BitLocker uses your computer's TPM device, if it has one. If it does not, you'll be forced to use a USB memory stick to keep your key on. You can choose to use the USB option instead of the TPM.
- Pro for TPM - easy to use. turn the PC on and it's ready to use.
- Con for TPM - windows is super easy to get into even when a password is used. attacker can steal your whole computer and get into your system if they know what they're doing. it's not an advanced attack.
- Pro for USB - take the drive with you wherever you go, attacker can't get in if you shutdown your PC when you leave your place.
- Con for USB - if you lose the drive, you lose the key. you could, of course, print the key and keep it in a fireproof box. if you leave the USB drive with the PC, then it's like the "Con for TPM" scenario.
[tin-foil-hat] "We have been able to provide police, law enforcement, and private investigators with a tool that allows bypassing BitLocker encryption for seized computers.” source: http://www.thetechherald.com/articles/New-software-will-break-BitLocker-encryption/8538/ [/tin-foil-hat]
edit: Volume-level encryption, which BitLocker employs and so can TrueCrypt (in addition to containers and partition-level encryption), is not as good as Full Disk Encryption, but still good. The most popular use of TrueCrypt is creating encrypted containers within unencrypted (or encrypted) partitions.
- Pro's to TrueCrypt - it's vetted and regarded as one of the best platforms to use. good, long passwords stored in your brain are hard to brute force.
- Con's to TrueCrypt - don't forget your password. theoretically, and especially if a short password is in use, the container can be brute-forced fairly easily. Longer passwords are better than more complicated passwords when it comes to encrypted containers. (see *However* below)
*However* TrueCrypt also supports the use of keyfiles, which means you can create an encrypted volume, partition, or container, store the keyfile on a USB memory stick, and store a good, long password in your brain. the container in this scenario can't be brute-forced without the keyfile, but you need the keyfile and the corresponding password to unlock the container.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Aug 01 2013