Windows 7 Full Disk Encryption with Truecrypt

After the TrueCrypt Full Disk Encryption Review and the 5 rules to Protecting Information on your Laptop, we are following up with a practical test of full disk encryption of Windows 7.

Shortinfosec is a great promoter of full disk encryption of laptop hard drives, and we have been using Windows 7 for several months now. On 21 Oct 2009, Truecrypt published the version 6.3 which has full support for Windows 7. Of course, why go for an open source product instead of the native BitLocker? Well, Microsoft with it's product strategy includes BitLocker only in Ultimate and Enterprise versions of Windows 7!

Can someone say 'huge security misstep' - especially for the Windows 7 Pro users?


Encryption
Naturally, Shortinfosec started with a full disk encryption test on a laptop. The laptop has the following configuration.

  • 2.1 Ghz Core2Duo CPU
  • 3 GB of RAM
  • 320 GB of disk drive
  • NVIDIA graphics
  • Windows 7 Pro 32 bit operating system

The process is the same as already described in TrueCrypt Full Disk Encryption Review. The installation of the TrueCrypt is so generic that even the most inexperienced users should have no problems whatsoever.

The actual encryption is lasts between 6-7 hours. After it finishes, you have an encrypted system drive. If absolutely necessary, you may even use the computer while the drive is being encrypted, but you won't be very productive.

Performance test
The laptop had a passmark test run before and after the encryption. We focused on CPU and HDD performance, since these areas are impacted when using an encrypted file system.

The test results are presented on the following screenshots. The overall performance of the Test Laptop is marginally better for the non-encrypted disk clone. The disk drive is most impacted on the random read/write test.

The results in red color are before the encryption
The results in green color are after the encryption



Conclusion
Encrypting the entire hard drive of Windows 7 may not seem to be a natural choice, but the product strategy of MS opens up an opportunity for products like Truecrypt.

Encrypting the entire hard drive will cause performance reduction of the disk subsystem, but the performance reduction on our system is so minute that it is just ignored by everyone.

Talkback and comments are most welcome


Related posts

Cracking a TrueCrypt Container
TrueCrypt Full Disk Encryption Review
Tutorial - Hidden Operating System with Truecrypt
Tutorial - A Poor Man's Secure USB

No comments:

Designed by Posicionamiento Web