20

I would like to ask which one of these TrueCrypt or BitLocker is safer to implement and encrypt the data in a small business environment (Windows 7, 8.1 and Windows Server 2012r)

I read about BitLocker and I am confused. Many IT professionals recommend using BitLocker however I read as well that BitLocker has an industry (Microsoft) backdoor implemented.

Not sure about TrueCrypt. Is there a backdoor or is TrueCrypt vulnerable and safe to use for business purposes?

I am more concerned about cyber criminals rather than IT Law enforcements.

Anders
  • 64,406
  • 24
  • 178
  • 215
Michal Koczwara
  • 1,580
  • 3
  • 15
  • 27

2 Answers2

14

Edit: October 3, 2015 An article in IT World for September 29, 2015 reveals the existence of, but doesn't describe fully, two serious flaws in the Windows driver that TrueCrypt installed. It isn't clear from the article whether those flaws compromise the crypto or the underlying Windows OS, or both. It also isn't clear whether that driver is installed only for full-disk encryption or at any time a TrueCrypt volume is in use.

Original answer below:

It is unknown (except probably to Microsoft and the NSA) whether BitLocker has a back door. You cannot examine the source code to find out, either. (And even if you could, a purposeful weakness might be very difficult to spot, even for an experienced cryptographer.)

TrueCrypt's source code is available and has (as of today) been audited. No back doors or purposeful weaknesses were found. So, speaking only in terms of back doors, TrueCrypt (the version before last) is "safer" because it can be and has been examined by experts.

Test it on Windows 10 before you commit because TrueCrypt is no longer supported by the original authors.

Bob Brown
  • 5,283
  • 1
  • 19
  • 28
  • 1
    Enhancing your answer with the 2-week old official audit report showing no backdoors found in TrueCrypt: https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf – armani Apr 02 '15 at 23:13
  • It wouldn't be the first time that [Microsoft hides a government requested backdoor](https://support.microsoft.com/fr-fr/kb/955417/en-us) in his encryption software... – WhiteWinterWolf Apr 15 '15 at 08:26
  • Your claim that it is unknown whether BitLocker has a backdoor seems to contradict the one below, which claims the source code has been reviewed by large companies. (That is, unless you're claiming it is plausible that the large companies have missed the backdoors, which seems on par with missing backdoors in TrueCrypt.) – user541686 Jun 01 '15 at 10:32
  • 1
    Presumably the back door only matters if the PC is powered off? If the PC is powered on and password entered, then all files are readable to the operating system anyway (or to whatever process running with sufficient permissions) regardless of the disk encryption method used. So the surely the back door only matters if the NSA has stolen your hard drive?! – SharpC Sep 15 '15 at 21:43
  • @SharpC Or you wish to return to the United States without having Customs agents prowl through your hard drive. O'course, they might seize your laptop and detain you *because* it was encrypted. – Bob Brown Sep 16 '15 at 16:10
  • @Mehrdad: Unless it can be shown that the "large companies" had a team of two or more very experienced cryptographers review the code, I stand by "unknown." – Bob Brown Sep 16 '15 at 16:14
  • @BobBrown: I would assume if if this is important enough for them to do a code review, they are not stupid enough to have an incompetent person do it. – user541686 Sep 16 '15 at 21:02
  • 1
    @BobBrown Ah yes, I forgot about such scenarios entering "the land of the free". ;-) – SharpC Sep 17 '15 at 12:20
  • @Mehrdad: TrueCrypt was audited by career cryptographers, who did not find those flaws in the drivers. Cryptography is a subtle art and software is complicated. I *still* stand by "unknown" with respect to BitLocker. The flaws only now discovered in TrueCrypt clearly demonstrate that this stuff is hard. – Bob Brown Oct 03 '15 at 20:39
  • My vote goes hands down to TrueCrypt. – Overmind Sep 15 '16 at 07:45
14

BitLocker uses AES in CBC mode, TrueCrypt and others use AES/Twofish/Serpent/cascades in XTS mode (Wikipedia: Block cipher mode of operation).

CBC mode is less secure in that it allows single bit manipulation. For example, an attacker having physical access can switch a specific bit of data and returns it to you; this can open a backdoor loophole via Windows registry, etc. See XTS vs AES-CBC with ESSIV for file-based filesystem encryption

BitLocker security has been lowered by removing Elephant Diffuser from Windows 7 to Windows 8 (including 8.1). However, Windows 10 improves security by allowing the use of AES-XTS (though not turned on by default).

I would assume that basic algorithms of BitLocker are safe because its source code has been reviewed under Non-Disclosure Agreement (NDA) by large companies that use it. One can assume there are no major backdoors because companies want professional protection. Then again, if you look at TrueCrypt, it has pitfalls like keyfile management, which is prone to grabbing precomputed CRC32 from your files in order to speed up hashing (keyfile management in TrueCrypt is very badly implemented). This may have been improved or fixed in VeraCrypt (TrueCrypt's successor).

TrueCrypt XTS mode is worse when an attacker can observe small file changes several thousands of times. For example, with cloud services such as Dropbox which track change history.

BitLocker is safe if properly configured. This is difficult, as you should:

  1. Disable uploading recovery keys to the Internet (e.g. "Microsoft Account", Dropbox, Google Drive, etc.), as it is by default shared with NSA which can access it based on who knows what creative national business safety reasons. Once you upload your recovery key once, it is already archived according to Snowden documents.

  2. Disable using recovery PIN, and use USB recovery key only (as the the former is 128 bit only).

  3. Switch to 256-bit BEFORE encrypting your hard drive. Once you do that, BitLocker is safer for boot partition because it integrates closer with hardware (TPM).

For maximum safety, you would be better off using BitLocker on boot partition, and TrueCrypt on containers mounted only when needed. Place the containers as files inside BitLocker partition. Remember that BitLocker is limited to AES.

Concerning coldboot attacks and memory Remanence, AES can be reconstructed after 40% memory degradation, Serpent key after 30%. Twofish is not determined (claimed to be very hard). We are talking about serious industrial espionage scenario here, practically military level.

Therefore you are best by combining two encryption modes and two encryption algorithms, using software from two sources.

Note that BitLocker uses SHA-512 hash, therefore, use a different hashing algorithm for TrueCrypt and then you are safe.

Again, loopholes from all sides:

  • Hash
  • Encryption algorithm
  • Encryption mode
  • Random number generator used for key generation
  • Implementation bugs, sometimes unreliable open source (like SSL Heartbleed, TrueCrypt primitive keyfile processing code)
  • Relatively immune to coldboot attack
  • Government backdoors

The advantage of TrueCrypt is that it is relatively safe by default, BitLocker is only safe after careful configuration.

The disadvantage of TrueCrypt is vulnerability to keyloggers; you should consider using KeePass with Secure Desktop.

The disadvantage of BitLocker are probable U.S. government bypassess/backdoors. If you are running an embassy or a personal Intelligence Agency, limit yourself to known source code. If you are important enough, I assume BitLocker code has been shown to you, so you can decide to trust it on that level or not.

Jesse
  • 103
  • 4
user71148
  • 179
  • 5
  • 1
    As an update, starting with Windows 10 build 1151, Bitlocker also supports XTS-AES: https://technet.microsoft.com/en-us/library/mt403325(v=vs.85).aspx – Håkan Lindqvist Mar 30 '16 at 13:14
  • You can check what encryption method is in use using `manage-bde -status` (in an admin command prompt, of course). On Windows 10 Pro 1809 my system defaulted to "XTS-AES 128". – jdgregson Jan 15 '19 at 11:19