaknesses discovered in the research project have been remedied. But like TrueCrypt, VeraCrypt is only good through Win7 for Full Drive Encryption.

I prefer its encrypted container features. The container (a file) mounts like a drive once unlocked. Here is how I run Microsoft operating systems:

I run VirtualBox in a Suse Linux host. I run Windows 7, 8, and 10 (demo) each in a virtual machine. The virtual hard drive (.VDI) for each O/S resides in its own VeraCrypt encrypted container. I can keep the inconvenience to a minimum by mounting multiple containers with one instruction if they all have the same password.

Here is another benefit for those that are justifiably worried about connecting to Microsoft to do updates:

You can actually run two virtual machines for each version of Windows you install. One is permitted to connect to the outside world for update purposes, the other is denied all access – always. When Windows and other software are updated, simply clone the updated VM to the secure VM.

For the super-paranoid like me, my secure system is not just another VM in the same physical machine. I use an entirely separate physical machine that has no capability to connect to anything anywhere – ever. I even use power regulators, filters, and isolation transformers to ensure it can’t leak data through the power supply. I don’t know if NSA has this ability or not. We know data can be transmitted over power lines. We know NSA influences hidden chip technologies. If and when they can do this, it would be considered crazy conspiracy theory for as much as 5 years. Anyone want to bet the ranch that we are not in that 5 year period now?

CAUTION: The VDI from the updated Windows will entirely replace the VDI in the secure Windows. This means that your user files must be kept in yet another VeraCrypt container outside of the VM’s VDI file. That is a good policy anyway and makes back-ups easy. It also means that you must keep all software and updates current on the non-secure Windows so they will clone to the secure VM. Remember, your secure VM will be entirely replaced when you update and clone. (Actually, VirtualBox will not permit an overwrite of a VDI in the clone process. You must delete, then write.)

One question always comes up. How do you move a file from a non-secure environment to the private system? I use a USB stick. VirtualBox allows me to mark a stick as read only, which I do on the secure system.

If you don’t want the inconvenience of 2 systems, just use two physical hard drives, both bootable. Put them in removable caddys or mount a double-pole double-throw power switch on you computer case for 5V and 12V power to the HDDs. It insures that only one drive can get power while the other can’t. Data can’t jump drive to drive. I deployed this remedy 15 years ago when I heard about Echelon. Yes, this has some vulnerabilities because they both use a common main board BIOS.

Anyone see vulnerability in this arrangement?
I realize I am trusting VeraCrypt, Suse and VirtualBox not to leak. They are all open source. I am also trusting encryption algorithms to be ‘uninfluenced’. VeraCrypt permits me to cascade three algorithms in order to minimize this risk.

If we are going to trust anyone, it best be limited to open source products. With all due respect Mr. Schneier, you seem to trust closed source products because you know the people behind them. I’m going to call “Security Vulnerability” on that one – a very poor reliance. Going back to Lava Bit, we can see what the NSA does and how they do it. After having received a payoff or a National Security Letter, even your twin brother can’t be relied upon any longer.

Sofakinbd June 15, 2015 1:44 PM

How timely and relevant:
This from Macintouch today:
There seems to be a lot of confusion about the new “rootless”, or System Integrity Protection (SIP), as Apple calls it. This is in part due to a lack of information from Apple itself–there was nary a peep about these new features in the WWDC Keynote.
However, Apple has posted a video of the Security session, accessible from a free developer account:
https://developer.apple.com/videos/wwdc/2015/?id=706

SIP works by disallowing anyone, even root, access to the protected area (by default, everything in /System).
The nvram command to turn this feature off:
sudo nvram boot-args=rootless=0

(as well as the one to allow modified kernel extensions) works in the current beta, but will be removed from the shipping version.
The whole SIP can still be disabled from a GUI app in the recovery partition.
My take is that Apple is progressively locking down OS X with the pretext of improving security, making life harder to tinkerers (people who build hackintoshes, TRIM enable utilities, etc.). It is getting harder and harder to workaround those locks, and while they can still be disabled in El Capitan, there may be a point in the not so distant future where that won’t be possible.

Commentator June 15, 2015 1:47 PM

@rgaff – I’m not against open source software, in fact I like it has its place and I like the philosophy behind it. In fact I recommended DiskCryptor. In my posts I was trying to explain why the majority of users are probably best off sticking with BitLocker; ease of use and seamless integration. I guess the reasons that I advanced are the same or similar to those of Bruce.

Most people don’t incorporate state actors into their threat model because it’s not a threat that they’re likely to face and, even if they did, it’s likely that the NSA would be able to overcome the encryption – a point Bruce has opined in his other posts.

Systems are normally encrypted to satisfy regulatory requirements or as a wise safeguard in the event somebody loses their computer. BitLocker is both approved for use on US/UK government systems (and probably some other countries) and would protect against the most technically competent thief. So why introduce another unknown (i.e. a third-party WDE/FDE solution)?

The more technically inclined can play with TrueCrypt and VeraCrypt but the problem with the former (now it’s obsolescent) is that it isn’t supporting emerging formats. The problem with the latter is that not enough people have the skills to both analyse it cryptographically AND look at the real-world implementation. By all means, and I’ll say it again, use VeraCrypt or AxCrypt to encrypt volumes or files IN CONJUNCTION with BitLocker.

In the real world backdoors are attributed to “bugs” in the software. Whilst having many eyes increases the likelihood of detection there just aren’t enough skilled, qualified and (most importantly) motivated people who are prepared to spend the time auditing the software for free. And those that are suitably qualified normally work for the nation states.

We don’t know why Bruce choses BitLocker or indeed Windows but I’m fairly confident that when he’s dealing with sensitive information he will: use an air-gapped system or an ‘amnesic’ live system.

For day-to-day use Windows (and BitLocker) suits most users.

Sasparilla June 15, 2015 1:50 PM

What a topic Bruce. You’re right, there isn’t a good easy choice at this point.

From a normal user perspective where loosing your laptop or getting it stolen and files accessed is, by far, the biggest risk a normal user faces – then this makes sense (integrated BitLocker), but there is an if there:

If the users don’t care if Microsoft, and whatever intelligence service requests the encryption key(s) from them, can decrypt your HD when desired in the future – remember Bitlocker encryption of your drive won’t occur until it phones home (presumably to transmit the encryption key(s) to Microsoft’s waiting arms). I’m sure this was originally for user’s assistance (cause users misplace their passwords and this was a commercial utility) – but those keys are all just an NSL away (or wide open access like outlook.com / hotmail.com e-mails) from NSA access. JMHO…

Commentator June 15, 2015 2:08 PM

@Sasparilla – as has been said by a few people… don’t upload your recovery key to OneDrive.

The best option is to print it and keep it somewhere very safe or save it to a flash drive. Then, unless the software has a backdoor, there’s no way of recovering it. There’s little change of a brute force attack against a 48 digit string.

Some Dude June 15, 2015 2:26 PM

I think unless you need to use a >2TB boot drive, there is no reason to use Bitlocker over Truecrypt/Truecrypt forks. The secure boot feature makes setting up Truecrypt a bit more cumbersome, but on most laptops and mainboards it can still be turned off.

rufo guerreschi June 15, 2015 3:04 PM

Reading this post, it comes to mind that there is dire need for better ways to assess and compare trustworthiness of any given critical SW component. There should be ways to systematize somehow hunch feeling and cognitive trust, into methodologies that can produce a lelevl of trustworthiness, at least for most common threat models.

Ray Dillinger June 15, 2015 3:13 PM

My most recent purchase of Microsoft Software was Windows NT 3.51. When it was new. I have used more recent Windows versions owned by employers, but have had fewer and fewer contracts over the years where workplaces required it. Most of the servers I work on are Linux boxes – and stripped-down Linuxes without windowing systems at that.

Most of the things Microsoft said are “unacceptable” due to CPU hoggery or required user action during bootup (in the paper you linked regarding the “elephant” diffuser) are things I myself require and use every day on my own systems. Would I sacrifice half my disk capacity for checksums? Probably not on this low-security machine, but on my medium or higher security machines, yes, I would. Disk space is cheap these days, and on the actual high-security machines there’s not even the space-hoggery of media files or windowing systems. Would I allow a CPU bottleneck to slow down disk reads by a factor of three? Yes, I would. Everywhere. Antivirus software on the most recent versions of Windows I ever used, does that anyway. Would I require local input of a 50-character or greater password during bootup? Yes, I do. Even on this low-security machine which is allowed to access the Internet and to run in the same room where other machines are running, I use an encrypted disk and a good password.

And if Microsoft does not provide the things I require, well, that’s the whole reason I’ve not wanted anything they’ve produced since Windows NT 3.51.

rgaff June 15, 2015 4:23 PM

@Bruce

“removed the Elephant Diffuser for performance reasons”

I don’t really understand this…. have disk drives and processors gotten slower over the years or were people really annoyed at terrible performance of the old system? If the answer is “neither” then there’s no technical reason for this! And if there’s no technical one, what’s the political or legal one?

In spite of that, if you’re trusting Microsoft’s operating system ANYWAY…. then I’d agree you might as well trust their encryption ALSO, at least on that one machine….. It can’t get too much worse since it’s all Microsoft either way….

If you don’t want to trust Microsoft’s encryption (for whatever reason, whether real or imagined), there’s really no excuse for using their operating system, you should switch that too.

Confused June 15, 2015 4:29 PM

@Ray Dillinger – What’s so special about Windows NT 3.51?

It’s so old that the security just doesn’t compare to modern operating systems. The password management is truly terrible by todays standards.

David Henderson June 15, 2015 4:31 PM

Last fall, I began a transition from OSX to Debian Linux.

There was a steep learning curve, especially since I insisted on using my current Apple hardware.

The personal motivation was Apple taking down their warrant canary last fall. The professional motivation was that I need better control over package versions than that provided by macports. Debian’s slow pace fits with my development model that needs a stable feature set to develop mathematically oriented software.

