I have been using Bitlocker for a little while now. On the whole, it seems to do its job well enough. I mean, it encrypts data to keep unauthorized people from accessing it. That is its job, and that’s what it does.
The setup process is a bit difficult, if you don’t want the default settings. By default it uses 128 bit AES encryption. I prefer 256 bit, though it is arguable that it is overkill in today’s world. However, the U.S. government requires 128 bit encryption or better for anything classified Secret, and 256 bit encryption for anything classified Top Secret. They see a benefit in the added level of security that 256 bit encryption offers. Since there is no difference in cost between the two, other than changing some settings, I figured I would go for the better encryption. That part is trivial compared to getting my other requirement working properly. I wanted my computer to make proper use of the TPM module, and load an encryption key from my hardware encrypted thumb drive, and require a lengthy completely random alpha numeric password to boot. It’s easy to get bitlocker to use any one of those unlocking methods, and maybe even any two of the three, but getting all three simultaneously was quite difficult. Boo.
I jumped through all of the required hoops to get bitlocker working just like I wanted, and it is working beautifully. I now have full disk encryption on all of the hard drives in my computer. Awesome, right? Well, not completely. I enabled encryption on my Western Digital MyBook 6TB drive. All was going fine until an error at roughly 74.6%. It rendered the entire volume unreadable. I attempted to run a bitlocker recovery on it. It kept telling me it required another volume of equal or greater size to the one being recovered. I had to go buy another 6TB drive to attempt to recover the broken one. The recovery ran for over 24 hours, and recovered exactly nothing. So, I lost my entire 4.5TB media library. Double Boo!
On the bright side, I now have two bright and shiny, squeaky clean, blank, 6TB hard drives.