Bitlocker vs Cryptomator

I carry around a USB drive with me - usually a Sandisk Ultra USB, but occasionally a SSD drive1. It usually comes in handy, as I either want to carry around my documents and images or need to transfer files between devices. However, the most common use, is for work files so that I can edit/continue working whilst I’m away from the office and I cannot connect to the VPN or to overcome the poor VPN speeds.

I take a lot of photos whilst doing site visits and then have to put those in to reports at a later date, so accessing these over the VPN can be a right pain and therefore working locally (and then syncing via FreeFileSync at a later date) is usually the best option. However, I don’t really want to be carrying around work files on a USB in case I lose it. Whilst I don’t generally work on anything fancy or requiring security, I still have a responsibility to my clients not to mishandle the information.

With that in mind, I generally encrypt the portable drives using Bitlocker and use that, as the work laptop uses Windows and therefore I should have no issues.

Except I ran in to one last night. When I encrypted the drive itself, I chose the new Windows encryption method. After all, I was going to use it on my work laptop and this had the latest version of Windows 10 installed, so I’d be fine right? Well, I forgot this, so when I tried to move some files between PC’s at my local air cadet unit last night, I ran in to issues thanks to the laptops running Windows 7. Great. Simple to sort out, it just requires that I reformat the drive and then re-encrypt using the older Bitlocker version. However, before I gave this a go, I thought I’d investigate the cross platform alternative of Cryptomator. It’s designed to encrypt files to upload to the cloud, but there is no reason why it wouldn’t work with the USB drive.

Unlike Bitlocker which encrypts the whole drive, Cryptomator encrypts individual files, very similar to EncFS. This means that I can encrypt the files I need to whilst leaving the rest of the files untouched. It also works on Windows and Linux so I’m not limited to what system I try and access it on at home.

The first test was to benchmark the drive without any encryption at all. This was done with Crystalmark. It’s not a hugely scientific test, as I was running the drive off an Anker USB 3 hub with ethernet as the laptop doesn’t have great Wifi connection in my office.

Drevo SSD - No encryption

I’m not entirely sure how the write speeds are being quicker than the read speeds as that doesn’t make much sense. However, it works and that’s a benchmark figure.

Next, I added the folder to use Cryptomator and re-ran the results, pointing the benchmark test to the encrypted folder, which should then give the value for accessing the file system.

Drevo SSD - With Cryptomator

Cryptomator accesses the files over a WebDAV connection. I could potentially speed up the access by using a third party WebDAV client, as the Windows explorer WebDAB implementation isn’t ideal but the in built one requires no faff.

Lastly, I wiped the drive and put Bitlocker on and re-ran the benchmark again.

Drevo SSD - With Bitlocker

Not to bad. Some differences between the raw benchmark and the Bitlocker run. I’m not sure how the tests got a faster write speed under Bitlocker than not, but as I said, it’s not a completely scientific test, so I might have had more data over the ethernet in the first test.

Conclusion

This shows that there is a drop in speeds between Bitlocker and no Bitlocker. However, it also shows that the Cryptomator has a greater drop off in speeds in comparison. However, it has the perk that I don’t have to encrypt the full drive.

I’ll be sticking with Bitlocker for now, but it’s nice to know that I can still use Cryptomator for whatever I need to.


  1. I use an Aukey USB 3 enclosure and a Drevo 240GB SSD. Purely because I used to use the SSD in a laptop, and I wanted a USB C dock, as my work laptop (Lenovo Yoga) has two USB C ports, but a single USB A port. [return]