Talk:BitLocker

The usage of boot

The usage of boot and system partitions was reversed - the boot drive has the OS, whereas the system drive has ntldr. It's counter-intuitive. See the linked article System partition and boot partition SenorBeef 01:50, 28 July 2007 (UTC)

Are we gonna mention this?

New Research Result: Cold Boot Attacks on Disk Encryption —Preceding unsigned comment added by 82.134.121.18 (talk) 23:04, 21 February 2008 (UTC)

What is this paragraph supposed to mean?

According to Microsoft sources,[6] BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. This has been one of the main concerns among power-users since the announcement of built-in encryption in Vista. —Preceding unsigned comment added by 41.241.41.220 (talk) 19:19, 30 April 2008 (UTC)

Microsoft: Vista won't get a backdoor Socrates2008 (Talk) 21:33, 30 April 2008 (UTC)

I'm pretty sure it is meant to say that some power-users have been concerned that Microsoft may have deliberately built a backdoor into BitLocker so that, for example, the data could be decrypted by law enforcement personal without the proper password. Microsoft denies that such a back door exists. I don't think people are concerned that Microsoft says there is no back door (which is what it seems to imply now). I'll change it. (edit. forgot to sign my post) Karadoc** (talk) 23:17, 24 August 2008 (UTC)

It is a legitimate concern - though saying that "Microsoft has stated there's no backdoor" is pretty pointless; they'd hardly admit to it if they had! 23:26, 24 August 2008 (UTC)

No it's not pointless - it's a public statement by a public company. Their share price will get hammered if it turns out they've lied over something as serious as this. In any event, even if you don't believe them, the statement is notable, given the conerns that some people raised. Socrates2008 (Talk) 23:55, 24 August 2008 (UTC)

EFS and Bitlocker

I didn't understand either of these two sentences:

Encrypting File System usage may also be required in addition to BitLocker, since BitLocker protection effectively ends once the OS kernel has been loaded. BitLocker and EFS therefore offer protection against different classes of attacks.

Could a knowledgeable person expand on both statements? They both need more explanation. Tempshill (talk) 00:10, 16 June 2008 (UTC)

Bitlocker does not offer any protection once Windows is running. e.g. if you have two people both with access to a machine, Bitlocker cannot be used to secure their data from one another. Socrates2008 (Talk) 12:09, 16 June 2008 (UTC)

BitLocker compatibility with NTFS Compression

There should be a section about BitLocker compatibility with NTFS Compression. Are they compatible? It should be discussed... —Preceding unsigned comment added by 68.100.26.167 (talk) 19:30, 17 May 2009 (UTC)

Performance is a four letter word =

NOTHING on the performance hit?? Why NOT! ? 71.31.154.68 (talk) 19:31, 5 July 2009 (UTC)

The performance hit of AES encryption on any modern hardware is negligible. New Intel and AMD CPUs have a specific instruction set AES-NI that allow them to perform encryption at several gigabytes per second, making the extra load quite irrelevant even on systems equipped with extremely fast SSDs. Older CPUs that lack the hardware acceleration can still easily surpass the speeds of mechanical HDDs, especially so in the case of fragmented data (small files). Possibly this should be mentioned but I think that a more proper place for that would be a generic article on full disk encryption, unless there are concerns *specific* to BitLocker. Tronic2 (talk) 00:38, 30 May 2013 (UTC)

Should we mention this?

