Filevault or Truecrypt?
I'm currently using Filevault on Mountain Lion on one of my machines and on Mavericks on another one. Recently, I discovered Truecrypt, which does similar work to Filevault.
Does anyone know what's the difference between those two and which one is better?
Does Truecrypt decrease the performance of the OS comparing to Filevault?
Truecrypt's main selling point is that it runs on windows, various flavours of linux and OSX, too. From their website, it says that they offer many encryption techniques each with a minimum of 256-bit encryption.
FileVault uses XTS-AES 128-bit encryption, which is a different form of encryption, but despite it's misnomer actually has 256 bits of encryption.
FileVault is tightly integrated into the OS, so it's probably easier to use. If your use case is over many computers with different OS's on them (windows, linux, as well as mac) then I'd go for Truecrypt for continuity.
It's important to remember that the security of these drives is limited by the length of your password. This article has an interesting discussion for further reading.
Does Truecrypt decrease the performance of the OS comparing to Filevault?
Without any testing whatsoever, I would guess that they're comparable in speed, since they are both on-the-fly encryption techniques, and perform as normal drives once unlocked.
EDIT:
I forgot to mention that TrueCrypt also supports encrypting just a portion of your hard drive, say a folder or a group of folders.
Filevault doesn't support encryption of individual files/folders. However, Disk Utility will allow you to create an encrypted image. (which can use either 128-bit OR 256-bit AES encryption)
TrueCrypt and Filevault offer many of the same functions but they are different in many ways.
- TrueCrypt is advertised as open source, although there is some debate about this. Filevault is definitely closed source.
- TrueCrypt hasn't been released an update in over two years. Filevault is presumably updated with new releases of OSX.
- Filevault 2 will let you encrypt not only a whole partition but also the boot partition. There are some risks around this because the encryption keys have to be stored on a recovery partition that is unlocked with your password at login.
- TrueCrypt does not really support boot drive encryption under OSX. You can encrypt an entire volume or create an encrypted file (image) that can be mounted as a disk
- Both allow you to use complex passwords, which you should do, but TrueCrypt also allows you to use a key file as well, which is just another way to increase the complexity of your password. For example, in addition to your password, you could encrypt with a key file consisting of every third word from Romeo and Juliet.
- TrueCrypt has an additional feature I've not found anywhere else that I think is really interesting. You can create a hidden partition within the main partition. See their documentation for the details on this.
- TrueCrypt lets you choose different hashing and encryption algorithms, even allowing you to layer them over on another. With Filevault you get the stock encryption included with the operating system.
I'm a fan of both for different reasons.
- I prefer Filevault2 for most day to day things because it's well integrated into OSX. This is particularly important to consider when you realize on-the-fly encryption modifies the traditional filesystem.
- I like the extra options TrueCrypt offers, not to mention the cross-platform functionality
Some final things to keep in mind:
- Filevault stores a boot drive encryption key on the recovery partition. By default, access to these keys will be as weak as your login password.
- Take advantage of all the repair and salvage options Filevault and TrueCrypt offer. It is more difficult to recover data from an encrypted volume than a standard one.