Windows Full Disk Encryption Suggestions

[Kdes]

Good Day all

We looking at encrypting all our workstations HDDs and was wondering if you may have any suggestions on free tools we can look at.

I tried bitlocker but was hoping to find a tool that can use passwords. ie on boot it prompts the user for a password. So that we don’t have to store 100s of keys somewhere and keep track of these. Would be easier to use the same password for all workstations.

Its only if a workstation gets stolen the data is protected.

Thanks

 

[supersunbird]

Set up the bitlocker on all the workstations with the same password?

 

[Willie Trombone]

What's performance like on these encrypted volumes? Particularly when hibernating / recovering from hibernation?

 

[Roo!]

I would suggest veracrypt, it's the truecrypt fork that as active development.

 

[supersunbird]

What's performance like on these encrypted volumes? Particularly when hibernating / recovering from hibernation?

Never had a issue that I can detect performance wise on my HP 250 G3 Celeron something HP with Win8.1 Pro and using bitlocker.

 

[Drone 42]

I you using Bitlocker with a TPM chip you can use passwords at boot as the key is stored on the TPM chip. If you are using Windows 10 certified devices even better as a some of the attacks on Bitlocker are mitigated using Windows 10 certified devices. If using older devices you would need to make a few Bios changes and lock down the Bios with a password too, that is if you are paranoid about the data you are trying to protect. The attacks I'm talking are difficult to pull off and if the machine is shut down and not in sleep it should be safe as the key won't be in memory.

If you are just worried about thieves reading the data and not worried about a person with more advances skills after your data, just using Bitlocker with a TPM chip will be fine for most people.

 

[Willie Trombone]

Never had a issue that I can detect performance wise on my HP 250 G3 Celeron something HP with Win8.1 Pro and using bitlocker.

Cool, if a celeron is good with it...
I recall speed issues with truecrypt volumes, particularly hibernation.

 

[Willie Trombone]

I you using Bitlocker with a TPM chip you can use passwords at boot as the key is stored on the TPM chip. If you are using Windows 10 certified devices even better as a some of the attacks on Bitlocker are mitigated using Windows 10 certified devices. If using older devices you would need to make a few Bios changes and lock down the Bios with a password too, that is if you are paranoid about the data you are trying to protect. The attacks I'm talking are difficult to pull off and if the machine is shut down and not in sleep it should be safe as the key won't be in memory.
If you are just worried about thieves reading the data and not worried about a person with more advances skills after your data, just using Bitlocker with a TPM chip will be fine for most people.

Any suggestions if you are paranoid about more than that?
Anything out there I can supply a USB key with cert for boot / unlock that I can unplug after boot process starts?

 

[Drone 42]

Any suggestions if you are paranoid about more than that?
Anything out there I can supply a USB key with cert for boot / unlock that I can unplug after boot process starts?

That is a option with Bitlocker. You can have a USB with a cert to unlock and a password.
I believe Veracrypt can do this also but I have not tested it.

 

[Kdes]

Thank you all for the replies.

Bitlocker comes up often from what i have been reading on the web too.
I need to encrypt the boot and data volumes.

Someone here mentioned that I can use passwords? Or you can only use passwords without the TPM chip?