Talk:BitLocker: Difference between revisions

The usage of boot

The usage of boot and system partitions was reversed - the boot drive has the OS, whereas the system drive has ntldr. It's counter-intuitive. See the linked article System partition and boot partition SenorBeef 01:50, 28 July 2007 (UTC)

Are we gonna mention this?

New Research Result: Cold Boot Attacks on Disk Encryption —Preceding unsigned comment added by 82.134.121.18 (talk) 23:04, 21 February 2008 (UTC)

What is this paragraph supposed to mean?

According to Microsoft sources,[6] BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. This has been one of the main concerns among power-users since the announcement of built-in encryption in Vista. —Preceding unsigned comment added by 41.241.41.220 (talk) 19:19, 30 April 2008 (UTC)

Microsoft: Vista won't get a backdoor Socrates2008 (Talk) 21:33, 30 April 2008 (UTC)

I'm pretty sure it is meant to say that some power-users have been concerned that Microsoft may have deliberately built a backdoor into BitLocker so that, for example, the data could be decrypted by law enforcement personal without the proper password. Microsoft denies that such a back door exists. I don't think people are concerned that Microsoft says there is no back door (which is what it seems to imply now). I'll change it. (edit. forgot to sign my post) Karadoc** (talk) 23:17, 24 August 2008 (UTC)

It is a legitimate concern - though saying that "Microsoft has stated there's no backdoor" is pretty pointless; they'd hardly admit to it if they had! 23:26, 24 August 2008 (UTC)

No it's not pointless - it's a public statement by a public company. Their share price will get hammered if it turns out they've lied over something as serious as this. In any event, even if you don't believe them, the statement is notable, given the conerns that some people raised. Socrates2008 (Talk) 23:55, 24 August 2008 (UTC)

EFS and Bitlocker

I didn't understand either of these two sentences:

Encrypting File System usage may also be required in addition to BitLocker, since BitLocker protection effectively ends once the OS kernel has been loaded. BitLocker and EFS therefore offer protection against different classes of attacks.

Could a knowledgeable person expand on both statements? They both need more explanation. Tempshill (talk) 00:10, 16 June 2008 (UTC)

Bitlocker does not offer any protection once Windows is running. e.g. if you have two people both with access to a machine, Bitlocker cannot be used to secure their data from one another. Socrates2008 (Talk) 12:09, 16 June 2008 (UTC)

BitLocker compatibility with NTFS Compression

There should be a section about BitLocker compatibility with NTFS Compression. Are they compatible? It should be discussed... —Preceding unsigned comment added by 68.100.26.167 (talk) 19:30, 17 May 2009 (UTC)

Performance is a four letter word =

NOTHING on the performance hit?? Why NOT! ? 71.31.154.68 (talk) 19:31, 5 July 2009 (UTC)

The performance hit of AES encryption on any modern hardware is negligible. New Intel and AMD CPUs have a specific instruction set AES-NI that allow them to perform encryption at several gigabytes per second, making the extra load quite irrelevant even on systems equipped with extremely fast SSDs. Older CPUs that lack the hardware acceleration can still easily surpass the speeds of mechanical HDDs, especially so in the case of fragmented data (small files). Possibly this should be mentioned but I think that a more proper place for that would be a generic article on full disk encryption, unless there are concerns *specific* to BitLocker. Tronic2 (talk) 00:38, 30 May 2013 (UTC)

Should we mention this?

On February 25th, Cryptome released LE(Law Enforcement) sensitive documents regarding security in WIN7 that allows anyone to get access to the key to any BitLocker locked drive by going to C:\Windows\system32 in a command prompt and entering manage-bde-protectors -get c:. The original file comes from http://publicintelligence.net/microsoft-windows-7vista-advanced-forensics-guides-for-law-enforcement/. It seems like information that would be useful in the public domain, or at least help convince Microsoft to close the loophole. —Preceding unsigned comment added by Avialexander (talk • contribs) 22:52, 7 March 2010 (UTC)

