Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How safe is Bitlocker?

30 Mar 2017   #1
kdoggy

Windows 7 Home Premium 64bit
 
 
How safe is Bitlocker?

Hi all,

I'm a recent convert to Bitlocker but am wondering how safe it is.

I have it set up with my TPM but I don't use a PIN/password additionally (be it manually entered or via a USB stick), as this would defeat the purpose of having Bitlocker be unobtrusive. I do however have a password on my windows account.

What worries me is that apparently the data is unlocked at the boot stage, so it is accessible even before you enter your Windows password in!

Is this sufficient security for someone who takes their laptop out and about, but isn't likely to be targeted by sophisticated thieves? Since my line of work is fairly mundane.

Thanks!


My System SpecsSystem Spec
.
02 Apr 2017   #2
Alejandro85

Windows 7 Ultimate x64
 
 

To answer that we must consider what BitLocker is actually designed to protect against, who is your attacker and what kind of protection you expect from it. BitLocker by itself may be relatively secure, but how you use it also affect its security.

From its Wikipedia page, it seems to be using AES256, which is quite secure at the time, and allowing a number of authentication methods that make it difficult to crack, except in very specialized attacks. On the other hand, BiLocker is pure proprietary software, which imposes doubts on the quality of its implementation and the existence of bugs and their fix procedure (and rumors of backdoors are always out there ).


Quote   Quote: Originally Posted by kdoggy View Post
I have it set up with my TPM but I don't use a PIN/password additionally (be it manually entered or via a USB stick), as this would defeat the purpose of having Bitlocker be unobtrusive. I do however have a password on my windows account.
You really need a second authentication method. Think about what will happen if someone simply steals the whole computer? If the TPM module goes with it, they can use it to decrypt the whole disk, and BitLocker will be useless after that. A password server as a second factor of security that cannot be simply stolen.
You mention "unobtrusive". The purpose of every security software is to be obtrusive in the component it protects. If it's unobtrusive to you, so will be it to the attacker. Remember that security and convenience are opposite goals, choose one and leave the other.
The Windows account password is of course an excellent measure, but unrelated to BitLocker.


Quote   Quote: Originally Posted by kdoggy View Post
What worries me is that apparently the data is unlocked at the boot stage, so it is accessible even before you enter your Windows password in!
Yes and no. At boot, the only thing stored is the encryption key, which remains in memory afterwards, but the data itself is decrypted on demand when each particular sector is accessed by the OS, only remaining in memory, and data written is encrypted when saved back to disk. At no point is something else seen in plaintext, much less that data every touches the disk.


Quote   Quote: Originally Posted by kdoggy View Post
Is this sufficient security for someone who takes their laptop out and about, but isn't likely to be targeted by sophisticated thieves? Since my line of work is fairly mundane.
"They don't care about me" is an enormous myth, there are many reasons with completely unknown attackers may want your computer infected.
But your particular worry seems about it being stolen, which then they can access your data. BitLocker is an excellent option for that, given it has a good password, and any USB/TPM modules aren't with the computer permanently. "Sufficient" always depends on who is attacking you, but generally a proper password will deter most simple thieves (they'll simply reformat and move on).
My System SpecsSystem Spec
Reply

 How safe is Bitlocker?




Thread Tools




Similar help and support threads
Thread Forum
How can i safe a safe copy of sys restore file?
I have been getting killed by some virus i have removed twice now. As with some virus' it deletes my restore points in sys restore. So what i want to do is create a new restore point save a safe copy of it somewhere else like on a different drive so that if this happens again i can drop the file...
System Security
BSOD in normal mode but not in safe or safe w/networking
Just recently started to get BSOD in normal mode, error was registry error. Systems run fine in safe and safe w/networking. I have run chkdsk, anti-malware, CCleaner to fix registry issues, and have not detected any virus. I am lost. Can you help me? Thank you
BSOD Help and Support
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off
How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives BitLocker To Go is used to encrypt and password protect any removable external hard drives and USB flash drives. The drives must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must be at least...
Tutorials
BIOS flash error, BITLOCKER on? No bitlocker installed, Win 7 Pro
I tried using HP BIOS Flashing utility on my HP Z400 Workstation, and it says it can't continue because I have Bitlocker enabled, but I don't have bitlocker on Win 7 Professional 32bit. I don't see it on the control panel or in context menus. I do see it set to manual in "Services" but the service...
General Discussion
Bitlocker: BitLocker could not be enabled
I am trying to enable BitLocker on a Windows 7 Ultimate x32 system with TPM. I follow the Wizard and when asked to encrypt the drive I select 'Run BitLocker system check' and 'Continue' (see attached sreenshot). The USB is inserted and contains the recovery key (.txt and .tpm). During reboot I...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:49.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App