I’ve succeeded pretty well. I’ve transitioned pretty well from an Apple centric environment to a Debian centric environment. TrueCrypt on the Apple platform has been functionally replaced by LUKS on Linux. I run benchmarks on cryptsetup to find the most efficient way of providing encryption for each of my computers. AES wins on one, Twofish on another; I use whichever is most efficient.

tcplay is the Debian package that uses Linux dm-crypt to reimplement the TrueCrypt functionality. From that standpoint, TrueCrypt probably does not have any backdoors; it could still leak key info via a backchannel. I find that I’m not really interested in using either tcplay or TrueCrypt. What I care about is not having my laptop’s information used against me should it be lost or stolen.

GeorgeL June 15, 2015 7:00 PM

@ David Henderson, “Last fall, I began a transition from OSX to Debian Linux.”

I recently started to dabble in OSX. As a long-time Windows user, the transition had been quite smooth. I still boot up Windows on the same Mac but I’m loving OSX more everyday.

Wael June 15, 2015 7:13 PM

@uh, Mike,

What are you hiding?

I’ll tell you for an appropriate fee! What’s in your wallet?

Wm June 15, 2015 7:14 PM

@David Henderson “What I care about is not having my laptop’s information used against me should it be lost or stolen.”

And that is the most important, real need for securing one’s data. As the book title says: “Three Felonies A Day”. I am sure that you have nothing to hide on your computer, but you can never know for sure. It is imperative that you protect yourself from government authorities today. It is also of the utmost importance that you steel yourself against making any statements to the authorities, always ready to reply to any questions with “My lawyer has informed me to never make comments or answer questions from the police or prosecutors”. The next step is to invoke your right to remain silent with cops or take the 5th in all other circumstances.

Buge June 15, 2015 7:44 PM

Truecrypt was not actually open source. It was source-available, meaning you could look at the source, but there were restrictions on modifying it that were more severe than allowed by the definition of open source.

George West June 15, 2015 7:51 PM

@Wm
Yep! Data theft is important. But I am far more committed to preserving my constitutionally protected rights, including all those rights I may not have any immediate use for. I just want to puke every time I hear some coward say “I have nothing to hide, I didn’t do anything wrong”.

When a cop asks me a question, I just tell him “You have the wrong badge. Get one that says Grand Juror”.

rgaff June 15, 2015 8:15 PM

@George West

There’s no need to be a douchebag, just politely say something like, “I’m terribly sorry sir, my lawyer advises me to remain silent” and smile and maybe shrug a little all innocent like. If you act the least bit hostile, even if it’s unintentional or you have a perfect right to be annoyed at the situation, it encourages him to also treat you hostile in return. But if you’re always calm and collected, it encourages him to be as well. There’s no need to explain why to him either, he’s not your buddy and you don’t need to show off your great knowledge to him.

ASmith June 15, 2015 8:24 PM

Going on ‘Feelings’ is about the same as driving a car while texting and going with the Feeling the stop light ahead is going to be Green.
.
Feelings, Intuition, Gut Feelings all are useful in deriving a logical, successful assessment on any given situation. They are however even beyond knowing some company developers years ago or met them over beers in some wayward European Pub are not even close to deriving a security answer and outcome that is entirely reliable and 99.99% accurate.
.
By all intentions, actions and purposes it appears and seems historically documented that Windows developers secretly HELPED the NSA teams obtain Zero Exploits the Microsoft engineers uncovered and those were directly used by the NSA and Mossad to create Stuxnet,Duqu,Flame worms and virus exploits that directly attacked Windows clients and Windows servers. As if that doesn’t permanently destroy all previous,existing and future creditability whatsoever that ‘they shall not be named’ company has or had, the Windows Updater was hijacked or was that also a inside job to further spread those virus globally attacking Windows clients, users and business’s that bought into the MicroSoft koolaide?
.
I wouldn’t trust MicroSoft nor any Windows OS any more than some rabid dog that someone feels wouldn’t slip up behind them and latch onto their backside.

Bob S. June 15, 2015 8:29 PM

Re:

“…my colleague and friend Niels Ferguson, whom I trust.”

Building trust one day, one person, one app at a time is what WE need to reform internet security and privacy.

I was very impressed by Tim Cook’s recent pronouncements Apple builds devices and does not want to collect user personal data. I believe him. Of course, there is no doubt government intelligence agencies are working very hard to interfere with Apple’s vision.

I encrypted my Windows machine today with Bitlocker. It was easy, even without a TPM chip. It occurs to me, however, there is no real need to encrypt OS files…who cares about that?

It’s identity, business or personal data that needs to be protected. These days one encrypted thumb drive could hold all the data any one person would want to keep private and have the added benefit of remaining unconnected/air-gaped from the net most of the time.

George West June 15, 2015 8:54 PM

@rgaff
So I should lie to him and kiss his ass to protect my hide. I’m not terribly sorry, my lawyer didn’t advise me of anything, and I’m not going to give him innocent shrugs to keep his psychopathic behavior suppressed. Maybe its my 13 years of martial arts contact fighting. I know what happens if you look like an intimidated coward. If the founders of this country thought like this, we would all be born into slavery.

Godel June 15, 2015 8:54 PM

As I see it a big advantage of TrueCrypt was the hidden volume facility, a protection against rubber hose decryption, especially in places like the UK where you can go to jail for years for refusing to reveal your password.

Just by looking at their web site, Bruce’s recommended Jetico program doesn’t seem to have that facility. On the other hand, the Cryptic Disk program recommended above by John Melkov does.

It’s been reported elsewhere that the Elephant Diffuser has been reintroduced to Bitlocker as a selectable option in the production version of Windows 10, as well as various encryption options (AES 256, AES 128 etc).

jdgalt June 15, 2015 9:34 PM

Is there any program besides TrueCrypt that can be used to encrypt a dual-boot system? VeraCrypt and BitLocker won’t work on Linux, and the entryption Tails uses won’t work on Windows. BestCrypt’s page header says it supports both, but when you go to their product page it says Windows is required.

Then again, Microsoft may be about to destroy the ability to create dual-boot systems entirely, unless the antitrust cops stop them. I hope they do.

Thoth June 15, 2015 9:50 PM

@Bruce Schneier
Although Niels might have implemented the system, there may be insufficient evidences that implementations went according to your friend’s intents. During the integration of Bitlocker into the OS, anything could happen.

As @Clive Robinson and @Nick P have pointed out, compilers and low level codes might not match the intent of high level designs.

rgaff June 15, 2015 9:54 PM

@George West

No, just mouth off to every cop you meet, and call them psychopaths… See you in jail.

Nick P June 15, 2015 10:00 PM

@ Snickers

There was no Truecrypt attack in Snowden slides or TAO catalog. Instead, they griped amongst themselves about how much it hampered them. Unlikely to be a NSA operation given it hurts NSA.

@ Thoth

“1.) Source code from the MS Crypto API all the way up to Bitlocker source code (and probably use an Open Source License).”

Actually, they should be able to do that. It would still be enforceable via copyright law if someone ripped it off. Showing the source plus how they get the object code allows for third party validation. That would calm a lot of people. Despite the fact that there’s firmware and MB’s of kernel code to backdoor anyway. 😉

@ WitherDust

NSA isn’t the only threat out there. Matter of fact, it’s doing the least damage to individuals and before Snowden leaks to companies. Main worries are malware stealing data, hosting illegal content, spamming, ransoming, or destroying. Temporary or permanent theft of devices too by people with less than NSA’s skills. All kinds of measures deal with what’s in the first sentence. Disk encryption is mainly for the second. It also lets you dispose of drives on eBay without people getting your data off it through recovery tools. Data destruction is quite expensive for companies especially.

@ Commentator

Most of your issues can be solved by using an enterprise-grade Linux. Yet, there are still inconveniences to that and less software. Security is often a tradeoff where things must be sacrificed. People who want their stuff easily stolen by the competition or government in exchange for convenience & apps can use Windows. Maybe Mac or proprietary UNIX’s, too. People wanting less of those threats with maybe less apps or hardware to choose with a still usable desktop have open-source offerings. They might have to Google something on occasion, though.

Life has plenty of tradeoffs.

Note: Forgot about DiskCryptor. Thanks for mentioning it.

@ George West

Good work on making attempts to solve the various problems while still using Windows.

@ Buge

Truecrypt wasn’t nearly as restricted as people said. You basically just have to remove references to its name. Tiny amount of effort required compared to what you get in return for your own project’s use.

@ Bob S

“I was very impressed by Tim Cook’s recent pronouncements Apple builds devices and does not want to collect user personal data. I believe him”

Why? They collect user data and work with advertisers. On top of overcharging for products with anti-competitive practices in their app store. This is also the company that lied for years about Mac security, claiming it was immune to malware. They even once had an administrative service in Mac OS X requiring a login that let the user through if they inputed *a password): no checks to see if it was correct. They’re neither competent on security nor trustworthy in ethics. They’ll screw us both ways.

@ Godel

Yes, the hidden volume facility was great. Only worked if they didn’t image your hard disk repeatedly (eg border crossings). They could tell it was there in that case. A targeted attack on you with one shot? Hidden volumes help a bit, there. Also for ignorant searches that don’t know about that property.

Nick P June 15, 2015 10:07 PM

@ Bruce Schneier

” During the integration of Bitlocker into the OS, anything could happen.” (Thoth)

I second the more obvious point. The A1-class systems combated subversion using these basic strategies: (a) source/system evaluated by third party to determine its good; (b) third party has hashes/signatures of that source & build tools; (c) end user verifies the source & tools; (d) end user builds system from source on site and installs following vetted instructions. The reason for b-d is to prevent someone from screwing with the code or binary after review. Neils could be a great guy but it’s irrelevant to the security argument after it leaves his hands. At that point, the Bitlocker system is vulnerable to a number of subversive actors and motivations.

Tom June 15, 2015 10:11 PM

What about DiskCryptor security ???, [It is not mentioned by Bruce, and is one importance choice , for the average user actually.

Thoth June 15, 2015 10:12 PM

@Godel
The problem with plausible deniability is that most people are not good at setting up (and also maintaining) these hidden volumes. Studies have also shown that hidden volume concept might not be that “hidden” after all.

