TrueCrypt vs BitLocker

Edit: October 3, 2015 An article in IT World for September 29, 2015 reveals the existence of, but doesn't describe fully, two serious flaws in the Windows driver that TrueCrypt installed. It isn't clear from the article whether those flaws compromise the crypto or the underlying Windows OS, or both. It also isn't clear whether that driver is installed only for full-disk encryption or at any time a TrueCrypt volume is in use.

Original answer below:

It is unknown (except probably to Microsoft and the NSA) whether BitLocker has a back door. You cannot examine the source code to find out, either. (And even if you could, a purposeful weakness might be very difficult to spot, even for an experienced cryptographer.)

TrueCrypt's source code is available and has (as of today) been audited. No back doors or purposeful weaknesses were found. So, speaking only in terms of back doors, TrueCrypt (the version before last) is "safer" because it can be and has been examined by experts.

Test it on Windows 10 before you commit because TrueCrypt is no longer supported by the original authors.

BitLocker uses AES in CBC mode, TrueCrypt and others use AES/Twofish/Serpent/cascades in XTS mode (Wikipedia: Block cipher mode of operation).

CBC mode is less secure in that it allows single bit manipulation. For example, an attacker having physical access can switch a specific bit of data and returns it to you; this can open a backdoor loophole via Windows registry, etc. See XTS vs AES-CBC with ESSIV for file-based filesystem encryption

BitLocker security has been lowered by removing Elephant Diffuser from Windows 7 to Windows 8 (including 8.1). However, Windows 10 improves security by allowing the use of AES-XTS (though not turned on by default).

I would assume that basic algorithms of BitLocker are safe because its source code has been reviewed under Non-Disclosure Agreement (NDA) by large companies that use it. One can assume there are no major backdoors because companies want professional protection. Then again, if you look at TrueCrypt, it has pitfalls like keyfile management, which is prone to grabbing precomputed CRC32 from your files in order to speed up hashing (keyfile management in TrueCrypt is very badly implemented). This may have been improved or fixed in VeraCrypt (TrueCrypt's successor).

TrueCrypt XTS mode is worse when an attacker can observe small file changes several thousands of times. For example, with cloud services such as Dropbox which track change history.

BitLocker is safe if properly configured. This is difficult, as you should:

1. Disable uploading recovery keys to the Internet (e.g. "Microsoft Account", Dropbox, Google Drive, etc.), as it is by default shared with NSA which can access it based on who knows what creative national business safety reasons. Once you upload your recovery key once, it is already archived according to Snowden documents.

2. Disable using recovery PIN, and use USB recovery key only (as the the former is 128 bit only).

3. Switch to 256-bit BEFORE encrypting your hard drive. Once you do that, BitLocker is safer for boot partition because it integrates closer with hardware (TPM).

For maximum safety, you would be better off using BitLocker on boot partition, and TrueCrypt on containers mounted only when needed. Place the containers as files inside BitLocker partition. Remember that BitLocker is limited to AES.

Concerning coldboot attacks and memory Remanence, AES can be reconstructed after 40% memory degradation, Serpent key after 30%. Twofish is not determined (claimed to be very hard). We are talking about serious industrial espionage scenario here, practically military level.

Therefore you are best by combining two encryption modes and two encryption algorithms, using software from two sources.

Note that BitLocker uses SHA-512 hash, therefore, use a different hashing algorithm for TrueCrypt and then you are safe.

Again, loopholes from all sides:

• Hash
• Encryption algorithm
• Encryption mode
• Random number generator used for key generation
• Implementation bugs, sometimes unreliable open source (like SSL Heartbleed, TrueCrypt primitive keyfile processing code)
• Relatively immune to coldboot attack
• Government backdoors

The advantage of TrueCrypt is that it is relatively safe by default, BitLocker is only safe after careful configuration.

The disadvantage of TrueCrypt is vulnerability to keyloggers; you should consider using KeePass with Secure Desktop.

The disadvantage of BitLocker are probable U.S. government bypassess/backdoors. If you are running an embassy or a personal Intelligence Agency, limit yourself to known source code. If you are important enough, I assume BitLocker code has been shown to you, so you can decide to trust it on that level or not.