On February 25th, Cryptome released LE(Law Enforcement) sensitive documents regarding security in WIN7 that allows anyone to get access to the key to any BitLocker locked drive by going to C:\Windows\system32 in a command prompt and entering manage-bde-protectors -get c:. The original file comes from http://publicintelligence.net/microsoft-windows-7vista-advanced-forensics-guides-for-law-enforcement/. It seems like information that would be useful in the public domain, or at least help convince Microsoft to close the loophole. —Preceding unsigned comment added by Avialexander (talk • contribs) 22:52, 7 March 2010 (UTC)

Just for completeness, I thought I should add the fact that Cryptome is a bit late: Microsoft documented this command in or before May 2008: [1]. Also, isn't linking to leaked confidential files explicitly forbidden by Wikipedia rules? And, I've been looking through those docs, and it's not a BitLocker crack: "Dealing with BitLocker on a Live System" --> "Note: You must run as Administrator". You're already admin on the PC containing the BitLocker drive... So you can't go around, stealing BitLocked devices and crack them at home, so there is no loophole for Microsoft to close. --DanielPharos (talk) 01:11, 17 April 2010 (UTC)

There's no vulnerability here - this functionality is by design and does not make the machine exploitable when the OS is not running, so it's doing what it's suppoed to do. Sounds like you're maybe getting confused with EFS or DRM, which is the encryption used when the platform is running. Socrates2008 (Talk) 07:34, 17 April 2010 (UTC)

It uses AES in CBC mode?

CBC = Cipher Block Chaining. That means that any block of ciphertext depends on all the blocks before. As BitLocker is used to encrypt a whole drive (!!) isn't this mode infeasible? I mean flip a single bit in sector 1 and have every following sector reencrypted? Most drive encryption utilities use CTR mode for this reason. I don't want to express any doubt on BitLocker using CBC, but are there any details of how exactly this block cipher mode of operation is used in practice? 217.94.192.205 (talk) 23:43, 2 March 2011 (UTC)

Luckily there are people much smarter than you or I that have published papers on this very topic. Socrates2008 (Talk) 10:36, 3 March 2011 (UTC)

Thanks. Makes sense now. 217.94.189.239 (talk) 14:43, 3 March 2011 (UTC)

Cold boot

The cold boot section for TPM only is perhaps not well explained. From what I can tell (and reading the paper), what's being said is you can recover the keys at any time. This seems rather obvious, if you don't require a password or something from the user to decrypt but get the keys from something on the computer, then you can decrypt the content at any time. I guess the point here is you don't have to work out some way to break in to the machine if you don't know the logon password (although I would think it obvious a logon password is little protection if the data is decrypted) and more importantly you don't have to logon (or properly start Windows?) and risk contaminating data (since any decent forensics expert is going to want to make an image rather then working on the original data). I personally wouldn't call this a cold boot attack (although the paper does so I guess we have to follow). You are just relying on the fact the keys can be recovered at any time without requiring something from the user by design although perhaps a cold boot attack is needed (I'm a bit unclear on the process, it may be what's being described is start up the computer, let it load the keys, do a hard shut down then a cold boot attack although you could also do other things like try to read the RAM while the computer is running or whatever albeit these are likely to be more difficult). Nil Einne (talk) 03:46, 18 June 2011 (UTC)

Master password?

According to [2], which isn't a great RS, at least one computer vendor regularly implements some sort of master password they can provide to decrypt the data which caries obvious security implications. Nil Einne (talk) 03:48, 18 June 2011 (UTC)

The weakest point in the implementation of any cryto system is usually the humans involved. This example is like someone having a long, complex password that they then wite on Postit note and attach to the computer. If companies like Dell are keeping record of recovery keys, then the paranoid obviously need to reset the TPM and Bitlocker keys to something that is unknown to the vendor when buying a new machine. 220.239.104.140 (talk) 10:40, 18 June 2011 (UTC)

Link to unlicensed materials in violation in Wikipedia policy

There are at least three problems with the following paragraph in the article:

'Notwithstanding the claims of Niels Ferguson and others, Microsoft Services states in Exploration of Windows 7, Advanced Forensics Topic (page 70), "BitLocker has a number of 'Recovery' scenarios that we can exploit", and "BitLocker, at its core, is a password technology, we simply have to get the password...".'

1) It is in clear violation of Wikipedia policy regarding linking to unlicensed copyrighted works, as detailed at http://en.wikipedia.org/wiki/Wikipedia:Copyrights#Linking_to_copyrighted_works,

2) It dishonestly represents the original content by truncating the quoted text, removing the qualifying context,

3) It is contradictory to other established content in the article, which indicates that there are "TPM + USB Key" and "USB Key" modes of operation, which do not involve a PIN or a password.