The chances of getting caught providing false information can also be dangerous as this might make your enemies more willing to do anything to force you to speak.

The more likely scenario is that once you are caught, you simply lose all your rights. If you provide honest information to your enemies or if you provide false information, you are incapable of doing much. If they want to execute you regardless if you provide true or false information, it is still their decision they will make and one you cannot avoid.

Plausible deniability, cryptography or any security features without a stable root of trust is still vulnerable regardless.

Ray Dillinger June 15, 2015 11:03 PM

@Confused:

In answer to your question, there is nothing great (or even particularly good) about Windows NT 3.51, It was just the final version of Windows I had ever bought before deciding that Linux had gotten good enough that I don’t need Windows anymore.

The point is that I have not owned a Windows machine for longer than it takes to boot from a Linux install disk since 1995, and since then Microsoft has given me even more reasons to stop buying (er, excuse me, one of those reasons is that now they claim it’s a “limited and revocable license” rather than a straight-out purchase with the owner’s Right of First Sale intact) their crap.

ZeDestructor June 15, 2015 11:51 PM

@Ray Dillinger

CPU hoggery was acceptable when you did everything in software and the bottlenecks were elsewhere, and you run on a small scale. With modern SSDs and HDDs (like the Crucial M500 drives I have) supporting high-quality encryption internally, why should I use my CPU to do it when I can feed the drive a high-quality, complex key and let it do it instead? Oh, and on SSDs, using higher-level, non-assisted encryption breaks TRIM for empty, but encrypted blocks, which has a factor of 10 write performance impact when the drive is fully encrypted.

Sure, on a desktop or laptop a modern CPU with AES instructions can do it for a minimal performance hit (at 100% load my desktop can exceed 3GB/s per core easily), but what happens to large storage-oriented servers (talking about things like dangling 90 disks off a small 2x10core machine)? What happens when you’re running large-scale systems like facebook or Google where you have hundreds of thousands of machines? It’s simply not feasible to be forced into doubling the capex just to satisfy some masturbatory requirements when there are better, cleaner, and just as secure in practice options available.

In that respect Linux still lags far behind with no support for self-encrypting disks too (since it has no equivalent to Bitlocker when used with an OPAL 2.0/IEEE-1667 drive), which is sad, but also somewhat symptomatic of the development priorities.

User action during bootup is a non-issue for most: you just bash in a password on a desktop/laptop/phone during bootup, nice and easy (or, by the way, did you know that for a domain-joined PC you need to set a logon password? And that you can have two-factor auth using a smartcard or biometrics? And store more extra keys in a TPM chip and require that too to fully login?).

On servers, since you usually have centralised data, you can have proper ACLs setup, complete with things like certificate-based authentication. If you have a small number of machines it doesn’t matter either: those machines will have any keys in memory eitherways, same as any other machine.

Sacrificing half the disk capacity: That’s a data integrity argument, not a security argument (checksums are never anywhere near the size of the data you’re checksumming), and is not relevant to the discussion. Secondly, software RAID is very fast, even on a miserly 300MHz ARM9 core, and you can get hardware RAID controllers for cheap if you don’t want the software RAID performance penalty.

Lastly, Antivirus software has come a long, long way since the early 2000s. I have a copy of ESET NOD32 on my computer right now, with SSDs, and I can happily max out my SSDs both in reads and writes to a RAMDisk (RAMdisk hits other limits in the NTFS driver rather than virus checking). Sure, there are a few really slow ones, but by and large modern antivirus software is fast enough to be transparent to the user.

To conclude: in terms of performance, attack surface, features (both security and convenience), Windows is very much on par, maybe even a bit better than the open-source *nixes depending on where on the performance/manageability/ease of use/transparency balance you stand.

David Henderson June 16, 2015 12:32 AM

Wm wrote ” I am sure that you have nothing to hide on your computer, but you can never know for sure.”

Of course I have something to hide on my computer. I keep financial statements, credit card passwords, 800 numbers to revoke those credit cards etc. I believe is was Riechelieu that said “If you can find a man’s correspondence, you can find enough evidence for hanging.” or words to that effect.

My concern is that a lost or stolen laptop or backup DVD gets into the wrong hands. If the information is compromised then I need to revoke a bunch of credit cards and change other info.

My info is kept confidential with whole-disk LUKS encryption with a strong password. I’ll not surrender that password without a warrant. There have been too many instances of cops or prosecutors misusing information handed over too freely.

David Henderson June 16, 2015 1:32 AM

One addition to the above. I still share some data with OSX.

To fulfill this function, I have a truecrypt volume that is usable with both OSX and Linux. I’m in the process of phasing this out for the data I need to encrypt.

The other way of sharing data between OSX and Linux is with a zfs partition set that can be mounted on both OSX and Linux. The Mac Pro I’m using cannot run anything beyond 10.7, so I use maczfs to create the zpool that’s shared with Linux. Its rather neat and extremely tolerant to drive failures.

Commentator June 16, 2015 4:04 AM

@Nick P – I fully appreciate that security is a trade-off, but under my threat model, I find Windows to be satisfactory.

What enterprise-grade Linux distros had you in mind? I’ve tried a few including RedHat, SUSE, Debian, Arch, Fedora, Ubuntu, Mint but have yet to find one I like.

What I find most frustrating is the absence of collaboration features and advanced features in open source office suites. Word and Excel are imitated but don’t have any decent ways of tracking changes, use of pivot tables, macros (I know!) and plenty more features not in their free counterparts.

Outlook is incredibly useful and I haven’t come across any decent open source software (Thunderbird and Claws Mail are terrible) that integrate multiple email accounts and calendars, S/MIME and PGP compatible, ability to operate with Exchange etc. Pegasus Mail was good but is very dated and doesn’t do what I need it to.

Even with Linux I’m acutely aware that this is being targeted by government who have advertised a business opportunity to find:

“This is a requirement to have access to vulnerability intelligence, exploit reports and operational exploit binaries affecting widely used and relied upon commercial software.

These include but are not limited to Microsoft, Adobe, JAVA, EMC, Novell, IBM, Android, Apple, CISCO IOS, Linksys WRT, and Linux, and all others.”

The now taken down source is here.

At least with the large vendors they have teams of paid professionals working to fix the vulnerabilities. How long it takes is another matter. But with Linux you either have to do it yourself or rely upon somebody else in their own sweet time.

Emily Dicson June 16, 2015 4:40 AM

Microsoft FPP Product keys are sensitive case, Because Microsoft provide it for only one system at the same time, I was need the windows 7 key for my laptop to upgrade from home premium to professional, So I contact to Microsoft but they denied to give me a sigle fpp key, So I search all over the world to purchase it.
Recently, I ordered at a site from India, They provided me 3 windows 7 pro oem keys with their stickers and 2 windows 8.1 pro oem keys, Which is legal and working good. I’m happy after getting so cheap oem license.
You can also get an unused Windows 7(any version)8, 8.1 pro License key from: ODosta Store
Otherwise, FPP keys are very costly, Usually it come with full package with DVD media, So I suggest to buy oem keys, Which has branded from Dell, Hp, Lenovo etc, As its mean “Original Equipment Manufaturer” Goods.

John Galt III June 16, 2015 7:27 AM

This is an impressive collection of comments, but it seems to lack for a discussion of the hardware vulnerabilities. The reason that Grayfish coexists with blatant software backdoors is full spectrum dominance. You can’t collect it all and process it all if there are secure backwaters. That is the same reason that you can’t encrypt on a machine that has a hardware keystroke logger, which is every one now, and a variety of other hardware backdoors set by US, Israeli and Chinese state actors. It might be sufficient to encrypt a volume on one air-gapped machine, then destroy that machine and install the drive in a new machine. Thorough full spectrum dominance has been applied to the hardware side, from the keystroke logger through the CPU to the router. Your password/hashphrase was stolen as it was typed. To achieve something resembling secure hardware, you’d have to either implement from the ground up on the hardware side, or find some hardware that has an unusual combination of backdoors, then filter the code that runs on it to be sure that it never sees an unlock combination. I suggested before creating a hardware model (e.g., in FPGA) that implements from the data sheet all of the CPU functionality. Any divergences are undocumented features or bugs. There is little hope of finding the backdoors, until they are opened. The parameter space is way too large.

Some Dude June 16, 2015 11:39 AM

“Truecrypt was not actually open source. It was source-available, meaning you could look at the source, but there were restrictions on modifying it that were more severe than allowed by the definition of open source.”

People keep posting this stuff, but it’s just plain wrong. Obviously people with this opinion have never bothered to read the TC license. It is very clearly an open source license that explicitly allows forks and reuse of its code. It just not a standard license, and was not written by lawyers. Therefore it is not included in many “standard” open source projects like linux distributions.

herman June 16, 2015 1:05 PM

@keiner: Apart from the obvious computer theft problem, disk encryption is also useful if you upgrade to a new disk and have to dispose of the old one, or if the disk controller fails, leaving the data still on the disk and accessible by someone with some mad screw driver skillz and a similar disk controller.

Always encrypt, since you never know what the machine will eventually be used for…

herman June 16, 2015 1:16 PM

@Bob S: The reason to encrypt the whole disk is to make it more difficult for someone to subvert the OS when you are not looking. Encryption protects the machine when it is switched off. If someone can replace some OS files while it is off and you then switch on and power up, then you are done for…

Daniel June 16, 2015 2:36 PM

Bruce:

Did you or do you expect to receive any type compensation for this endorsement or have any financial stake in the product?

albert June 16, 2015 2:53 PM

@rgaff, @George West,

“I won’t (cannot) answer any questions.” Then shut up. Going beyond this is spoiling for a ‘fight’, which you will not win. With the police, everyone is guilty until proven innocent. That’s a fact, Jack!
.
Many cops are arrogant, douchebags, personally invested in the ‘crime’, have no knowledge of law, have no training in personal interactions, and various combinations of the above. (The detectives who interrogate suspects (i.e., any witness) are very well trained).
.
“…”I have nothing to hide, I didn’t do anything wrong”…” This is precisely why folks don’t take personal security seriously. This is what many Jews in Nazi Germany said. Young black males in the US know better. With LE/Security State, give ’em 2.54cm, and they’ll take 1.61km.
.
Avoid any lawyer who doesn’t advise you not to talk to the police.
.

rgaff June 16, 2015 5:00 PM

@ albert

Absolutely! Never talk to the police, under any circumstances whatsoever. Their goal is not to protect you, it’s to hang you, a lot of people can’t get this until it’s too late.

