External HDD Encrypted the right way...


Jan 28, 2015
Ok, well i don't have the answer, as i am seeking it but here's what i got so far...

1- I have External Hdd(500gb) usb3-connector
2- I have Bitlocker(seems to be where truecrypt ended up so did I)
3- I have a password for bit locker (that's a given)
4- I am forced to make a recovery key for bitlocker (Why would i want a 2nd password???)
5- I don't have a Bait&Switch protection (cannot find anything about that and that bugs me)

1st Question:
Who will inform me, when Microsoft inject its backdoor or masterkey to bitlocker (isn't "trust" the whole point to begin with?)

2nd Question:
Recovery-key... isn't that just a second password? why would i want a 2nd password? when does it end? I don't want a recovery key, but Bitlocker forces one on me!

Now this is a big deal, because by reading it seems that the first password is the useless one... and really only the recovery key can deal with all situations, like formatting and system switch or domains.(i am not running a company so all i need is one password and 2nd password is statistically raising the risk factor considerably.. Plus Microsoft recommend to not lose your recovery-key but also to make many copy of it and upload it to 3rd party(them) cloud storage... that's plain stupid!)

Am I alone to think that there is something wrong with the "recovery" of encrypted files?

3rd Question: (follow up on the above)
II read about formatting hdd that stop the password from working and that the recovery was needed... if it's the case, i use external hdd so i assume i am ok, but can i JUST USE ONE PASSWORD FOR ALL?? No recovery, no password stopping, no blockage, no exception??

4th Question:
Bait and switch.... A must! So you think the cops wont put a gun to my head if they want my HDD... I live in Asia, they DO!

I need to a minimum a dummy password that will unlock a fake content! so that truly no-one can get to my encrypted stuff.

That's it ;-).... I know it;s huge, but it does cover all aspect of a "Perfect Setup"

1) You cannot, unless it is open source and you read through it yourself, then compile it using a compiler you trust, and the compiler is itself compiled by a compiler you trust... which all ends up in a mess of recursion.

2) The recovery key also skips steps such as TPM authentication (if your PC has this, and it's enabled and used). Otherwise you wouldn't be able to access anything if you changed hardware. If you're thoroughly paranoid, go out into the woods somewhere and bury it.

3) If you format an encrypted HDD, like a normal HDD, the data is probably gone excluding some difficult recovery methods, made more difficult by the encryption. If it's not a boot drive, you aren't going to need a recovery key to get around TPM issues.

4) Just use truecrypt. Just because they've stopped development doesn't mean there are holes in it, and there are still copies around.