NASAdude

The key advantage to XP Pro's encrypted folders is that it's part of the OS so that it can be shared over a network with read-write access to all participants. TrueCrypt supports read-write sharing to a single user, or read-only access to unlimited users. Beyond this one point, TrueCrypt is far superior.

TrueCrypt:
- Data is encrypted using the user's choice of encryption methods, including the government standard AES encryption, which is approved for protecting Top Secret data.
- Files can be stored within either an encrypted file-volume, partition-volume, or within unpartitioned space on a drive.
- In any configuration, contiguous unused space within the encrypted outer volume can be used to hold a separately encrypted inner volume. Inner volumes can contain their own inner volume(s) in a cascading fashion. If the inner volume is set up as a hidden volume, it is impossible to prove it even exists, let alone determine what is in it without its independent password.
- A USB memory stick can be used as a physical key. Store a "keyfile" on the device that is required for decrypting the secured files on your hard drive. (Keep a secure backup of that keyfile! If you lose it, you can't retrieve your data; it's just like forgetting your password.) Using a keyfile keeps your data secure in case someone installs a keylogger on your computer and figures out your password. Only with both the password and the keyfile can the data be accessed. Use of a keyfile is optional when setting up the encrypted volume; by default only a password is needed.
- A USB memory stick can hold encrypted data, both in the file system or in the unpartitioned space. After all, a USB drive can behave just like a hard drive.

Because the US (and other countries) requires the surrender of passwords to encrypted data in a court of law, all single-tier encrypted volumes are not entirely safe. Using cascaded encrypted volumes allows one to surrender the password to the outer volume, but not admit to the existence of any inner volume(s). When set up properly, there is no means to statistically prove that an inner volume exists, as it can be designed to be invisible and appear as unused space of the outer volume. That is probably the most powerful feature of TrueCrypt. Not only can the data be encrypted, but the fact that the data even exists can be hidden.

For "normal" users like myself, setting up an inner volume and taking care to never damage it by writing to the outer volume without protecting the hidden inner volume (Oops, you just overwrote a few sectors of your hidden important data, thereby corrupting the entire hidden inner volume) is probably not worth the extra effort. Sticking to a single-tier volume is a lot safer for every-day use, but doesn't provide data security in a court of law.

As with all data, it's important to keep backups. This is doubly so with encrypted data. In the case of TrueCrypt, if the volume header is corrupted, all data within the volume is irretrievable. It's comparable to a hard drive failure. The best solution is to backup the entire encrypted volume, which backs up the encrypted files and the encryption volume header (necessary to decrypt any of the data). If that isn't possible (I'm not sure why you'd put yourself in this situation), it is possible to execute a "backup volume header" in TrueCrypt to protect the ability to decrypt the data... but the data itself isn't backed up.

No matter which solution you think is best for you, it's a good idea to use *some* method to encrypt any information you wouldn't want some stranger to have. And while you're at it, make sure you do regular backups, or even use an automated backup solution.