However, that said… there’s STILL no need to literally tell them to fuck off or otherwise mouth off at them about why you’re not talking to them. No need to unnecessarily antagonize, unless you literally wish to go to prison, then sure, scream at every cop you meet! Just carefully and calmly tell them that you assert your right not to speak, and then literally don’t speak any further once that is made crystal clear in as polite and non-threatening of a way as possible.

The politeness and non-threatening manner is not to “kiss up”… it’s merely your best chance to diffuse a situation where they’re trying to find a way to haul you off. This is simply to greatly lessen the chances of the handcuffs from coming out immediately during the (one-way) chat! They’re looking for any excuse to vindicate their terrible behavior, don’t give it to them, or you give them great pride and satisfaction that they goaded you into it.

Troels A. June 16, 2015 7:04 PM

Just because TrueCrypt doesn’t support GPT, doesn’t mean it’s only useful for Windows 7. Windows 8 still works just fine with MBR-partitions, and I’m using Windows 8.1 with TrueCrypt FDE just fine. I’m probably switching to VeraCrypt on my next format.

It’s also been tested and working fine with Windows 10. Yes, you don’t get the added benefit of SecureBoot to make sure the bootloader hasn’t been tampered with. But lets be honest: unless you are doing stuff that are obnoxious enough to warrant law-enforcement to perform an evil maid attack against your computer, that is unlikely to be relevant.

arde June 17, 2015 12:04 AM

@Bruce

Why would it be better today to use a product that has not been audited so far but is supposedly still being supported, instead of using one that HAS been audited even if it has been abandoned? Furthermore, currently supported products could be abandoned tomorrow too, or worse: their support could be deficient in the future.

If I can migrate today to a different product, then I can just prepare to migrate in the future but stay with TrueCrypt until such vulnerability is found, if it ever is. There is, after all, the possibility that none will be found, and it’s more likely that none will be found in TrueCrypt than it is in other non-audited products. Why should I switch now? Maybe some non-security, functional incompatibility with newer OS versions will be a good reason to switch eventually. But I don’t see how there could be a valid security reason to switch now.

BTW your recommendation to switch from an audited solution to a closed-source non-audited one, just because you have a good feeling about some people involved in the project is… suprising, to say the least. I think you should pay more respect to the trust many people have placed on your reputation. Just as the managerial mantra says that nobody was fired for buying from Microsoft, many people end up trusting their job on doing what people like Bruce Schneier recommend. With advice like this, they end up doing a variation of Security Theater, which is following your Security Feeling. Trade mark that.

MrTroy June 17, 2015 12:41 AM

@David Henderson:

Whole disk encryption protects that vital info of yours not a jot while your computer is on. Governments are also rather uninterested in that kind of data. Criminals target databases with large quantities of financial or other records. Just who do you think you’re protecting against?

Not that I think you shouldn’t do it. Just that you should have a clear idea of just how “safe” you are – just like TSA, your data is slightly safe because of the procedures you’ve set up… but it’s much safer because most peoples’ home computers just don’t get hacked in that way.

@herman:

Encrypt if it’s easy enough to do. Who exactly are you protecting against, that can access your machine and replace OS files while your computer is off? Your security model is completely broken if your foe can access your hardware.

Good reasons for encrypting everything include making encryption more socially acceptable – any blow that can be struck against the never-was-true “if you have nothing to hide” argument is a good one.

But, I’m surprised nobody has posted this yet: https://explainxkcd.com/538/ (makes the title text more obvious)

Larry June 17, 2015 3:03 AM

@Bruce

Perhaps dual boot is the best option. Windows for all the unimportant stuff you don’t mind stolen. Linux for everything else.

A virtualization distribution like Qubes would be even better. That way you can have your cake and ice cream too. The ability to run Windows in a secure sandbox.

https://en.wikipedia.org/wiki/Qubes_OS

If you’re talking from a user-friendly approach. Then I suppose Bitlocker is the best choice. Though it strikes me as foolish to trust software that is a black box where the inner workings cannot be examined. IE closed-source software.

I believe that kind of trust is known as security through obscurity. But I’m not one to lecture you on such issues. I believe you were referring to user-friendly encryption software for Windows.

Commentator June 17, 2015 5:26 AM

@arde – It seems to me that Bruce is NOT recommending BestCrypt or any other software. Indeed it seems like he is discussing what HE uses on his system for those who are interested.

We don’t know if a Windows desktop is his only system (I doubt it) and he will no doubt use something open source on Linux. Neither do we have his experience of cryptography or what knowledge he has in relation to him writing this article.

What he has said about his “feeling” is that, FOR HIM (under his threat model), BitLocker is acceptable and he has acknowledged (generally):

“I know it’s not a great argument. But, again, I’m trying to find the least bad option. And in the end, you either have to write your own software or trust someone else to write it for you.”

Commentator June 17, 2015 5:41 AM

@arde – One other thing that I’d like to add – in my experience businesses shirk away from open source software because they’re not supported, new features can’t be added upon demand (unless there are in-house developers). Most companies love maintenance contracts and the ability to pick up the phone and speak to someone.

The other problem with TrueCrypt (unlike PGP Disk for example) was that there was no audit trail to prove that computers had been encrypted to satisfy regulatory requirements.

Nor was there any option for a system administrator to install a master password in the event the employee leaves the business, forgets his password, the company receives a legal demand etc.

Finally, if something went wrong with a TrueCrypt encrypted system that caused loss to the business there was nobody to sue whereas with paid-for software you know WHO you’ve contracted with and have an identifiable entity to pursue through the courts.

With Windows at least BitLocker is pre-installed, the crypto engines are FIPS certified, support is available, the deployment is auditable, it integrates with the company active directory, there’s password reset available, there are few unexpected hiccups and there’s an identifiable company behind the software.

For most companies BitLocker fulfils their needs nicely. Crypto experts may prefer open source over anything else but, in the world of business, it comes with its disadvantages.

rgaff June 17, 2015 10:06 AM

@ Commentator

I realize that many corporate managers believe in great disadvantages to “open source” but many of the worst disadvantages aren’t really there at all. For example, you can’t really get “new features added on demand” in a closed source product, unless you’re willing to pay a really big ton of money for your pet feature… and… guess what… you can do the exact same thing with open source (pay someone money to write in a feature)! And the whole “but we need support” argument may be valid for small companies that employ not a single geek to do anything the least bit technical for them, but as soon as they employ one, that argument can often evaporate too, since now they’re “paying for support” in the form of salary anyway… Certifications is one I don’t have a good answer for, because just pointing out how stupid it often is doesn’t satisfy any legal requirements, only philosophical ones.

albert June 17, 2015 11:02 AM

@Commentator,

“…Finally, if something went wrong with a TrueCrypt encrypted system that caused loss to the business there was nobody to sue whereas with paid-for software you know WHO you’ve contracted with and have an identifiable entity to pursue through the courts….”
.
I’ve never seen a LA/UA that doesn’t limit ALL liability. LA/UAs are contracts, that are agreed to when you open (the CD), download it, or open the appropriate web page.

Do you have examples of companies that won a liability lawsuit against a software vendor?

.

Albert June 17, 2015 12:50 PM

Wow, that didn’t take long.

Just got an email from Jetico: “Bruce Schneier recommends BestCrypt – Get 20% off”

Further Above June 19, 2015 8:16 AM

@TJ Williams – you don’t have to store the recovery key in your OneDrive account. If you do it can be legitimately seized by the authorities.

You do have the option to print it out or save it to a file instead. Do this instead; don’t upload it to OneDrive.

This was commented on further above in the comments.

rgaff June 20, 2015 11:03 AM

@Further Above

Saying “it can be legitimately seized” implies that it will only happen if they suspect you of a crime and get a warrant. This is NOT the case. What happens is very different. Storing your keys in OneDrive is very much more like driving down to your local police station and voluntarily giving them to them for safekeeping and to register with them so that they can freely snoop at any time whether they suspect you of any crime or not!

Do you drive down and give your house keys to the police and explicitly pre-give them permission to come over and rummage through your stuff without cause at any moment of the day or night? Why not? You got something to hide? You a terrorist? You gonna kill all my children?

Some people go “don’t be stupid, they don’t have the manpower”… oh.. so if they HAD the manpower, THEN it would be ok? Well, there are these technology thingies called computers that amplify the manpower and can do much of the snooping work for them… so it’s all good, right? Make no mistake, computers snooping through your stuff and alerting when you’re not towing the line is an amplification of manpower, it’s as if they literally ransacked your stuff all day every day (only without leaving much trace, so it’s all good, right?)…

Sigh.

To be clear: I’m not saying that putting your keys on OneDrive currently automatically causes local police rummaging through your whole computer all day every day, I’m just saying that’s a natural future progression of thinking that it’s ok…

Further Above June 21, 2015 6:42 AM

@rgaff

I’m not saying it’s okay for the authorities to seize your keys.

My understanding is that US law allows the keys to be sized (hence it is legitimate). I didn’t mention anywhere the need for a warrant because if the law allows it, it’s legitimate.

It may not be MORALLY right (according to your conception of morality) but it’s LEGITIMATE (because it’s authorised by law).

@Further Above June 21, 2015 1:05 PM

You, sir, have a very strange conception of LEGITIMATE. I concede that your understanding of the word may be ETYMOLOGICALLY correct, however.

rgaff June 22, 2015 1:48 AM

@ Further Above

I don’t recognize laws as legitimate when they are going directly against the constitution. Apparently some courts agree, we’ll see what happens when it gets to the top there. We may pull out of our nose dive toward the dark ages, or plunge right into it.

