David Szpunar: Lead Engineer, PC Help Services

David's Church Information Technology

February 18th, 2008 at 12:28 pm Print This Post Print This Post

TrueCrypt Whole-Disk Encryption: Why I Turned It Off

Last night, I decrypted my laptop. Eleven days ago, I posted about TrueCrypt’s new whole-disk encryption. I encrypted my laptop and started using it. Speed didn’t seem to be an issue (or much of one, maybe it was a little bit slower overall, but that’s just my perception). But it also disabled Hibernation, forcing me to use Standby mode.

The main reason was the lack of hibernation support. I tried using standby, which seemed to work sometimes. I would verify that standby mode had been entered, and put the latpop in my bag. Less than 12 hours later, more often than not, the battery was dead and the laptop was off. Even within shorter time periods, I would sometimes take the laptop out of my bag and it would be running! This is dangerous, as carrying around a laptop when it’s off can be done much less gently than should be done when it’s on. And running in my bag prevents good heat dissipation, so it would be practically burning hot in this case (pun intended :-)

So, now hibernation works again. Which has worked well for me 99% of the time since I purchased the laptop. And it’s not encrypted, but it wasn’t in the past either. If they can make whole-disk encryption work with hibernation, and I’m not enthusiastic about the chances of this given the security implications that I think I understand but probably need to read more carefully, I’ll give it another try.

Note: I’m running Windows XP Pro on my laptop. At some point I may try Vista Ultimate, and may perhaps test Vista’s Bitlocker. I’ve heard it’s more complicated. I don’t know if it allows for hibernation or not. There’s an excellent overview of the two together at 4sysops, a blog I highly recommend overall.

UPDATE on March 15th: The problem with hibernation support has been fixed in TrueCrypt’s beta and soon the final release of version 5.1a. I am back to running an encrypted system for now!