Originally published at: http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
BitLocker normally encrypts entire drives and partitions, but you can also create encrypted container files with tools built into Windows. Such encrypted VHD files can easily be moved between systems, backed up, and hidden when not in-use.
To clarify for those of us who tried this with their Windows 7 machines before realizing. If you want to use Bitlocker with Windows 7 you must have Enterprise or Ultimate, if you want to use Bitlocker with Windows 8 you can have Professional or Enterprise.
How secure is BitLocker? I know TrueCrypt says to use BL now, but I still wonder regardless. Has it not been cracked yet?
Why use BL ? ......................
Can I put a BL file in DropBox the way I can use a TC file? Or will dropbox constantly try to sync the file, even while it's mounted, corrupting it?
I've been reading up on the TrueCrypt debacle; there has been a lot of chatter on Ars about this. An external audit is being done against TrueCrypt's code, and it's as secure as it ever was. The conversation over there indicates that the TrueCrypt guys have just decided they don't want to develop it any more, and so they're resorting to weak cop-outs, rather than just coming out and saying "We've lost interest. Moving on."
Here's a Stack Exchange thread on Bitlocker security:
Personally, I expect that your average computer thief will just reformat the drive rather than crack your data, but for government data, I'd probably use PGP, since I know some government agencies and many government contractors are doing just that.
I created a 1 GB VHD in Windows 7 and the initial encryption took about 20 mins. Now I find that I can't lock the drive without restarting explorer. I was assuming that there would be a lock/unlock context menu. Back to AxCrypt I guess. Or is there anyway to secure bitlocker drives on the fly?
You should not need to restart Explorer to lock the drive, but you will need to eject/unmount the drive. As far as I know, there's not a way around this. TrueCrypt effectively worked the same way by default.
Right... I used to eject my removable drives twice; once from Explorer, and then from inside TrueCrypt. I don't know if that was necessary, but I never had TC corrupt a volume that way, either.
This topic was automatically closed after 10 days. New replies are no longer allowed.