BitLocker confusion

I apoligize if this question has been asked, but I didn't see it when I
searched the forum and elsewhere on the web.

I have a laptop that I have been considering Whole Drive Encryption on for a

The options that I am aware of are PGP Whole Drive Encryption, TrueCrypt,
and BitLocker.

I have Vista Ultimate and BitLocker is one of the big reasons I got
Ultimate, but BitLocker doesn't seem to be as straight forward as some of the
other options which is irratating.

My laptop does not have a TPM chip. From what I have read, this means that
to use BitLocker I must use a USB drive to store the key.

Before I go any further down this road, I have no idea if my laptop's BIOS
supports a USB drive pre-boot.

In addition, the BitLocker driver preperation tool was unable to create a
partition for BitLocker. I'm not sure why, but my first thought is that it
wants to move the paging and hybernate files and can't. There is a long set
of instructions that I found where you can "try" to work around this with no
garuntee that it will work.

So... Before I try to go that route I was wondering if anyone could answer
some questions about BitLocker so I know if it is really what I want.

In all of the instructions that I read on how to install BitLocker without a
TPM, the instructions always state that you plug your usb key in, boot the
system, and Vista comes up. There is never a mention of a password. Is this
correct? If so, all someone would need to gain access to the laptop would be
the USB key. This sounds unsecure to me. If my laptop was stolen there is a
very good chance the USB key would be with it. I can try to take it with me
whenever possible, but that isn't always practical or likely. Its not like a
car key that I can stick in my pocket every time I get out of the car.

Is there any way to use BitLocker without a TPM that utilizes a password? I
know there is the recovery password, but a 48 digit random code isn't easy to
memorize either.

My preference would be to use BitLocker since I already bought it.

PGP looks like a good option, but its a couple hundred dollars I think.

TrueCrypt is free, but I'm a little nervouse about using a free product to
encrypt my entire hard drive. Maybe I shouldn't be biased, but if something
goes wrong with this it will be painful to recover. I have used TrueCrypt to
create encrypted volumes before and it works well but is a hassle to mount
and unmount them all the time.


Relevant Pages

  • RE: Bitlocker without PIN
    ... We are on the process of setting up Bitlocker on our laptops for OS encryption and we are wandering if we should set up a PIN or not. ... Does linux have access to the TPM? ... We are just not sure if the extra security worths having the users to type 2 passwords to boot a laptop. ... What happens if he boots with a linux live CD/USB? ...
  • Re: Advanced Atrributes Tab under folder properties
    ... Do you mean theft of a laptop? ... If so, then BitLocker is better suited to this, so perhaps you can accelerate your upgrade plans. ... Follow the guidance in the Data Encryption Toolkit for Mobile PCs. ... Steve Riley ...
  • Re: Have you used bitlocker?
    ... I guess I'm just not sure how Bitlocker works. ... what happens when I boot the laptop? ... The TPM in the case of BitLocker essentially binds and wraps the key ... If the thief tries to brute-force the password, the FDE suite can be ...
  • Re: Bitlocker on a New Laptop
    ... If your laptop has a TPM security chip do use BitLocker. ... It will give you very good privacy protection for your data. ...
  • RE: Bitlocker without PIN
    ... attack even faster and with better results. ... The current Wikipedia article on Bitlocker ... transparent (TPM), user authentication and USB key mode. ...