And authorities who try to keep such laws secret or use other trickery so that they can’t be constitutionally challenged in court should be totally dismantled and all the people imprisoned for treason, in my opinion.

Yosemite Sam June 22, 2015 10:53 PM

Bestcrypt is pretty bulletproof and I’ve used it for years. But I really, really don’t like their update policies. Just seems too grabby.

I’ve tried to like FREEOTFE, but it never was as stable as Bestcrypt – though I’m still interested in its fork https://github.com/t-d-k/LibreCrypt.

Luks compatibility for Windows.

Diskcryptor has been absolutely bulletproof for us on a machine running 6 yrs (?) 24/7.

It’s very hard to trust this stuff until you’ve run it for decades. The risk of data loss is very real. Accordingly, we still prefer the old Seagate FDE drives. May not be trustworthy against governments, but it’s enough to stop laptop thieves.

We’re fast reaching the point where only a dead man switch and the will to use it separate governments from your data.

Bill June 23, 2015 3:01 PM

I still use TrueCrypt… but quite possibly change to Diskcriptor in a near future :D. What method do you guys recommend/use for create automatic backups from a whole disk encrypted disk with TrueCrypt to an external device?.

I would really love to get my System and Data partition (C: and D:) automatically backed up to an external usb drive.. but TrueCrypt whole disk encryption is a real pain for that task and always fail reaching that goal :S. Which program or approach do you recommend me?. I was thinking in try Cobian bakup or Acronis True Image.

My operating system is Windows Professional. The only one “simple” way I’ve found is this:

http://roman.st/Article/Mixing-TrueCrypt-whole-disk-encryption-Acronis-True-Image-Home-backups

Pst: is it possible to use Dropbox or SpiderOak with a full disk encryption system whithout any problem?

Mark June 24, 2015 3:59 AM

But it’s not trivial to set up. I recently bought a Windows 8 PC — my first Windows PC since XP.

BitLocker isn’t supported on my version of Windows 8 and hence on most PCs.

I decided on DiskCryptor. I installed it, encrypted the drive, and then rebooted. It didn’t boot.

I didn’t RTFM, just as a normal user wouldn’t. It’s just a media PC with no data on it, so the data loss was inconsequential.

Turns out that there were some changes to the BIOS of Windows 8 PCs. The exact changes escape me.

Compare this to FileVault OS X: I’ve run it on quite a few systems. Since they own the entire ecosystem, it just works. Now that’s trivially easy.

Clive Robinson June 24, 2015 6:12 AM

@ Mark,

Since they own the entire ecosystem, it just works. Now that’s trivially easy

And that’s the real problem with regards NSL’s etc, because “they own the entire ecosystem” they can break it in a million diferent ways and you will never find more than one or two, more by luck than judgment.

The way to get security is by reducing complexity and increasing error checking. One way to do this is by making the code very modular –this decresses he N^2 problem– and having simple and robust APIs between them, which form strong “choke points” where the information going from one module to another can be strongly checked and enforced “hard”. You further work on the idea of chains or streams and do not alow loop backs or feed forwards across modules.

If your moduals and interface checking solutions are supplied by sufficient numbers of different people not only does it make functional performance more verifiable, it also reduces the oportunity of collusion.

We’ve known this long before the rainbow books came into existance and it’s a conservative aproach that produces results.

The only problem is in general it’s not “efficient” nor if you want it to remain secure be as efficient as “tight code” which by the effect of optimizing for efficiency opens up all sorts of side channels.

Mark June 25, 2015 7:44 AM

Clive,

Agree with you on most of your points. However, my point was more about hard drive encryption being “trivial” to set up. I certainly don’t think that it is.

And I remember Truecrypt killing another Windows installation years ago.

I’ve given this advice to friends before: Whatever you do, back up your data before you encrypt your entire hard drive. If it were “tribally easy”, I wouldn’t need to say that.

Mark

Clive Robinson June 25, 2015 9:42 AM

@ Mark,

I’m sure that there are quite a few IC types positively delighted that disk encryption of any kind is a non trivial setup, as mistakes they can benift from will abound.

The flip side is as I indicated when some one does make disk crypto usable for non crypto-heads, the IC will just go along to the disk encryption designer with an NSL or other “never to be repeated offer” to ensure that they can still read those encrypted disks.

Thus for the average user there is no benifit in doing disk encryption when all the obvious and easy to see disadvantages are put toe to toe with the nebulous seeming benifts of disk encryption.

I guess the question is can you “fritz” the NSL induced front door… I’m not sure if you remember the Clinton era “clipper chip” or not and the problematical Law Enforcment Access Field (LEAF) [1]?

If you can Fritz the NSL induced “front door” then the user gets the benifit of secure and easy to use hard disk encryption, but I suspect not for very long.

As I noted a couple of days ago I suspect that all this talk about “golden keys” and “lawful front doors” is just a barganing position. That is the FBI ask for the impossible and thus trick the politicos and protestors into bargening up to what the FBI realy want. And in the case of the FBI I’d make a small wager it would be for a UK style RIPA “surender the key immediately, or go directly to jail without judgment” but “indefinatly” and with full “asset striping” fines unlike the limited UK version. My reason to think this is the current “Special Administrative Measures”, the “plee bargaining” con, the quick “tax addition” and the “easy vote grabing headlines” etc. And for those that think the LEA and IC community would not do this, look at exactly that they have just done over 215 and the Freedom to snoop USA legislation…

I don’t know what the answer is for the average Jo(e) but I’m guesing the answer is not to use hard drive encryption, or that is what the FBI et al will scare people into doing. Maybe the answer is as the Russian IC is reported to have done just recently, gone back to 1973 with typewriters and lockable “file vaults”, possibly with auto destruct features…

[1] The theory was that the Clipper chip LEAF served two purposes, the first to act like a checksum to ensure you were using the approved system, the second to provide information for key recovery. The problem as Mat Blaze showed was that the LEAF was not fit for purpose and could easily be spoofed so that whilst appearing as the correct checksum it could not be used for key recovery….

Allan Ewing July 1, 2015 6:39 PM

Calling BestCrypt an “obscure program” is pretty arrogant. Jetico started in 1993, probably well before Mr Schneier started his blog. Your arrogant and ignorant attitude is disappointing. Somehow, it shows (surprisingly) how uninformed you are. Also, recommending HD enryption probably is the worst thing to do. Why not just create containers for different classes of data? If you open an encrypted HD, everything shows up as supposed to containers. Sorry, but your blog entry was a huge disappointment. You are getting arrogant and complacent.

Nick P July 1, 2015 7:58 PM

@ Allan Ewing

Most people that use encryption products have never heard of it. They usually suggest Truecrypt, Bitlocker, etc. Programs such as PGP Whole Disk encryption are popular in corporate sectors. Although I regularly review security products, nobody has mentioned the name or brought it up in reviews I’ve read for so many years I forgot it existed. It was living the very definition of obscure.

Until Bruce mentioned it. I expect it has had a surge in visitors now and might become less obscure in the future. The BestCrypt people should thank him.

Allan Ewing July 2, 2015 5:25 PM

@Nick P: BestCrypt is the only encryption software that uses the IDEA algorithm (for private use, admittedly), which never has been broken. I started using BestCrypt when E4M did not work on Win XP. That was some years before Truecrypt appeared. BTW: I always said that TC was snake oil. Do you know that BestCrypt is backwards compatible and can handle containers that have been created using DOS? I think Jetico (the designer of BestCrypt) needs Bruce Schneier less than the self declared & complacent security specialist needs a stable employment history… PGP, BTW, has got a back door introduced by Mr Phil Z. The last version w/o backdoor was version 6.5.8. And about encryption in companies: I do not know where you work but shall I tell you a secret? Most companies do not encrypt their data at all. It is even worse for employees’ notebooks. Last but not least: It is said you should not purchase encryption software from the States or Western Germany (or: any EU country). BestCrypt is the only software that got the source code on their website (http://www.jetico.com/support/bestcrypt-development-kit). What about your PGP? Get some CPE before you post, please. And why do you write “most people”. Again, a bit arrogant, isn’t it? For whom do you speak?

Anura July 2, 2015 6:20 PM

@Allan Ewing

IDEA is an odd choice, and I wouldn’t personally use it. There are attacks against the full IDEA with weak keys due to it’s simple key schedule. It has a small block size (64-bit), the security margin isn’t very high (6/8.5 rounds broken) which leaves it open to future advancements in cryptanalysis, the multiplication modulo 65537 requires branching which could lead to timing or other side channel attacks, and it isn’t that fast. Serpent is much stronger and gives about the same performance, and Twofish also offers a much higher security margin and is significantly faster, and neither have any of the above problems.

Nick P July 2, 2015 6:48 PM

@ Allan Ewing

“BestCrypt is the only encryption software that uses the IDEA algorithm (for private use, admittedly), which never has been broken.”

PGP used it. Started to show weaknesses compared to the improved & widely, peer-reviewed algorithms. So, most switched to the latter. Hardware acceleration and HSM’s for some developed later. Bragging that a product uses a weaker, slower algorithm is a bad start for you.

“BTW: I always said that TC was snake oil.”

Which is funny given the Snowden leaks only named a few pieces of software as a pain in their ass. Truecrypt was one of them and the only FDE product they worried about. I think that’s telling. So, a number of security researchers review it to find it’s pretty good, FBI/NSA always have to try to bypass it (rootkits/keyloggers), and you call it snake oil while recommending a less-reviewed product. Sounds like FUD for advertising purposes.

“And about encryption in companies: I do not know where you work but shall I tell you a secret? Most companies do not encrypt their data at all. It is even worse for employees’ notebooks. ”

A red herring: companies uninterested in encrypting their stuff have no relevance to a discussion about what products are best for interested companies. I was talking about the second category. So, a piece of unsubstantiated FUD along with a red herring so far.

” Last but not least: It is said you should not purchase encryption software from the States or Western Germany (or: any EU country).”

