Windows 8 and Truecrypt – Updated May 30, 2014

we generally recommend that everyone use some form of disk encryption, preferably full disk encryption (FDE), to protect the data residing on their computer hard drives

989 1
989 1

Update May 30, 2014

Please see my post here for the latest on the TrueCrypt debacle.

 

Update May 28, 2014

The Truecrypt website is in a state of flux. We do NOT recommend using Truecrypt at this time. Please check back often until we have more clarity on the Truecrypt situation.

 

Original Post

Here at Security Beacon, we generally recommend that everyone use some form of disk encryption, preferably full disk encryption (FDE), to protect the data residing on their computer hard drives. For users of Microsoft Windows operating systems we’ve specifically recommended Truecrypt because it is free, open source, and very easy to use. Indeed, the latest Truecrypt is so good that there has literally been no excuse for Windows users NOT to encrypt their hard drives! Unfortunately, Truecrypt has not kept up with the latest changes being forced on the industry from Microsoft. As a result the software is somewhat out of date and is not 100% functional on new machines that are shipping with Windows 8.

At this time, the most recent release of Truecrypt is revision 7.1a, from Feb 7, 2012. The web site indicates that full support for Windows 8 is to be implemented in a future version, but as yet no sign of when, or if, such a version shall be released. One can only hope that donations will continue to the site so that they can continue their work updating the code for the newer operating system. In the interim, most Windows 8 users should consider other options as outlined at the bottom of this article.

Note that I said “most” users of Windows 8! There are some sources on the web that indicate the critical Truecrypt function of encrypting a system partition is actually functional under Windows 8 provided that the hard drive is formatted with the old MBR (Master Boot Record) partitioning scheme rather than the newer GPT (GUID Partition Table, where GUID means Globally Unique ID) scheme that is required on new machines shipped with Windows 8 already installed. If you are using Windows 8 on a system that was upgraded from earlier versions of Windows then your disk may have been formatted with MBR so it may be possible to successfully use Truecrypt to encrypt your system partition. You may also be in luck if you’ve installed Windows 8 from scratch, and, through astute foresight or dumb luck, formatted the drive as MBR instead of GPT. Regardless of the formatting of your disk, you can of course continue to use Truecrypt under Windows 8 to safely encrypt files and folders on your hard disk. You just can’t encrypt the system partition; as is preferred in most situations. If any of the discussion on disk partitioning seems foreign to you, wait until a new version of Truecrypt is released before attempting to encrypt your Windows 8 system system partition.

Other options:

It seems the change to GPT has also affected a number of other disk encryption programs besides Truecrypt. A web search reveals that Diskcryptor is also incompatible with Windows 8. Apparently, even Symantec / PGP also had some issues initially, but their newest releases do support Windows 8. The only bright side to the Truecrypt issue is that starting with Windows 8.1 hard drives will be encrypted by default provided you’ve got the right hardware. See also this excellent ars technica article for more details. The downside to the default encryption method is that you must share the encryption keys with Microsoft. I’m sure that’s a non-starter for many readers after last year’s Snowden revelations! If you don’t have the right hardware, you might consider an upgrade to Windows 8 Pro or Enterprise to get the BitLocker feature as an alternative. The Truecrypt situation is unfortunate, and, for some people, it is likely reason enough to delay, or avoid entirely, an upgrade to Windows 8.

In this article

Join the Conversation