Windows Encryption Opposition: VeraCrypt Vs. Bitlocker
When you really need to keep your files safe, you need encryption. We’ve covered the basics before and even rounded up your favorite encryption tools , but today we’re presenting two of the most popular options for Windows to see which one best protects your sensitive data.
Applicants
Choosing two encryption tools for this comparison was not easy. Should I consider two similar tools or the two most commonly used tools? In this case, we chose the latter and decided to focus on Windows because, in addition to being the most popular operating system in use, it allows us to narrow our focus down to two big applications that most people will actually choose from, even if there are many options with different ones available. functions. Don’t worry if your favorite encryption app or platform isn’t here, we’ll get back to you shortly. Now with that said, let’s take a look at our two main contenders:
- Bitlocker : Microsoft’s built-in encryption tool is very popular, in part because it’s efficient and built into the operating system you’re already using (assuming you’re running Windows 7 Ultimate or Enterprise, Windows 8 Pro or Enterprise, or Windows 10. Pro or Enterprise.) Bitlocker supports AES encryption, and while it is mainly used to encrypt the entire drive to lock the entire computer, not just certain files, it also supports encrypting other volumes or a virtual drive that can be opened and used like any other drive on your computer. If you want to encrypt certain data and not everything on your computer, this is what you need. When I asked publicly what encryption tools people use, Bitlocker came up quite often.
- VeraCrypt : Free, open source (mostly) and cross-platform, VeraCrypt can handle pretty much anything you throw at it. It’s a fork of TrueCrypt that melted down and stopped development back in 2014, but has since been updated, improved its own security, and is much faster. VeraCrypt supports AES, TwoFish and Serpent ciphers, and also supports the creation of hidden encrypted volumes within other volumes. VeraCrypt also supports full disk encryption, including system drives. This makes the tool flexible enough to encrypt files and volumes on the fly to keep specific files and data secure, or to encrypt entire systems so that only authorized users can access them. It also doesn’t hurt that VeraCrypt is fast, free, and available on just about any computer you might need it – or your encrypted data – on.
Both are fine, and you absolutely can (and, seriously, should) use both. We’ll get to the details in a moment, but Bitlocker is great for seamless, even unfamiliar, full disk encryption, and VeraCrypt is great for encrypting volumes, drives, containers, or specific files for storage or security on the fly. If we had to give a preliminary recommendation, we would say use both methods.
However, Bitlocker and VeraCrypt are very different tools, and who each is best for depends a lot on your type of user and what you have access to. Let’s take a look at some of the main differences.
VeraCrypt wins on availability
The biggest difference between VeraCrypt and Bitlocker is the most obvious: who can actually use it.
Not everyone has access to Windows Pro or Enterprise editions, so Bitlocker isn’t suitable for many. If you’re using Windows 7, 8, or 10 Home, you can’t even think about using Bitlocker unless you upgrade to Pro. While we generally prefer the Pro versions ourselves, if you went out and bought a computer today, you probably would have gotten something with Windows Home installed. VeraCrypt is a clear winner in this regard, as it is available to anyone on any version of Windows (and of course other operating systems).
Likewise, the fact that a Trusted Platform Module (TPM) crypto processor is required to use Bitlocker on your computer (or jump over a bunch of hoops to set it up otherwise ) narrows the field even further, but not much. TPM uses hardware to integrate encryption keys into your device and makes encryption and decryption transparent to you. It also has its own problems, more on that later.
Of course, most modern computers support TPM and have one installed, and if you are a PC builder, you will probably get a motherboard that has one, too, whether you plan on it or not. People with older hardware may have a lot of trouble, but anyone with modern devices will be fine – but it’s still a limitation that VeraCrypt users won’t have to worry about on any platform, and it’s also what keeps Bitlocker from outside of Windows, not that Microsoft is terribly concerned with security beyond its own operating system.
Bitlocker is easier to use, but it’s not that hard with VeraCrypt
Things are a little more controversial when it comes to ease of use. As with any security product, the fastest way to get people to accept your tool is to turn it on by default, or so easily that people flip the switch and don’t think about it again. In this case, using Bitlocker to encrypt your entire hard drive is as simple as opening its control panel and turning it on .
From this point of view, encrypting the entire drive is the easiest way to protect all of your data. This means that if your laptop is stolen or lost somewhere with sensitive data, and even if the disk is removed, you can be sure that whoever has it can get your hardware, but not your software and data. and you don’t need to manage containers to protect your files. Bitlocker succeeds at this, which is why many companies turn it on by default. If you’re a power user, you can go ahead and encrypt partitions and additional volumes, or just enable it to simply encrypt the entire drive while you’re using something else for specific files and folders.
