Battle Encrypting my drives with VeraCrypt - or should I use BitLocker

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
Hello, guys,

if I have some sensitive files, I encrypt them.

But now I am planning to encrypt the whole system via BitLocker/VerCrypt.

The advantages if using VeraCrypt over BitLocker are... Obvious. Totally obvious.

But since I'm a gamer, performance is very important for me, too.

Please, is there someone who tried both solutions and can compare?

Any imput is highly appreciated. Let's discuss :)!
 
F

ForgottenSeer 85179

For internal drives you use Bitlocker and for external VeraCrypt.

If you would use VeraCrypt for Windows, it would break a lot of security features which Bitlocker provide.

Performance wise both are fine if you're hardware support AES natively
 

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
I would honestly not use a gaming machine for sensitive work. The two don't go together. You need to isolate your sensitive files on a separate laptop/tablet to achieve maximum security. Gaming software is not known for secure coding conventions, there are many cases of RCE's in them.
I know that this would be best but it's too unpractical for me :/ I always keep sensitive files in separate VeraCrypt containters. But the idea is that I want to encrypt my whole SSD (plus probably my 2 TB standard HDD for data) incuding system as there are some metadata and other stuff that can leave the encrypted files vulnerable.
 

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
For internal drives you use Bitlocker and for external VeraCrypt.

If you would use VeraCrypt for Windows, it would break a lot of security features which Bitlocker provide.

Performance wise both are fine if you're hardware support AES natively
At this moment, this seems to be the case for me. (Actually, for external I am using BitLocker + VeraCrypt containters for some files :D).

Can you please tell me more about your second statement? Which security features would be broken exactly? BTW I am planning to use (strong) password only for BitLocker (or VeraCrypt, but I am inclining to give BitLocker a try at this moment, also partly because of compatibility).

And yeah, my HW support accelerated-AES natively. I would like to know how exactly can I measure eventual slowdown?

Do I understand correctly that only booting + operation with files (copying...) will be possibly slowed and I shouldn't expect any reduction in FPS or anything like that?

I am posting the results of VeraCrypt benchmark. It seems to be pretty fast, I assume it's going to be similar with BitLocker:

1587252982637.png





1587253069725.png
 
F

ForgottenSeer 85179

At this moment, this seems to be the case for me. (Actually, for external I am using BitLocker + VeraCrypt containters for some files :D).
For normal guys like you and me that's overpowered ;)

Can you please tell me more about your second statement? Which security features would be broken exactly?
lack of use of e.g. Trusted Platform Module (TPM), Secure Boot, and Measured Boot
Maybe Early Launch AntiMalware too.

Also VeraCrypt had problems with uEFI and Windows Upgrades
 
F

ForgottenSeer 85179

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
I think BitLocker opens the lock once you boot up the machine. Any Windows program can access whatever once you boot up and sign in. It is only good for protecting your laptop's hard drive in case you lose the laptop and the bad guys can't sign in.

It's not even for laptop, in my case it's for my desktop, which itself is physically pretty secure :D But you never know. As I said, any sensitive data is encrypted using VeraCrypt. But then you have metadata, browser history, etc... etc... That's why I decided to encrypt my system disk.

I decided to make a bunch of benchmarks to see if it affects performance in any way.

Before encryption:

Boot time (time from pressing the turn-on button to seeing my desktop): usually from 13 to 17 seconds (14 s on average)

3D Mark score : 8724

Prime Benchmark score: 150069

Geekbench score for CPU: 1383/6395 (Single-Core/Multi-Core)


Geekbench OpenCL score: 89190


Novabench score: 2659

1588005005614.png


FurMark score: 14356 (FPS: 239)

UserBenchmark: Asrock Z390 Extreme4 Performance Results - UserBenchmark

Most importantly - CrystalDiskMark results :D

1588004902235.png


After encryption:

Boot time (excluding time to enter password): ranging from 14 to 26 seconds, about 20 seconds on average but it really depends.

3D Mark score : 8720

Prime Benchmark score: 150017

Geekbench score for CPU: 1382/6408(Single-Core/Multi-Core)


Geekbench OpenCL score: 89614


Novabench score: 2633

1588004976139.png


FurMark score: 14370 (FPS: 239)

UserBenchmark: Asrock Z390 Extreme4 Performance Results - UserBenchmark

Most importantly - CrystalDiskMark results :D

1588004919930.png


The tests were performed under the same conditions and I gave the computer a few days to accomodate.

I hope this was helpful at least a little bit and I also hope that I didn't accidentaly include some peronal details :D Let me know your thoughts.
 
Last edited:

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
It's known that VeraCrypt have performance problems with SSDs.
One more reason to use Bitlocker for internal drives ;)

Regarding VeraCrypt - I keep sensitive files in question in encrypted containers - performance is not an issue in this particular case :) :cool: I even set the PIM to be much higher than the default - like 10 times larger or so. I don't mind waiting a few minutes to decrypt them. I think it's worth it. I don't work with them often. But I often use my computer, so that's why I decided to use BitLocker and as you and others can see - it definitely had some impact, but AFAIK it's just a few milisecond slowdown. Sorry for typos. Thanks for your help and input, guys. Peace :)
 
F

ForgottenSeer 85179

Is good to have full disk encryption but file encryption is more important. Have you read this thread as well?

Encryption is for protecting files against unwanted access - locally e.g. a thief.

It's not against malware which doesn't work as even encrypted files aren't safe then. The malware just need to wait that you unlock the file. Or it just encrypted it again so you loose it (ransomware)

So I disagree that file encryption is more important than drive encryption ;)
 
  • Like
Reactions: Protomartyr

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top