Truecrypt and BitLocker FDE Experiment

The other day I was re-installing windows and half way through encrypting the drive with TrueCrypt I wondered what if I encrypted with bit locker afterwards?

So I decided to try it and see what would happen. To my surprise it actually works. I notice a slight amount of lag, mostly when booting, but besides that it actually works flawlessly. This means that if someone wanted to they could double encrypt their system HDD and protect them selves even more (although over-kill). With this setup if any vulnerability were to be found in one of the programs the other would negate the effect completely. You also get the added use of tokens and memory wipping that TrueCrypt has yet to provide.

As I said extremely overkill but it IS possible to do this. Just thought someone may enjoy trying this.

 

Doesn't truecrypt already encrypt it with 3 different methods? Or at least it can.

You can encrypt something infinitely, I just don't know why you would since it's basically "uncrackable" after a very short time.

 

As I said it is overkill but in theory it should be more secure then using TrueCrypts cascades as a vulnerability in TC's PRNG would effect all algorithms including the cascades. This is two completely deferent encryption programs encrypting the drive with the same algorithm (aes-256 bit).

 

So you have to put in two different passwords then?

 

No. I don't have a TPM in my computer so I only have to plug in a flash drive for bit locker. It uses it as a secure token to authenticate and boot. TC needs a password still. Been running it for a few days now (on a net book) and no noticeable slow downs thus far

 

Hmmm, sounds like fun. But how would you access the data on your dual-encrypted drive if there was partial disk or system failure? The recovery procedures are very different for the two encryption methods. I doubt if TC's "mount w/o preboot auth" would be of any use, which is unfortunate, as that's usually the best approach for recovering data. And I don't think Bitlocker's usual preboot recovery methods would work if the drive was also TC-encrypted. Maybe you could use the TC rescue disk to decrypt the entire drive (which can take days) and then try the Bitlocker procedures after that?

 

That is probably the easiest way to do it. I could also put the hard drive in a USB enclosure and mount it on another windows 7 machine with TC and than Bitlocker. I also managed to encrypt a TC volume with bit locker as well.