Just for completeness, I thought I should add the fact that Cryptome is a bit late: Microsoft documented this command in or before May 2008: [1]. Also, isn't linking to leaked confidential files explicitly forbidden by Wikipedia rules? And, I've been looking through those docs, and it's not a BitLocker crack: "Dealing with BitLocker on a Live System" --> "Note: You must run as Administrator". You're already admin on the PC containing the BitLocker drive... So you can't go around, stealing BitLocked devices and crack them at home, so there is no loophole for Microsoft to close. --DanielPharos (talk) 01:11, 17 April 2010 (UTC)

There's no vulnerability here - this functionality is by design and does not make the machine exploitable when the OS is not running, so it's doing what it's suppoed to do. Sounds like you're maybe getting confused with EFS or DRM, which is the encryption used when the platform is running. Socrates2008 (Talk) 07:34, 17 April 2010 (UTC)

It uses AES in CBC mode?

CBC = Cipher Block Chaining. That means that any block of ciphertext depends on all the blocks before. As BitLocker is used to encrypt a whole drive (!!) isn't this mode infeasible? I mean flip a single bit in sector 1 and have every following sector reencrypted? Most drive encryption utilities use CTR mode for this reason. I don't want to express any doubt on BitLocker using CBC, but are there any details of how exactly this block cipher mode of operation is used in practice? 217.94.192.205 (talk) 23:43, 2 March 2011 (UTC)

Luckily there are people much smarter than you or I that have published papers on this very topic. Socrates2008 (Talk) 10:36, 3 March 2011 (UTC)

Thanks. Makes sense now. 217.94.189.239 (talk) 14:43, 3 March 2011 (UTC)

Cold boot

The cold boot section for TPM only is perhaps not well explained. From what I can tell (and reading the paper), what's being said is you can recover the keys at any time. This seems rather obvious, if you don't require a password or something from the user to decrypt but get the keys from something on the computer, then you can decrypt the content at any time. I guess the point here is you don't have to work out some way to break in to the machine if you don't know the logon password (although I would think it obvious a logon password is little protection if the data is decrypted) and more importantly you don't have to logon (or properly start Windows?) and risk contaminating data (since any decent forensics expert is going to want to make an image rather then working on the original data). I personally wouldn't call this a cold boot attack (although the paper does so I guess we have to follow). You are just relying on the fact the keys can be recovered at any time without requiring something from the user by design although perhaps a cold boot attack is needed (I'm a bit unclear on the process, it may be what's being described is start up the computer, let it load the keys, do a hard shut down then a cold boot attack although you could also do other things like try to read the RAM while the computer is running or whatever albeit these are likely to be more difficult). Nil Einne (talk) 03:46, 18 June 2011 (UTC)

Master password?

According to [2], which isn't a great RS, at least one computer vendor regularly implements some sort of master password they can provide to decrypt the data which caries obvious security implications. Nil Einne (talk) 03:48, 18 June 2011 (UTC)

The weakest point in the implementation of any cryto system is usually the humans involved. This example is like someone having a long, complex password that they then wite on Postit note and attach to the computer. If companies like Dell are keeping record of recovery keys, then the paranoid obviously need to reset the TPM and Bitlocker keys to something that is unknown to the vendor when buying a new machine. 220.239.104.140 (talk) 10:40, 18 June 2011 (UTC)

Link to unlicensed materials in violation in Wikipedia policy

There are at least three problems with the following paragraph in the article:

'Notwithstanding the claims of Niels Ferguson and others, Microsoft Services states in Exploration of Windows 7, Advanced Forensics Topic (page 70), "BitLocker has a number of 'Recovery' scenarios that we can exploit", and "BitLocker, at its core, is a password technology, we simply have to get the password...".'

1) It is in clear violation of Wikipedia policy regarding linking to unlicensed copyrighted works, as detailed at http://en.wikipedia.org/wiki/Wikipedia:Copyrights#Linking_to_copyrighted_works,

2) It dishonestly represents the original content by truncating the quoted text, removing the qualifying context,

3) It is contradictory to other established content in the article, which indicates that there are "TPM + USB Key" and "USB Key" modes of operation, which do not involve a PIN or a password.

Mhalcrow (talk) 18:13, 17 November 2011 (UTC)

Full Disk vs Full Volume

BitLocker is either full disk, or full volume encryption, but not both. First paragraph starts as BitLocker Drive Encryption is a full disk encryption feature..., but later on states It is designed to protect data by providing encryption for entire volumes.