First good point you’ve made. Finland is a bit better except that they’re a member of Wassenar Agreement and a NSA SIGINT partner (“third party”). That means the legal risk is much better than here, there still is some legal risk through cooperation, and the risk of technical attacks is slightly higher given gloves are off for foreign targets.

“BestCrypt is the only software that got the source code on their website (http://www.jetico.com/support/bestcrypt-development-kit). ”

You finally get to one of their strong selling points. This is one of the first statements you should’ve made. It should’ve been that they do FDE, support the best modern algorithms, and are open source (if fully). Still risk if they deliver a binary. Yet, that simple sentence does more to sell BestCrypt than everything you said. You opting for FUD and red herrings suggest something about your reliability as a reviewer or source for INFOSEC product info.

“And why do you write “most people”. Again, a bit arrogant, isn’t it? For whom do you speak?”

Let’s do a simple search to see how many sites are talking about the products.

BestCrypt
336,000

Bitlocker
754,000 results

Truecrypt
942,000 results

PGP
18.1 million results

It also wasn’t mentioned on a lot of encryption product reviews I read on in the past. So, that’s quite obscure in terms of reviews and the Internet. You could say I only speak for 19+ million sites… You, on the other hand, speak for the company or pretend like you do.

“What about your PGP? Get some CPE before you post, please.”

One more troll tactic. I use a combination of hardened Linux, encrypted filesystems, Truecrypt volumes, and GPG-encrypted files for my needs. I might switch to Veracrypt later given it continues Truecrypt line and works on Windows8.1, which I might need for working with Windows shops. So far I do everything truly Windows-specific on dedicated machines, in VM’s, or both depending on the nature of the work. Anyone using an Internet-enabled, Windows box with a binary application they downloaded hoping to keep data confidential must not have serious adversaries. Especially the kind that do firmware bypasses of FDE that start out as regular malware attacks. 😉

Allan Ewing July 3, 2015 4:10 AM

@Nick P

Well, fair enough. After all, it is not my data that is “protected” with snake oil software. If the crowd wants to use encryption software that contains backdoors then so be it. The three letter agency will be grateful.

BTW: TC does not work from Win 8 on.

Still, I would like to add that PGP stopped using IDEA because they have been told to do so. No other software uses IDEA, except BestCrypt.

Amen

Clive Robinson July 3, 2015 6:00 AM

@ Allan Ewing,

Still, I would like to add that PGP stopped using IDEA because they have been told to do so. No other software uses IDEA, except BestCrypt.

You forget to mention who told Phil Z. to stop using IDEA and why. Maybe you don’t know, perhaps you should look it up before trying to make it sound like an IC driven conspiracy.

As others including the designers of IDEA have indicated, it’s rapidly approaching it’s “end of life”, and most definitely out of any kind of “maintenance”. Thus it’s got the “coffin cough” that precedes the “death rattle” and “lid nail down”, your clear emotional attachment to it is way way beyond that of the designers and implementers. Whilst a “waxing lyrical” about early technology can be charming it’s extraordinarily dangerous when it comes to security technology as the death throws of DES showed (ie the IC / NSA were clearly lying by saying it was still secure even though people were actually breaking it with commodity equipment).

Whilst I’m far from being a fan of AES or even having nice thoughts about it, it’s fairly easy to see why it has considerably more milage in it than IDEA.

Personally when it comes to the AES finalists it’s clear that on security issues there were better algorithms and they are unlike IDEA unencumbered for usage.

Whilst I’ve not looked at the program source code, if it is available and sensibly written then taking out the EOL IDEA algorithm and replacing it with a far more secure AES competition finalist should not be difficult.

Perhaps you should enquire as to what the author is prepared to offer in that regard.

Zenzero July 3, 2015 6:11 AM

@Allan Ewing

“After all, it is not my data that is “protected” with snake oil software.”

Are you referring to Truecrypt here and if so where is a link to the source of this “proof”. Truecrypt has passed 2 rounds of a security review and found to be sound, how many security reviews has bestcrypt under gone?

As @Nick P mentions, Truecrypt was specifically named on an internal secret NSA documents to be one of the few products which they considered to be a considerable threat to their ability to acquire information. This to many is the biggest endorsement that Truecrypt could ever have.

PDF link (around page 25)
http://www.spiegel.de/media/media-35535.pdf

“No other software uses IDEA, except BestCrypt.”

IDEA is slow and has been broken and shown to be weak. Quite probably the reason that so few support it.

https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

Dirk Praet July 3, 2015 7:43 AM

@ Allan Ewing

BTW: TC does not work from Win 8 on.

As @Nick P already said, many folks have transitioned to Veracrypt or are in the process of doing so. I have but a few legacy systems/VM’s with TC left. I never considered Bitlocker or Symantec Endpoint Encryption for cross-platform compatibility reasons and also because frankly I don’t trust either of them. Veracrypt is free and supports (nearly) all platforms I work with, including some compatible apps on iOS and Android.

No other software uses IDEA, except BestCrypt.

Since the patent expired, GnuPG offers optional IDEA support, mostly for backward compatibility with PGP 2. From where I’m sitting, it makes way more sense to revoke old keys and generate new ones using faster and more secure ciphers. For your information: Mediacrypt AG, the company that patented IDEA, abandoned IDEA already ten years ago when it published its successor IDEA NXT (NXT64/NXT128) in 2005.

In supporting Linux, OS/X and Windows, Bestcrypt may indeed be a good pick for some, but your sales argument that it still uses IDEA for me was a con rather than a pro. That’s why I took a look at the product specifications at the Jetico site. They actually don’t even mention IDEA but AES, RC6, Serpent and Twofish instead (all 256-bit key length). For container encryption, Blowfish, CAST, GOST 28147-89 and 3-DES seem to be supported as well. If my understanding is correct, IDEA seems to be an optional driver.

So I’m a bit stumped as to your exact intentions here. If even the vendor is not promoting it as a sales argument, why are you?

Allan Ewing July 3, 2015 4:50 PM

@Dirk Praet:

Your are right about Mediacrypt. The company was dissolved and its technology taken over by Kudelski. I think, about a year ago, Kudelski sold that unit to its management.

Also, it is correct that Jetico do not mention IDEA for BestCrypt.

You did good research, anyway.

Why am I “promoting” IDEA? Simple answer: I use it since about 1992. You do not teach an old dog new tricks, I might add. If it worked for 23 years, it will work for another 23 years. As simple as that.

@Zenzero:

Re TC: It took “them” quite long to complete the audit…

Also, have a look at “Wilders Security Forums”. TC users seem to have a lot if “issues”. ==> http://tinyurl.com/pl4kzlk

@Clive Robinson

I am old enough to remember what happened to PGP. Phil Z. was told by an U.S. three letter agency (I do not think it was the NSA, tough) to remove IDEA and to introduce a backdoor. Anyway, Phil Z. now has mutated into a snake oil merchant touting his Blackphone as an unbreakable cell phone made in Switzerland. The Blackphone has already been hacked http://tinyurl.com/mepjpkd and Phil Z.’s company called Silent Circle S.A., based in Grand-Saconnex, is not even mentioned in the phone book. He set up a letterbox company just to claim the Blackphone was made in Switzerland. He even managed to get very prominent press coverage in Switzerland (“L’émergence d’un cluster actif dans la protection des données”, Agefi, 2nd June 2015). Read that article. http://tinyurl.com/pmcf7lr . It is disgusting. Phil Z. is such a hypocrite. I extremely resent using the label “Switzerland” for deceiving people (“le smartphone crypté comme un téléphone «swiss made»). Protonmail with its pretended “Cern” links is doing exactly the same.

Still, I do not see the logic in encrypting the entire HD. Again, I feel it is much better to create containers according to data categories (e.g. very confidential, confidential). You can backup the container on to a UBS stick and off you go. Why making life so difficult?

Clive Robinson July 3, 2015 5:26 PM

@ Allan Ewing,

Still, I do not see the logic in encrypting the entire HD.

It’s called “security pragmatism”…

The problem is you usually can not predict what the OS and Application are going to do or where they might be in real memory.

Thus you can not say reliably if the Application or OS has “swaped / paged” into HD “virtual memory” and written what should be secret to unencrypted areas such as the swap space on the HD. Thus the pragmatic approach is “encrypt everything” so it does not matter thus “everything” in the case of a HD is all or “full” disk encryption.

I have systems I’ve designed and built that I know don’t swap or page and don’t have “dirty buffers”. However I still FDE because it’s just simpler to do, and take the small performance hit. It also gives others “peace of mind” because they know even if the software “takes a walk on the wild side” it’s still going to be “secure”.

Allan Ewing July 3, 2015 7:58 PM

@Clive Robinson

“even if the software “takes a walk on the wild side” it’s still going to be “secure””. That is a good point. My problem is that nowadays software shows my first and last names as well as my e-mail address. So, if I loose my notebook, the person who finds it sees to whom it belongs. Until now, I managed to circumvent the issue…

Only, my point was that if you “open” the computer that is HD encrypted all data is shown. On the other side, if you create containers, you can sort the data according to confidentiality levels. That also is the reason why I discarded my Ironkey.

I do not know whether you can create containers on a machine that is HD encrypted. Maybe it depends on the software.

But I got your point & I think it is a very valid one.

PS: No grudge against Bruce Schneier. I just ordered his latest book “Data And Goliath”. It was on my to do list.

Well July 7, 2015 9:34 PM

I came looking for a specific answer to the title. Left disappointed. I read a long paper about how removing the Elephant Diffuser does nothing but make it easier to hack by selectively corrupting plain and cipher text with a demo video with Windows 8 where it shows someone doing this to launch calc on a Bitlocker enabled machine.

Seeing such a well known respected researcher recommend products because “he has a good feeling” about a group of people or Niels is his friend linking a pre-Snowden blog post which doesn’t mean other people on this guys team or other teams wouldn’t back door is disheartening to say the least.

I read the TrueCrypt audit paper as well. It’s pretty interesting but critics have put up good ancillary information about how it was limited in scope by funding and … on the truly paranoid side, that the notice contains a hidden message in Latin or possibly some other eastern bloc languages saying it’s a “warrant canary” and that the NSA is behind it.

