Anyone use Bitlocker/TrueCrypt on their Vaio?

OK, I know this isn't exactly the right forum on NBR to be posting this is - but I've come to know all of you pretty well after two months of posting/reading waiting for my Z to arrive (and if UPS doesn't lose it, today will be the day) and I really value your opinions.

So, I've been planning out my perfect setup for a few weeks now, and what I'm considering doing is:

Dual Boot
Ubuntu Linux with LVM/Luks encryption
Windows Vista Ultimate Clean Install with Bitlocker/TrueCrypt

Although as a former security guy, and an open source guy, I have TONS of respect for some of the cool things they've been doing with TrueCrypt - I kind of am learning towards Bitlocker because it works directly with the TPM module.

So anyway, what I'm wondering is do any of you have experience with a setup similar to mine, or with any bitlocker setup at all? I am particularly interested in notebook use. My reason is that everywhere I look online, I find article that describe Bitlocker as being < 8-10% overhead, and TrueCrypt having minimal impact and potentially even improving performance on dual core machines because of prefetch. BUT, none of these articles described increased power (decrease battery time) which I'm sure both have to result in.

Also, while 10% overhead on hardrive access might hurt when transferring large files, does it make any difference in normal tasks (net browsing, movies, office suites, basic gaming), I wouldn't think so?

Finally (thanks for reading this far!), are there any non-performance related issues I'm not considering? I'm not going to lose my password, so I'm not concerned about that. But the truth is I'm not a corporate spy either - so I just like having encryption for encryptions sake. Thus, if there are real other disadvantages I'm unaware of, it may not be worth it to me. Or, if that "Proprietary security" that Vaios supposedly build into their hardrives actually does anything (I've searched all over and can't find anything), that may be enough too...

 

I don't have much experience with BitLocker, but I've frequently used TrueCrypt. I don't have anything to hide, but when going through airports, I like to have my work encrypted for obvious reasons.

Things I love about TrueCrypt:
- It's small & convenient. I don't actually have TrueCrypt on my computer. I have it on a USB drive that I launch it from every time. It's obviously not foolproof and there are some attacks that take advantage of RAM content, but the stuff I encrypt isn't *that* top-secret for this to be a real concern to me.

- Hidden Partitions. I like having a fake outer layer and a hidden layer with a separate password. (Yes, I'm a bit paranoid, I suppose. )

- Open Source. Obvious reasons.

I just tested playing back a video from a TrueCrypt partition and didn't notice much of a performance decrease (video plays back perfectly). It may use up a bit more RAM than usual? It's just a program with such a small footprint that I don't think its impact on battery life will be all that severe.

 

Using bitlocker with the TPM chip will be inherently more secure, at the cost of overhead on any function (like you've described). That said, TPM keys can be read out to an external EEPROM, just not easily. And moreover, hard disk encryption can be thwarted with a special $8.00 can of compressed air.

 

Recent research on Cold Boot Attacks on Disk Encryption shows it's not foolproof. But then again, nothing is. As you can tell by the number of comments, this research is a bit controversial.

 

Yeah, I'm aware of the Cold Boot attack, but in my opinion its kind of overblown (particularly in my case). Again, I'm not storing state secrets, so the likelihood of someone specifically targeting me and my data (which is really the only way a cold-boot attack can happen) is fairly low. Plus, for a cold boot attack to work; your laptop has to be on (or very recently on ~ 10 min), in which case Bitlocker is already logged in and decrypting your data anyway, so its not really an attack it was design to prevent.

Regardless of that issue, what I really want it for - preventing someone who takes my laptop, finds my misplaced laptop, etc - from getting access to any stored passwords, addresses, etc - I think Bitlocker/TrueCrypt/etc are perfectly capable of handling.

What I really was looking for is someone with experience in using them to comment on any additional maintenance that might be required over a normal, non-encrypted system as well as what the REAL performance overhead feels like, and more importantly, how much battery life suffers as a result.

Lattice:

Thanks for your comments, their certainly valuable. And in fact I've read all up on the hidden partitions (and even hidden OSes!) At the moment what I'm a bit more interested in, however, is entire system encryption (which is the only reason I would even consider using Bitlocker over TrueCrypt). I do, however, plan to do something similar in Linux by only encrypting the home directory...

 

True, but don't forget "on" may include asleep or even hibernating. According to the researchers, "When you lock, suspend, or hibernate your computer, the contents of RAM may be preserved–either in RAM itself or elsewhere–and, if necessary, be made accessible from RAM later without a password or other authentication. Therefore, none of these modes prevent us from recovering the desired contents of RAM. (Exceptions exist; check with the developer of your disk encryption software for further guidance.)"

Agreed.