Want to use BitLocker and/or my hard drive's FDE...

...so I have a couple of quick q's: I have Vista Ultimate, and my laptop has a TPM, version 1.2. Four of my hard drives have FDE, which stands for Full Disk Encryption.

First of all, is one "better" than the other, and if so, in what way? Except for that Bitlocker will be able to encrypt NON-FDE drives.

Outside of losing/forgetting the key, how "dangerous" is this operation as far as losing data, or anything else happening, which I'm not thinking about?

Will my system slow down at all?

How important is choosing the key, i.e. manual vs. the "recommended" setting of manually entering a phrase? I know I can always back up the key. Is it "the more the merrier" as far as the length of the password?

Should I use BOTH encryption methods, or should I specifically *NOT* use both simultaneously?? If possible, would the drives be any more secure, or might the two encryption methods interfere with one another?

How strong will the encryption of the drives be? How would anyone break into a stolen or lost drive, for example?

Alright, and finally, are there any other important questions that I'm leaving out, and/or is there any add'l information I should know?

Thanks all!!

 

IMO, full disk encryption is the best option. It works transparently with all OS's and file systems. Hard disk manufacturers claim there is little to negligible performance decrease with FDE.

According to reports, BitLocker has been less than stellar. It was the source of several BSOD bugs. I would skip it.

Of the third party disk encryption software, I highly recommend TrueCrypt. I have personally used TrueCrypt both in volume and partition mode, and it works without a hitch. The best part is TrueCrypt is free and open source software. TrueCrypt's performance varies between 60 MB/s to 15 MB/s depending on the algorithm on my computer.

If the encryption algorithm is AES-256 or better, I would not worry about the data being brute-force cracked. Instead, it is faster and easier for the assailant to get the password out of the user.

Using two different encryption programs on top of each other does not really get you anything.

 

Thanks guys!! msb0b, don't I know you from somewhere???

Anyway, Doggie, they're Hitachi drives, and four of them have FDE, two of them are 200GB, two are 160GB. Is that what you wanted to know?

BitLocker was half the reason I opted for Ultimate, as I knew I'd need it eventually... There have been "BitLocker and EFS enhancements" available for download recently. It's probably not a good idea to use it with the RTM version of SP1, and instead wait for the final version of SP1, which I had planned on...

What does "60MB/sec. to 15MB/sec." mean? Does this mean that whatever I use, there WILL be a lag in performance? And how will I "experience", or "feel" whatever the "lag" will be?

@Doggie: Which way do you think I should go? BitLocker?? FDE??? Both?? Do you share the opinion that BitLocker is crappy?

THANKS again!!!!!!!!!!

 

Is FDE similar to the Hard Disk Password option that Dell provides in the bios?

 

Ok, that's a strong statement. Do you agree with an earlier poster that there will be, albeit barely noticeable, a bit of a performance lag??

Also, why FDE vs. BitLocker? I really only need this for me, and I can always "decrypt" the drives that I want to maybe sell or give away at some point, right?

Thanks again!

Crunch