This leaves very few options – especially Open Source ones which can be audited by many eyes (most secure). DiskCryptor and Veracrypt keep coming up but neither of these have been audited from what I can tell. CipherShed seems to be in its infancy. I’m not really interested in the commercial products because they try to hide behind security through obscurity and everyone knows how shit that is.

Sasparilla July 20, 2015 9:09 AM

@Well

Doesn’t seem to be an easy good solution for Windows users if they want full drive encryption (Microsoft removing the elephant diffuser from BitLocker in Windows 8 onward is very suspicous). This article makes one wonder if Microsoft execs decided to make things easier on their government friends:

http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/

As Bruce said BestCrypt might be a good option in the mean time till something better comes along, for those not wanting to do the legwork for TrueCrypt on newer machines & don’t trust Microsoft with BitLocker (especially what they did to BitLocker in Windows 8 & higher).

For those with enough motivation, TrueCrypt survived both stages (the 2nd stage took forever but it was completed) of its audit with no large issues. Using the 7.1a version is still viable if you want to do the leg work to get there on a newer machine (its still possible) – to do this on a newer machine it appears you need to turn off the UEFI (BIOS) features (assuming your BIOS allows this) then convert the hard drive to use MBR (instead of GPT) then install Windows and install TrueCrypt & it should work fine. Comments on this page from folks who did that with tips:

http://superuser.com/questions/669026/how-can-i-use-truecrypt-under-windows-8-1

Over the weekend I decided to verify that you could BitLocker encrypt a Windows 7 Enterprise (has elephant diffuser) drive without being connected to the Internet (i.e. no cloud key sequestration) and it appeared to work successfully (easy to do, just printed the key – the FBI likes the idea a hard copy is created they could warrant, search and obtain…). That said, I have no faith Windows won’t just route that key to Microsoft for storage after its connected again…and will turn it off to try the bit locker route (my PC is UEFI with TPM…so it’ll be interesting to see how hard it’ll be to get TrueCrypt on it).

Marec September 2, 2015 6:39 AM

We use Windows mainly because we are used to. If someone creates a linux so called skin that looks and responds like Windows then some portion of Win users would think about changing platform.

About BestCrypt, it would get more usage if it was free. As long as there are free tools (as good or bad as they are) people we use them.

Martin Glaubitz September 2, 2015 1:10 PM

There ist one sentence in the blog one should reconsider with the current release of Windows 10; “Whatever you choose, if trusting a proprietary operating system not to be malicious doesn’t fit your threat model, maybe it’s time to switch to Linux.”

I think that Windows 10 is a game changer (or should be) for people to re-adjust their coordinates of trust, even if trusting into proprietary Software has been part of the threat model so far!

No time before a Provider of Software demanded rights for private data retrieval so clearly as now:

http://www.slate.com/articles/technology/bitwise/2015/08/windows_10_privacy_problems_here_s_how_bad_they_are_and_how_to_plug_them.html

“Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary.”

After this, there is no room to speculate anymore, “if” there could be backdoors in proprietary Software or not, if all what one would presume a backdoor could do is already agreed openly as feature of the Software.

According to the logic in this blog, the consideration of moving to Linux should be mandatory as the only left “least bad of all Options”. Whereas with “bad” it means the time and efforts to invest in order to become familiar with the operating concepts of Linux.

I personally did so and decided for this single purpose of security to move away to Linux without significant experience with Linux before:

At first I installed a Linux (ubuntu 15.04) on an old PC supposed to be underpowered for serious use with Windows, however enough to do daily routine like surfing in the web, writing some letters and priting. The purpose behind was to get familiar with the look and feel of Linux, to know where to click and what to do in order to make the machine doing what one wants.

My first suprise was how smooth the installation went, my second suprise was how good it served the purpose for surfing and writing with almost no impression to really have that old system – in fact due to better memory management, more efficient file system and multitasking, etc., my now 7 year old computer appeared to run almost as fast as my new machine that was bought at the beginning of this year 2015 running with Windows 7 Ultimate. This encouraged me to work more and more often with my old Computer under Linux/ ubuntu than with my new one on Windows. As Windows 10 came out, I finally decided to not switch to it, but keep my Windows 7 until 2020 when support for it is announced to run out, and prepare myself to switch completely to Linux until then. This was my plan 4 weeks ago. Meanwhile I found out that many if not most of my software demand can be satisfied with solutions within Linux/ ubuntu, too, so that I decided to even NOW move ahead with Linux/ ubuntu also on my new computer System instead waiting for 2020.

Some Information about my security setting and general configuration:

  • I have dual boot with 2 SSDs, capable to do AES self encryption.
  • these 2 SSDs are set for self encryption via TCG OPAL using a Software under Windows 7 “Embassy Security Center”. The Software is needed to just send the user defined password to the SSD and activate the self encryption. Afterwards this software is not needed anymore, except to change the password or cancel it.
  • On one SSD I have installed the Windows 7, on the other it is Linux/ubuntu – both are protected in a first Level by each of the self encrypting SSDs
  • As self encrypting SSDs are safe for cases of theft or loss of shut-off machines, however they do not provide protection for running machines. With a warm reset someone copuld reboot with a DVD of forensics Software and still see the SSDs decrypting for any requests. This is because the SSDs lock only if power is switched off and demand Password to unlock after power is switched on again, but with a warm reset or with a plugging to another machines’s disk Controller during power on, the disk remains unlocked.
  • for this I added Software encryption as second Level, this is done within Linux easily with the LUKS full disk encryption that can be selected already during Installation.
  • For Windows it was more difficult as Windows 7 Bitlocker is not able to encrypt the System drive and Truecrypt is not able to run with UEFI. I evaluated BestCrypt and found it well, however, did not see the need to spend the money as Windows will not be going to host my sensitivie data anymore, but Linux will. I just need Windows for some purposes for wich I have not yet found a substitution for Linux, but all the management of my sensitive or private data will not be on Windows anymore. So with this reduced need of encryption, I decided to stick with EFS (Encrypted File System) on Windows. Also keep in mind that there is the additional layer of self encrypting SSD which gives me the confidence this is enough protection for the Windows System.
  • some more words about Linux/ ubuntu. I was happy to see there are solutions to access Bitlocker encrypted disks from within Linux, so that I can continue to access old data on partitions formerly encrypted with Bitlocker, read and write in NTFS. The name of this software is “Dislocker”. It also exists a counterpart in Windows to access Linux-LUKS encrypted paritions with ext4 file System; “LibreCrypt” and “Ext2fs”. Truecrypt to access encrypted containers is available for both, Linux and Windows, as well as my internet anonymizing software for the VPN, the Tor browser bundle, freenet and frost. Overall it was all possible to get and install. Sometimes with some help from Google and discussion Forums of Linux users that desribed and solved Problems that I had.

I can only encourage people to finally do this step, get started with Linux, get familiar with it, learn what you can do and do not give up too easily. Good Luck!

RusselF September 16, 2015 11:09 PM

Glad you are still online, Mr. Schneier. Been lurking at the edges of your stuff since the 1990’s. When some junior folks in my gov’t client base suggested security was really critical issue (this is the 1990’s realize), I was skeptical. I had that “Hey, I have no secrets” mentality. I was naive. It has become more crazy now. I am somewhat less naive. I watched Target Stores blow up 1 billion US dollars moving into Canada, and then throwing in the towel, and leaving. Once their credit card datahive was hacked, and this became public knowledge, their business died here. Maybe it was just crappy stuff they were selling, I don’t know. But reading the details of the hack (why were they saving customer credit card numbers, anyway???), I made the decision I would never set foot in any of their stores…

Data security is suddenly, top-level concern, everywhere. Revenue Canada (Fed Gov. Tax Agency) got hacked last year, and this changed the tax-deadline day, as I recall. And now, there are these kits that make it trivial for kids with no knowledge, to run hundreds of exploits easily against any netlinked system – and this code is trivial easy to obtain. I have been doing some quick, cursory research, and it is even worse than I thought. I run Linux boxes, and some older Window stuff. (oops. bad idea, as I now realize) Our stuff is behind a few firewalls, but I had no idea how bad, bad had become, until I bought a MacBook. Apple’s standard LLVM/gcc crypt(3) function is deliberately broken – ie. port a custom-built big bucket of (what you think) is secure C-code, to the Darwin/Yosemite platform, and (booom), their c-libaray crypt() function only does DES, not even MD5 level password hashing. (What?!)…

I just bought this MacBook, and spent many hours updating it to latest Yosemite 10.10.5, and the gcc compiler has this crypt() function that is hardwired broken to use DES password hashing – not even MD5, much less SHA512, which most folks consider the minimum level necessary. I sit way out in the back of beyond, with a wimax transponder link on a 50 foot tower doing really low level stat-arb stuff on the markets. Really no-risk stuff – basically picking up nickels in front of the modern market steamrollers.. and all I want to do is have reasonable assurance I will not be whacked and raped by some stupid Romanian or Chinese blackhat. My needs are simple, my desires very, very small. I just try to scalp the scalpers. Pay the bills, basically.

So, what is a simpleton like me to do? I cannot operate without network access, yet the world has never been more hostile to indpendent operators than it is now, perhaps since the Middle Ages.. I just wanted to port some self-built secure stuff from my Linux-land boxes to my Darwin/Yosemite Mac OS X, and I find this weirdly idiotic crypt() fuction that does not freaking work – and the OpenSSL early stuff that I run on Fedora and CentOS boxes just DOES NOT SEEM TO BE AVAILABLE on the MacBook. Huh? What is going on? This Mac hardware is so beautiful. Why is the Darwin/BSD/MacOSX software so completely foooked? I have this math stuff, for which I downloaded a big bag of code, and did the “./configure” “make” “make install” thing, and it worked fine (more or less).

I am up an running, and able to make decisions and proceed. But the crypt() function is broken. I am still reading thru the “common_cryto” documentation, which seems designed to confuse rather than assist independent programmers. I still cannot figure out how to programmatically construct a SHA512 hash on the Mac, despite having learned enough to confirm that Mac OS X has SHA512 as its ShadowHashData, deep inside the .plist files. I am a very old hacker-type who typically builds my own software, and then uses it myself. I have no big axe to grind.

