I am looking for an encryption tool that is completely cross platform – effectively like FileVault or BitLocker but compatible with both operating systems.
My use case is that I'd like to encrypt a drive that is used heavily between two sites (it travels, hence the encryption) – one Mac and one Windows. Ideally, I'd like to encrypt the whole drive and when I plug it into either machine, it prompts me to enter a key of some form to decrypt it.
I understand that TrueCrypt used to be a great way of doing this – but unfortunately it is no longer supported / developed (ref). I'm not at all adverse to using a command line to unlock and relock the drive provided it is fast enough to be relatively transparent.
Has anyone else encountered this kind of thing / have any suggestions? I'm running Mavericks on all Macs and 8.1 on all Win machines.
Thanks!
Best Answer
TrueCrypt 7.1a has gone through at least two audits. They found a couple of high-severity issues were found, but there are no known exploits against them, and one only affects the Windows version. And the one that affects Mac OS, like many exploits, requires physical access. Unless you are worried about your macbook falling into the hands of the NSA or Russian hackers (note: I'm being hyperbolic), I wouldn't be too worried. I'm pretty concerned about security myself, and I'd have no problem using TrueCrypt. The only concern I would have is future compatibility as operating systems evolve and drop support for older stuff.
But there are two active forks off of 7.1a, only one is ready and stable, and has a Mac version: VeraCrypt.
Once you set up an encrypted volume - essentially a loopback file - you still have to format it with something cross-platform. I'm guessing you already understand this part, but if not, this is going to be your biggest cross-platform issue. Or at least, it has been for me having done this kind of thing many times.
FAT32 is really the only rock-solid cross-platform filesystem. It comes with a so-called 32GB partition size restriction, but this can be overcome, for example with Fat32Formatter.
NTFS "should" work, in the form of NTFS-3G, but in practice it never has for me! This could be just my experience, but every time I've tried it I've had issues: either lost data or had concerning enough file integrity issues that it worried me too much to trust important data with. NTFS-3g claims that they comply with NTFS rules better than Microsoft, and that any integrity issues that arise are Microsoft's fault. Which seems plausible to me. But the bottom line is that whenever I used NTFS-3g on a volume, then used it natively in Windows, it had oodles of integrity issues using Microsoft chkdsk. And like I said, I've lost data before, more than once. Personally I just don't trust it.
But in the last few years, I've not had to worry about cross-platform issues. Because, if I need to use NTFS from Mac or Linux, I just use it natively in a VM and share it via CIFS. I've even used Windows 2000 (with no licensing issues) in a VM to access NTFS volumes from Mac or Linux.
But any more, the only "cross-platform" file system I use is ZFS. I used to use two small 1tb USB drives velcro'd to the lid of my Macbook (running Windows), with a Linux VM sharing the ZFS volume via CIFS.