Originally Posted by
Janus
The plausible deniability feature is questionable. I'm not convinced (nor is Bruce Schneier:
https://www.schneier.com/blog/archiv...ypts_deni.html ) that one can truly hide the presence of that hidden volume. Of course, the data is still encrypted, regardless of how discoverable it is.
Yes, I'm familiar with the critique her referered to. It's still a good tool for the cases where it's good for; it's certainly not a tool most people will want to use casually or assume is sufficient on its own -- for exactly the reasons outlined there.
How to setup a replacement for file containers in BitLocker is actually described on the TrueCrypt site. Scroll down to the section "If you have a file container encrypted by TrueCrypt:".
Rather like the recommendation for BitLocker, that only works in some releases of Windows (not just 7/8 but also varies by edition) and ties you not to a particular encryption software but also to the Microsoft OS features around VHD files.
It also creates the volume in a well-known format, and while the data inside of it is encrypted, the metadata around the container is not. Using the Windows EFS to encrypt a VHD file is going to be more secure in some cases, especially if you are not using full-disk encryption.
The biggest problem for many of us is that it's not cross-platform, and indeed, I'm not aware of any other free, practical cross-platform tool
While the option to only use the TPM as a boot factor is an option, it not the only one. A startup pin/password and/or USB stick can be combined with the TPM for additional security. When using those additional factors, it will mitigate those vulnerabilities you speak of.
Yes, as I said, neither is mandatory. OTOH, the use of TPM as the only factor for decryption (then depending on Windows security to prevent access to the drive, effectively already decrypted) is very popular in the corporate environment. It certainly seems to lead many folks in IT to a false sense of security.