But I am just gobsmacked by this deliberately wrecked crypt(3) function. It just seems beyond belief weird, that in 2015, Apple would offer a basic system function for C programmers that is absolutely known to be broken and insecure. On Linux gcc, I can call crypt() and specify a salt value of $6$, and get a full SHA512 password hash back. Do that on Apple’s latest Yosemite LLVM/gcc, and you get this 13 char DES hash value back! I am thinking of wiping the Apple MacBook, and putting CentOS 6.6 on it. Or maybe taking one of my antique Webley pieces, and just putting a .455 round thru the poor thing. I just cannot believe that in 2015, with all we know now about how bad, bad can be if you are hacked, that this sort of idiocy is still present. Was Apple really compromised by the US gov’t and forced to offer only broken “security” for private custombuilders? Or is this a “deal with the devil”, motivated by where Apple products are manufactured?

I’ve gone into full security audit mode, downloaded and built “John the Ripper” and some other stuff, and am checking if my passwords are in the common rainbow lists. So far, looks like not. But what a mess. I am an economist, and I can say with certainly, as most payments move onto the web, high-grade
digital security is not just a human right, it is a pre-condition to maintaining and running a viable modern economy.

RedGnome November 15, 2015 7:22 AM

I like BestCrypt too but not everybody can afford it, perhaps just bear that in mind before recommending software and include some free alternative.

Jaylin November 16, 2015 2:00 AM

Have you looked at the policy-based Dell Data Protection | Encryption, formerly known as Credant?

A Hill November 20, 2015 11:04 AM

As a non-expert PC user of 20 years standing, I would wanted advice on what FDE is reasonable, I use Win but would rather not put all my eggs in the same basket and use a MS-Win FDE.
I don’t expect full protection from government as they can just knock on the door if they want and force access. I’m more interested in stopping crims, my relatives and other idiots having an easy time. You all appear to know something of which you speak – useful stuff – but it sometimes comes across as tinfoil hattery sorry but it does.

Frankly, cutting to the chase from the above posts I think I will go for BestCrypt, something else on my Linux machine, and Bitlocker on my insecure laptop.

Oh, and anything truly “sensitive” isn’t on my PC – old style security still works.

Thanks for all the help (honestly not sarcastic, really).

Clive Robinson November 20, 2015 12:31 PM

@ A.Hill,

You all appear to know something of which you speak – useful stuff – but it sometimes comes across as tinfoil hattery sorry but it does.

Yup it does, and sadly the advice changes very frequently, when dealing with the more highend attackers.

As far as “crims” are concerned, the most important thing you can do is have good backups, done very regularly. The second is to either not do sensitive stuff on a computer connected to a network, or if you have to, as in Internet banking then run a minimal OS from a CDROM/DVD/Read only USB device. Boot the computer, connect to the network just long enough to do the activity, then disconect and reboot into the OS on the encrypted harddrive.

Remember FDE does not protect you from online criminal or other attacks when you are using the harddrive OS etc…

As for relatives, generally setting up accounts properly and using sensible passwords will suffice in most cases. If they are more tech savvy than that, then you have other problems that a netbook stored in a safe might resolve.

Remember FDE only protects when the data on the drive “is at rest” which basicaly means when the conputer is fully powered down (not in hibernation etc).

Personaly I think for the average user there are better security options than FDE. Most don’t involve encryption that in many jurisdictions the police and prosecuters tend to treat as a sign of guilt without further evidence. And even in some western countries you can be jailed without the usuall “due process”…

Nick P November 20, 2015 12:51 PM

@ Clive Robinson

“Remember FDE only protects when the data on the drive “is at rest” which basicaly means when the computer is fully powered down…”

Most important thing for people to remember. Really just to stop leaks with stolen laptops or HD’s being copied. It’s barely true now, though, given so many ways to attack the system to pull the data later. So, unless using secure endpoints, the protection level of FDE and use case are even narrower now.

Peter February 29, 2016 9:25 AM

I have been using Bestcrypt from Jetico for 10-15 years and have never had a problem with encrypted containers and would heartily recommend the product. My computers were er…apprehended by law enforcement some years ago because they erroneously thought I was up to something. Everything was encrypted PROPERLY (ie following Jetico recommendations and my own lateral research) and despite them using their forensic software (they said..), they could not crack my passwords (of over 60 random characters in length..) despite keeping and tinkering with my several computers for TWO YEARS. On a point of principle, I refused to cooperate with them until eventually, after two years, I did a deal with them to open the containers (but not to reveal my password and it’s style..) simply because I wanted my property back. As I had assured them, no incriminating evidence was found because they wasn’t any to find but I took the opportunity to test Bestcrypt’s products. Believe you me – they desperately wanted to get into those encrypted boxes because my refusal to open them got them slavering like demented dogs on the idea that my refusal to cooperate MUST be an indication of guilt. No, it was a big fat ‘fcuk you.’ Law enforcement do not work for you – they work for the owners of government – the owners, not the government. Bestcrypt is goooood and not in any way ‘obscure.’

Peter February 29, 2016 9:46 AM

Re my previous comment on Bestcrypt – this occurred before a new law was locally passed which means that NOW (not then), one can be jailed for refusing to hand over the password. Back then, I was on bail for two years, so effectively free. But despite this NEW law, I still use Bestcrypt. Why? Because the developers way back then, already figured on such a law and provided a remedy for it even in the older version I was using. So if you STUDY the Bestcrypt literature PROPERLY, you will be quite happy to hand over a password immediately upon request, thus keeping yourself out of jail. If you are not prepared to study the literature fully and apply it properly and to THINK FOR YOURSELF instead of relying on handouts from unknown others, then don’t complain when this extremely good and strong product falls over NOT because of IT, but because YOU didn’t study and apply the relevant requirements. A well engineered German motor car will still crash and kill you if you drive drunk. Law enforcement do not play and when they come, they come fully and properly so any armchair critic who woffles on about their rights will get a bit of a wake-up call when they stand and watch their home turned upside down in the early hours with the family in tears. I for one am not prepared to compromise my security because of terrorism because the government of governments ARE the real terrorists.

darkened April 4, 2016 12:40 PM

Snippet far below. Go to the link below and search the term “Truecrypt”. PS: The text of the website does not require JS, but extra content/links will not display unless JS is enabled.

https://mastermind.atavist.com/he-always-had-a-dark-side

“Hafner found an email address associated with the TrueCrypt programmers and sent a cease-and-desist letter, arguing that the software was based on stolen code. The developers did briefly stop additional development but soon started up again. The response of the free-software community could be summed up in an anonymous message-board response to Hafner’s demand: “F*** YOU, SecurStar—we’ve got it already!”

For the next decade, that mysterious group of anonymous programmers maintained TrueCrypt, with funding from some equally opaque source. TrueCrypt came to be known as the most powerful and reliable encryption solution available. “They improved it, even did quite impressive work on top of it,” says Hafner, whose business was forced to compete with a free product. “Nevertheless, it’s built on our engine.”

In response to the controversy, in June 2004, Le Roux returned to the alt.security.scramdisk forum and posted a note defending his E4M work, adding that when it came to the controversy over TrueCrypt and E4M, “the pure speculation here (often stated as fact) is damaging and in some cases libelous.” After that post, he disappeared from the message boards for good.”

Mugs July 9, 2016 11:01 PM

I do not encrypt my entire hard drive. Frankly, I find it a bit foolish to encrypt 350 GB of data when I have less than 100 MB of data that actually requires encryption. Thus, I take measures to ensure the relatively minute amount of data which I want to keep from prying eyes remains both securely encrypted on my hard drive while remaining isolated from the Windows operating system.

To that end, I employ Cypherix (now Cryptainer) for the secure storage, along with tweaks to a number of Windows settings (such as disabling windows penchant for saving memory to hard drive without cleaning it up later, and employing a couple of great tools for securely erasing unused disk space. I also use a couple of secure programs to edit data. These programs are specifically built to leave no footprint of the data itself either in RAM or anywhere on the HDD/SSD except the specified file location, which is encrypted via Cypherix. I rarely need to access the secure information, but when do, and I’m finished, I unmount the Cypherix volume, leaving it in a full encrypted state.

Bottom Line: Until someone creates a fully encrypted operating system from the ground up, there’s no magic bullet software that will protect your system from those who are most determined. Rather, security is both a mindset as well as a set of best practices which make it very difficult (and just might make it impossible) for anyone else but you to get at your most precious data.

Daan July 21, 2016 11:52 AM

To Peter above. I have had a similar experience with LEA in the Netherlands. They could not decrypt my desktop computer even after several months and had to sheepishly ask me for the password because it was encrypted with Diskcryptor. Of course, there was “nothing to hide” so I gave them the password. Maybe I should made them sing for it. At least we know that Discryptor is beyond local LEA. However, that was several years ago with Windows 7 and with Windows 10 these days, Discryptor does not work for WDE. Bestcrypt is certainly beyond them, according to your experience, and as for Symantec Encryption Desktop (formerly PGP), who knows? But I paid for a Symantec licence in the past and still use it. Bestcrypt is €99 (that’s allot).

Eddie July 30, 2016 1:48 PM

Bruce, putting company reputation/potential backdoors aside: now that Bitlocker supports XTS, do you feel it is now technically superior to Bestcrypt?

Piotrus October 18, 2016 4:16 PM

Hello I stumbled upon this thread recently. I don’t doubt the NSA is monitoring this thread but I don’t have anything nefarious to hide so whatevs. I recently built a new PC with Windows 10 Pro… and I’ve been trying to mull over the prospect of using BitLocker with TPM to encrypt the entire boot drive.

But I am slowly thinking I will leave it as is and not encrypt it. I wanted to dual or triple boot this machine with 2 Linux distros and having boot encryption would kind of hinder any progress made with multi-booting.

Since I am an average joe I am going to leave it as is and not bother with the encryption.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.