| ▲ | IngoBlechschmid 2 hours ago | |||||||
Okay, yes, sure. It definitely is the most-used encryption software for Windows. But I would never trust it a second, being proprietary and known for issues. You likely know that, but for the benefit of others: 38C3 - Windows BitLocker: Screwed without a Screwdriver https://media.ccc.de/v/38c3-windows-bitlocker-screwed-withou... https://www.youtube.com/watch?v=5eNtT2p12cM | ||||||||
| ▲ | noinsight an hour ago | parent | next [-] | |||||||
If you’re at all serious about security and not user convenience, you deploy BitLocker with a PIN instead of TPM only. And then a whole class of vulnerabilities goes away. | ||||||||
| ||||||||
| ▲ | bri3d an hour ago | parent | prev | next [-] | |||||||
The issues you linked with BitLocker are obvious properties of BitLocker-with-SecureBoot-only architecture. If you configure Linux that way, you get similar issues (for example, it's pretty easy to mis-configure TPM sealed disk encryption on Linux to still allow a recovery shell, which will run with the disk unsealed). BitLocker with a password (the equivalent of the LUKS configuration in question) does not share these issues. | ||||||||
| ||||||||
| ▲ | saidnooneever an hour ago | parent | prev [-] | |||||||
veracrypt lost their drivers license so afaik you should avoid it since it cannot update its drivers any longer. didnt see any news about them reacquiring that license | ||||||||
| ||||||||