BitLocker can work with an external USB flash drive, so I thought, let’s give this a try. In short, it works fine, I didn’t see any noticeable performance degradation, but it simply does not work for me. There are a few reasons to this, all which I’ll explain below.

The BIOS and the flash drive

My MoBo’s BIOS has a tendency to put the flash drive on top of the list when it considers which device it should use to boot up. This is a pain in the neck, since once I removed the USB drive and I insert it again, my BIOS tends to forget the changes. So the workaround would be pressing F12 during the POST or maybe updating the BIOS… This is the most nasty part of using BitLocker with a USB drive. And putting the RAID array as a secondary doesn’t work either. This is for me the showstopper.

Making duplicates of the USB flash key

This is a good thing of BitLocker, you can easily make a new flash drive using either a new key or simply copy a key from your current one. Also, the password you can put into your vault is a good thing to have. So no comments on this.

You can only encrypt drives on which Windows is installed

You can not encrypt other hard drives in the system. This means that I have 33% of my data protected, while the other is easy to get. This means for me that EFS (Encrypting File System) is a better alternative.

My conclusion

BitLocker has it’s limitations, and with a TPM chip on board things will certainly be a lot better. For notebooks I’d say: Go and use this. For a workstation? Unless you got one hard disk to protect and a TPM chip onboard, use EFS. It’s easier to manage and deploy once you’ve set it up. So I’ll be doing this for the coming hours:

Friday, June 05, 2009 4:25:33 PM (Pacific SA Standard Time, UTC-04:00)      Comments [0]