Discussion in 'privacy technology' started by Forever, Feb 19, 2014.
I wonder because DiskCryptor is much faster on my SSD than Truecrypt.
I can't answer your question, but I preferred Diskcryptor when I was using Windows. Have you compared the specs listed on their websites?
Well. I wonder why Diskcryptor is so much faster than Truecrypt on my ssd. Do anyone of you know why?
I think Diskcryptor's author made changes to optimize performance for the 4kb sector size used by SSD drives. I tried to find a reference for where I read that before and couldn't. I did find these benchmarks which support this being the major performance difference between the two.
I wish he would release a version for Linux.
Is the difference noticeable?
It was noticeable for me using the same test as the one I posted. Didn't you already answer that question in your first post?
True. On the other side: I didn't find anything about the "security" of this program compared to Truecrypt. I would really love to know.
I doubt that anyone can answer your original question based on solid evidence, because I think that such analysis was never performed.
DiskCryptor seems to be dramatically quicker on a WDE boot drive than either TrueCrypt or Symantec Drive Encryption (formerly PGP). There are reasons for this that I have seen quoted elsewhere (it encrypts this rather than that etc), but whereas TrueCrypt showed terrible figures in speed tests on my SSD, apparently almost grinding the disk to a halt, DiskCryptor didn't appear to slow down at all, with "PGP" somewhere in the middle.
Would I trust DiskCryptor? No. We know nothing about the author, the standards used, the checking process, his motives etc. We don't know a great deal about TrueCrypt except that it SEEMS the authorities cannot crack it; with DiskCryptor we know far less, and the fact that it has hardly any impact on performance makes me concerned. Also, I don't understand why Serpent is much quicker than AES on its benchmarking. Surely it should be the other way round?
In fact, I use Symantec for WDE (PGP). A whole team of people must know what they're doing, some big names have lent their services to check it over, and I think Symantec would look very stupid if it turned out that they had sold us short. A very layman's set of views but just my gut feeling (which is all we can go on sometimes).
Of course, it costs money.
Would they look as stupid as Google when it was found out that Gmail had a NSA backdoor or as stupid as Microsoft with their NSA backdoor to Hotmail?
Hmm... I hadn't realised that MS had sold their soul to them, too. So what do others use for WDE? Truecrypt, if they can stand the performance deficit, and DiskCryptor if they can't (and can take the gamble on its lack of documentation and analysis)?
Here's how I think about this:
(1) I assume that IF a sophisticated government Security Agency decided it needed to examine the contents of my hard drive, they would find a way.
(2) I have no way of knowing which WDE or file encryption software has been back-doored or not.
(3) I am satisfied that most of the popular applications will keep out hackers, data thieves, and your inquisitive 15 year old nephew. I can sleep at night.
(4) If I had something to hide from the NSA / CIA / KGB etc., I would not be sleeping well at night - no matter what evasive actions I took.
Finally, there is an actively updated website that discusses reasonable software options across a variety of platforms. I find it a useful supplement to what is available here at Wilders:
Agreed. So much for 'they wouldn't do it, because they'd be harmed' logic. It simply doesn't work.
I opt for file/directory encryption rather than entire drive simply because none of the major drive encryption products have been audited. Truecrypt author is a mystery, and an independent audit is underway. It may be some time before it is done. While there are plenty of file/directory tools out there, some have been audited.
has 7Zip been audited (with respect to their Encrypted archiving)?
A third option would be to join those of us that have switched to Linux and use dmcrypt/LUKS for WDE. My disk performance on Linux is at least as good if not better than what DiskCryptor was giving me and Linux also satisfies your second criteria.
Full drive, partition, or container encryption?
If partition, are you leaving a percentage unused for TRIM?
I'm looking at using TC on an SSD, and a while back read through some articles about TC performance is decent providing you leave space unused for TRIM to work. I haven't tried it yet, though.
AFAIK, TC's performance hit doesn't have anything to do with TRIM or how much unused space is on the drive. It is due to the 4K sector size and how data is written to the SSD memory cells.
All the benchmarks on my i7 PC rocked those of Truecrypt.
Serpent was the fastest of them all on Diskcryptor, so I went with that.
I think the i3,i5,i7 tweaks really show!
Just encrypted my OS (SSD) in about 30 minutes (without hardware support).
I'm wondering about transferring over from TrueCrypt to DiskCryptor myself.
Is it as easy as uninstalling TrueCrypt after decrypting the system, then installing DiskCryptor and encryptin the system? Does it support multiple drives like TrueCrypt's System Favourite Volumes?
Unfortunately, I have 600 GB of encrypted data that I have to copy, something I'd avoid until those questions are answered.
It is that easy. You don't even have to uninstall TrueCrypt. I was using both without any issues. DiskCryptor does support multiple drives. My transition to DiskCryptor went smoothly, but I would recommend backups of all your data just in case.
I'll trust you on this... Wee, 5.5 2 5 hours copying over eSATA. Why the heck can't TrueCrypt decrypt a non-system partition? I'm thinking laziness and lesser need to.
Do I need to encrypt the System Reserved Partition? I can't seem to get a clear answer searching online. Kind of scared to reboot lol.
Edit: Seems like I should, and everything is working fine now. Not sure of performance increases yet, but at least it isn't slower.
Modified bootloader to display "No bootable device -- insert boot disk and press any key", is there a better a way to hide it?
Due to AX64 Time Machine incompatibility on my system, I will be moving back to TrueCrypt FDE. At least I can decrypt non-system partitions instead of moving sensitive data and shredding them.
Separate names with a comma.