All of this suggests that VeraCrypt is not difficult to use. You really need to install and configure it, but this barrier is enough to keep some from it, especially those who are not tech savvy and not versed in the intricacies. Using it for full disk encryption is not a difficult process , but it is more difficult than toggling a checkbox. You will need to make a recovery disc just in case things go wrong, but you also get the benefit of creating a fake operating system, so if you need to decrypt, you can decrypt the OS, but not your data. This is an example of a trend: VeraCrypt is a powerful product, but you need to be ready to dive into it and really use it, and be comfortable with a little more than just a turnkey solution.
VeraCrypt wins in security
An encryption tool is only as good as it provides security, and while VeraCrypt is not perfect, it is definitely more secure than Bitlocker. Most users probably won’t notice the difference, but it’s important to note that there is a gap between the two.
VeraCrypt supports more encryption methods and types than Bitlocker, stronger keys, better encryption and decryption method ( CBC versus XTS , although none is perfect) and of course, it is open source and open to auditing. Microsoft will most likely never allow this as Bitlocker is proprietary (and we all know how well stealth protection works). Best of all, the VeraCrypt developers took the results of the TrueCrypt security audit and used their notes to improve their own product (and began to push the proprietary TrueCrypt code out of their own product).
As we mentioned, VeraCrypt is not perfect. The Security Issues section of his Wikipedia article summarizes most of them (although many of them, especially malware and other physical access issues, also apply to Bitlocker) and are worth considering if you are discussing these two issues based on security. … In addition, while the VeraCrypt developers have worked to address many of the issues identified in the TrueCrypt audit, VeraCrypt has yet to undergo its own full audit (although we hope to begin later this summer ).
For its part, Bitlocker doesn’t slouch. Not that he’s weak – he’s just not that strong. Bitlocker keeps things simple (mostly to speed up adoption) and doesn’t get bogged down in power user features, which, depending on who you are, you need or want to see in order to get serious about the tool. Its AES encryption (128- and 256-bit) is strong enough for the vast majority of people who worry about losing sensitive data in the back of a taxi or someone spying on their system, but if you really have a smart adversary. who needs your data, you are not vulnerable on your own, but you can strengthen your hand a little.
A big – and still controversial, even today – question related to Bitlocker is whether Microsoft has a backdoor for encryption software to make it easier for law enforcement and government agencies to access encrypted data. We have no way of settling this dispute here, and it came up the last time we discussed Bitlocker . To be honest, most people won’t have an adversary like the NSA on their tail, so it doesn’t really matter, but we’ve already established that any backdoor – if it exists – is bad because the door is not I don’t care if it’s used The good guys or the bad guys (or the bad good guys). That said, there is no strong evidence – just a lot of suspicion, speculation, and controversy – that Bitlocker has a backdoor, but there are more than a few good reasons to trust open source software over closed source, proprietary stuff anyway.
The question then becomes whether the TPM is safe. VeraCrypt (and a number of other open source security tools) developers refuse to support TPM for good reason. TPM has been compromised before , although it took incredible effort to do it, the truth is that it is good at one thing, but it is not very good at protecting the system from malware or other attack vectors that could give an attacker access to sensitive data.
In the end, both products are strong, but VeraCrypt is just stronger and more flexible, even if it’s not turnkey. The average user won’t even notice the difference, and the fact that VeraCrypt is stronger shouldn’t stop you from using Bitlocker (just set it up correctly ) if you want the ability to encrypt your entire drive seamlessly and transparently.
Verdict: VeraCrypt is stronger and more powerful, but also uses Bitlocker
Bottom line: Unless you also plan on using VeraCrypt to encrypt your entire drive, these two tools are better suited to each other than replace each other. Use Bitlocker to easily encrypt your entire drive at the click of a button. Then fire up VeraCrypt and force some encrypted containers, hidden volumes and levers to take advantage of all the great benefits of the app. If you don’t need full disk encryption, but want to encrypt and decrypt specific files or containers, VeraCrypt is your best, fastest and most flexible choice.
If you’re a power user or don’t trust Microsoft (but still use Windows), you can ditch Bitlocker entirely and use VeraCrypt for everything, that’s okay too. When it comes to tuning and customization, the bar is slightly higher for you, but not so high that it is difficult to overcome it.
Anyway, whatever you use, use something. It is easier than ever to adopt encryption.