Mhalcrow (talk) 18:13, 17 November 2011 (UTC)

Full Disk vs Full Volume

BitLocker is either full disk, or full volume encryption, but not both. First paragraph starts as BitLocker Drive Encryption is a full disk encryption feature..., but later on states It is designed to protect data by providing encryption for entire volumes.

BitLocker, technically is a full volume encryption. It cannot encrypt a full disk. 207.87.238.194 (talk) 14:37, 25 April 2013 (UTC)

There's no product in existence that can encrypt a full disk (i.e. every sector) and still be bootable, yet there's a category of products from different vendors that is commonly called full disk encryption systems. The point that you've chosen to home in on appears to concern where the Bitlocker boot code (that mounts and decrypts the encrypted data) happens to reside? Socrates2008 (Talk) 11:35, 26 April 2013 (UTC)

There are full disk encryption options that are implemented at least partially if not entirely at the firmware/hardware level, requiring a passphrase before the disk will even power on. In some cases, IIRC, the encryption is actually handled by firmware on the drive itself. --Dewiniaid (talk) 15:18, 15 May 2013 (UTC)

Hardware based is of course possible - but I assumed we're talking here about software based systems in the same class as Bitlocker, such as TruCrypt, FileVault, McAfee Endpoint Encryption etc. Socrates2008 (Talk) 09:48, 16 May 2013 (UTC)

Rabbit hole. Yes, there are full disk encryption drives. BitLocker is the topic. BitLocker encrypts volumes, not drives. Either present it incorrectly as whole disk encryption, or correctly as whole volume encryption. 207.87.238.194 (talk) —Preceding undated comment added 17:22, 31 May 2013 (UTC)

Requested move : BitLocker Drive Encryption → BitLocker

The following discussion is an archived discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review. No further edits should be made to this section.

The result of the move request was: page moved. Andrewa (talk) 07:41, 27 April 2014 (UTC)

---

BitLocker Drive Encryption → BitLocker – Hi. As you might know, Wikipedia naming policy states that commonly used names are preferred over official names. I've never seen the phrase "BitLocker Drive Encryption" used outside Microsoft-published sources. Those that I have seen just call it BitLocker. Event the article uses BitLocker, except once in the lead. Best regards, Codename Lisa (talk) 08:11, 19 April 2014 (UTC) Codename Lisa (talk) 08:11, 19 April 2014 (UTC)

• Support: indeed, in independent sources "BitLocker" alial appears more then full title. In fact I didn't see any mention of "BitLocker Drive Encryption" that wouldn't be linked either to this article or to some Microsoft page. — Dmitrij D. Czarkoff (talk•track) 14:49, 20 April 2014 (UTC)
• Support: No objections here. Indrek (talk) 14:50, 20 April 2014 (UTC)

---

The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page or in a move review. No further edits should be made to this section.

Copyright problem removed

Prior content in this article duplicated one or more previously published sources. The material was copied from: http://spi.unob.cz/presentations/23-May/07-Rosendorf%20The%C2%A0BitLocker%C2%A0Schema.pdf. Copied or closely paraphrased material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.) For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, and according to fair use may copy sentences and phrases, provided they are included in quotation marks and referenced properly. The material may also be rewritten, but only if it does not infringe on the copyright of the original or plagiarize from that source. Therefore such paraphrased portions must provide their source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. Codename Lisa (talk) 19:25, 2 June 2014 (UTC)

Elephant Diffuser

https://cryptoservices.github.io/fde/2014/12/08/code-execution-in-spite-of-bitlocker.html may contain more information as to why Elephant Diffuser was removed in Windows 8. 2A01:2B0:305A:54:C138:F5E:FCF:7CEC (talk) 14:05, 27 April 2015 (UTC)