BitLocker, technically is a full volume encryption. It cannot encrypt a full disk. 207.87.238.194 (talk) 14:37, 25 April 2013 (UTC)

There's no product in existence that can encrypt a full disk (i.e. every sector) and still be bootable, yet there's a category of products from different vendors that is commonly called full disk encryption systems. The point that you've chosen to home in on appears to concern where the Bitlocker boot code (that mounts and decrypts the encrypted data) happens to reside? Socrates2008 (Talk) 11:35, 26 April 2013 (UTC)

There are full disk encryption options that are implemented at least partially if not entirely at the firmware/hardware level, requiring a passphrase before the disk will even power on. In some cases, IIRC, the encryption is actually handled by firmware on the drive itself. --Dewiniaid (talk) 15:18, 15 May 2013 (UTC)

Hardware based is of course possible - but I assumed we're talking here about software based systems in the same class as Bitlocker, such as TruCrypt, FileVault, McAfee Endpoint Encryption etc. Socrates2008 (Talk) 09:48, 16 May 2013 (UTC)

Rabbit hole. Yes, there are full disk encryption drives. BitLocker is the topic. BitLocker encrypts volumes, not drives. Either present it incorrectly as whole disk encryption, or correctly as whole volume encryption. 207.87.238.194 (talk) —Preceding undated comment added 17:22, 31 May 2013 (UTC)

Requested move : BitLocker Drive Encryption → BitLocker

The following discussion is an archived discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review. No further edits should be made to this section.

The result of the move request was: page moved. Andrewa (talk) 07:41, 27 April 2014 (UTC)

---

BitLocker Drive Encryption → BitLocker – Hi. As you might know, Wikipedia naming policy states that commonly used names are preferred over official names. I've never seen the phrase "BitLocker Drive Encryption" used outside Microsoft-published sources. Those that I have seen just call it BitLocker. Event the article uses BitLocker, except once in the lead. Best regards, Codename Lisa (talk) 08:11, 19 April 2014 (UTC) Codename Lisa (talk) 08:11, 19 April 2014 (UTC)

• Support: indeed, in independent sources "BitLocker" alial appears more then full title. In fact I didn't see any mention of "BitLocker Drive Encryption" that wouldn't be linked either to this article or to some Microsoft page. — Dmitrij D. Czarkoff (talk•track) 14:49, 20 April 2014 (UTC)
• Support: No objections here. Indrek (talk) 14:50, 20 April 2014 (UTC)

---

The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page or in a move review. No further edits should be made to this section.

Copyright problem removed

Prior content in this article duplicated one or more previously published sources. The material was copied from: http://spi.unob.cz/presentations/23-May/07-Rosendorf%20The%C2%A0BitLocker%C2%A0Schema.pdf. Copied or closely paraphrased material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.) For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, and according to fair use may copy sentences and phrases, provided they are included in quotation marks and referenced properly. The material may also be rewritten, but only if it does not infringe on the copyright of the original or plagiarize from that source. Therefore such paraphrased portions must provide their source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. Codename Lisa (talk) 19:25, 2 June 2014 (UTC)

Elephant Diffuser

https://cryptoservices.github.io/fde/2014/12/08/code-execution-in-spite-of-bitlocker.html may contain more information as to why Elephant Diffuser was removed in Windows 8. 2A01:2B0:305A:54:C138:F5E:FCF:7CEC (talk) 14:05, 27 April 2015 (UTC)

XTS mode

Microsoft has added XTS mode

https://technet.microsoft.com/en-us/library/mt403325.aspx?f=255&MSPPError=-2147217396 OneGuy (talk)

External links modified

Hello fellow Wikipedians,

I have just modified 2 external links on BitLocker. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Corrected formatting/usage for http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx
• Added archive https://web.archive.org/web/20160522145507/http://spi.unob.cz/presentations/23-May/07-Rosendorf%20The%C2%A0BitLocker%C2%A0Schema.pdf to http://spi.unob.cz/presentations/23-May/07-Rosendorf%20The%C2%A0BitLocker%C2%A0Schema.pdf

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

Y An editor has reviewed this edit and fixed any errors that were found.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 08:55, 3 November 2016 (UTC)

Checked. Strange though because the second link is not dead.

