Windows 7 BitLocker

[sandymay]

I was looking to use bit locker to encrypt my whole drive but came across a couple of articles stating this app was not secure.

I was just wondering how it compares to TrueCrypt, would TC be better or do people feel safe with Bit Locker?

Thank you

 

[baarod]

I was looking to use bit locker to encrypt my whole drive but came across a couple of articles stating this app was not secure.

I was just wondering how it compares to TrueCrypt, would TC be better or do people feel safe with Bit Locker?

Thank you

In February 2008, a group of security researchers published details of a so called "cold boot attack" that allows a Bitlocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[20] The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM module alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack.[20] The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a "sleep" state) and that a password also be required to boot the machine.

Center for Information Technology Policy » Lest We Remember: Cold Boot Attacks on Encryption Keys

TrueCrypt suffers the same "vulnerability".

 

[logicearth]

I was looking to use bit locker to encrypt my whole drive but came across a couple of articles stating this app was not secure.

I was just wondering how it compares to TrueCrypt, would TC be better or do people feel safe with Bit Locker?

Thank you

For what Bitlocker was designed for it is secure. All the ways that are used to get around it can also be used against TrueCrypt. However, these require extensive work and luck and most require fooling the user. But full disk encryption is not designed for such level of attacks, they are for denying access to the data without proper credentials. Further more, Bitlocker and TrueCrypt both use AES (Advanced Encryption Standard) for encryption.

http://www.sevenforums.com/tutorial...cryption-windows-7-drive-turn-off-no-tpm.html

 

[sandymay]

Thank you for the information and the link to the tutorial.

My computer does not have TPM, so I saved the recovery key to a USB stick which I now need each time I boot up. I had two questions in regards to this.

1. Is there any way to change this so that I can manually type in the key each time rather then use a USB key?

2. I have made a backup of the key. If the USB stick fails, is it just a matter of moving the key to a new USB stick and everything is back to normal again?

Thank you

 

[baarod]

Thank you for the information and the link to the tutorial.

My computer does not have TPM, so I saved the recovery key to a USB stick which I now need each time I boot up. I had two questions in regards to this.

1. Is there any way to change this so that I can manually type in the key each time rather then use a USB key?

2. I have made a backup of the key. If the USB stick fails, is it just a matter of moving the key to a new USB stick and everything is back to normal again?

Thank you

1. Not that I know of. Due to the design and functionality of Bitlocker, there is no OS (in the classic sense) loaded to protect or accept a typed-in key.

2. Best to write the key to two sticks as you apparently have done. Once the drive is unlocked you can make another two copies.

 

[logicearth]

1. Is there any way to change this so that I can manually type in the key each time rather then use a USB key?

The key on the USB is not something you want to type in each time. It is long (can be hundreds of characters) and complex. Nor could you even type it out, it is pure binary data.