1

I have managed to activate BitLocker without TPM support on my Windows 10 installation. Is there any security advantage of using this over BestCrypt (paid)?

To be noted that I'm only interested in securing my data against common computer theft, not against governments.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Adrien Hingert
  • 119
  • 2
  • 2
    Tool recommendations are kinda off-topic here. Maybe tell us more about your specific use-case, what you're trying to protect and to what level. Marcus Müller already provided a good answer to the question in general. – GxTruth Jul 12 '18 at 10:35

1 Answers1

1

To be noted that I'm only interested in securing my data against common computer theft, not against governments.

Hard-drive encryption only helps against data at rest. If someone uses a vulnerability in your running system, it doesn't help at all.

So, when your threat scenario is that someone remotely steals your data, this doesn't help at all.

In case you need to protect against unauthorized access to an unused (i.e. powered off, not mounted) storage device, for built-in storage devices (hard drives, SSDs), don't use either of your softwares. Simply use the device's own security (basically all modern SSDs have that, and many hard drives); whilst hardware encryption is hard to audit, it's highly unlikely a non-state attacker can gain access to your data. The drive won't give you access to the ciphertext, and if you try to brute-force the password, you will simply be permanently locked out. Also, since this happens before your OS even boots, usually there's no traces in software-accessible RAM of the password or use a software keylogger to sniff it.

For exchangeable storage (USB sticks etc), it essentially doesn't matter and you should choose what fits your application best. Often, simply encrypting the backup files before putting them into backup actually is simpler from a data management perspective – you can simply copy the same files savely from one drive to the next without decrypting them, for example.

Marcus Müller
  • 5,843
  • 2
  • 16
  • 27
  • I am just trying to protect the data on my computer in case this gets stolen. I am only expecting reasonably unsophisticated attacks. Is there an advantage in using BestCrypt over BitLocker without TPM support? – Adrien Hingert Mar 15 '18 at 19:59
  • 1
    If your computer gets stolen while it's on or in standby, none of the alternatives (bitlocker, bestcrypt, native) will help you at all. That is a very relevant theft scenario. And no, I'm not giving you again the same answer I wrote as answer to your repeated question in your comment! – Marcus Müller Mar 15 '18 at 20:01
  • What about if it's simply powered down: does it make a difference? – Adrien Hingert Mar 15 '18 at 21:51
  • @AdrienHingert For your use-case, most full-disk-encryption software is equally useful, IF your device is turned off at the moment of theft. Respectively, most FDE software is equally USELESS, if your device is powered on (assuming no fancy stuff like TPM or super-sophisticated-attackers happens). Turned on --> Key in RAM --> you are basically screwed – GxTruth Jul 12 '18 at 10:33