Best regards,

Codename Lisa (talk) 19:16, 3 November 2016 (UTC)

Your GA nomination of BitLocker

The article BitLocker you nominated as a good article has been placed on hold . The article is close to meeting the good article criteria, but there are some minor changes or clarifications needing to be addressed. If these are fixed within 30 days, the article will pass; otherwise it may fail. See Talk:BitLocker for things which need to be addressed. Hawkeye7 (talk) 21:26, 11 December 2016 (UTC)

External links modified

Hello fellow Wikipedians,

I have just modified 2 external links on BitLocker. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Corrected formatting/usage for https://technet.microsoft.com/en-us/library/cc725719%28v%3Dws.10%29.aspx
• Added archive https://web.archive.org/web/20080219172251/http://support.microsoft.com/kb/930063 to http://support.microsoft.com/kb/930063

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Y An editor has reviewed this edit and fixed any errors that were found.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 03:46, 21 July 2017 (UTC)

Checked. But both URLs were actually working fine, so I updated the deadurl parameter accordingly. Indrek (talk) 05:33, 21 July 2017 (UTC)

Availability

Section "Availability" starts quite misleading in my opinion. I assume the way of presenting the information originates from some Microsoft marketing material.

In my understanding there are different versions or feature sets of bitlocker on different operating systems (OS). While some operating system versions support most (or all) features (may be Windows 10 Enterprise?) others support only certain features. E.g., later on in the text it is mentioned that Windows XP can read bitlocker encrypted volumes (when the required software is installed) and from my own experience I know that Windows 8 Home supports read and write access to encrypted external media, even though, creating new encrypted volumes is not supported.

Therefore, the section "Availability" should be either a table with OS's and supported features or, alternatively, different subsections starting with a description of the supported features and then the OS's providing these features.

Currently, the text gives the impression that I best buy one of the recommended OS's listed here or otherwise I must purchase an upgrade for my Windows 8 Home, if I later want to read my friend's encrypted USB-stick, which is wrong.--85.181.125.24 (talk) 17:41, 7 October 2017 (UTC)

The list of supported operating systems was presented as sentences when I first put the information in this article back in 2007. It was changed to be a bullet-point list last year, probably to make it easier to read. It has nothing to do with how Microsoft presents the information, and everything to do with making the encyclopedia usable. As for your "understanding" and "experiences" regarding this subject, please remember our goal is to build an encyclopedia based on any reliable sources we can find, not based on our personal experiences. If you can find an article that describes you're talking about, great, let use it. Warren -talk- 18:04, 7 October 2017 (UTC)

Hello

Wikipedia is written based on the cardinal principle that reader must not assume what is not explictly written. Editors take no responsibility for someone's pet peeve or active imaginative mind. Your last paragraph has such a quality.

The section explicitly talks about BitLocker itself (defined as "a full disk encryption feature"), and not whatever means of reading BitLocker-encrypted volumes that is not "a full disk encryption feature". Of course, if you had read further, you'd have seen that there is a "device encryption" feature in the core edition of Windows 8.1 anyway.

If you want us to add information about means to read BitLocker volume on operating systems without BitLocker, please ask politely.

Best regards,
Codename Lisa (talk) 06:36, 8 October 2017 (UTC)

Infinineon

Hello, everyone

Today, I made a correction to a contribution made by Zazpot in revision 805728599. I did the following:

1. Removed a link to BitLocker because no article links to itself
2. Removed a repeated link to Trusted Platform Module because of WP:REPEATLINK
3. Fixed a CS1 citation by adding publisher name, removing unsanctioned language parameter, etc.
4. Removed repetitions of the same citation
5. Removed redundant attempt to define what BitLocker is, because the whole article does it already
6. Added a correction: BitLocker is only affected by a TPM problem when it uses a TPM protector (Obvious, isn't it?)

Items 1, 4 and 5 show that the contribution has actually come from outside.

Zazpot reverted the whole corrections with no reason whatsoever in Revision 805758858. This amounts to disruptive editing.

I am starting this thread to help Zazpot set the record right, tell us what his concern exactly was, and perform something less aggressive than a blanket revert.

Best regards,
Codename Lisa (talk) 14:18, 17 October 2017 (UTC)