bitlocker yea or nay?

adolf hamster · 4 May 2014 at 02:37

been thinking about doing this, in case my rig manages to get nicked [unlikely i know, but i've got my tin foil hat on so bear with me please], bitlocker seems kind of handy for a bit of protection, but i'm not sure if its going a step too far.

got a few questions after reading up on it. am i right in thinking that one of the ways of setting it up works thusly:

everything gets encrypted, the key is stored on a usb stick i can leave in the pc when i'm using it. when i go on holiday or whatever i just take the usb out and it'll ask for a pin if the drive/pc gets nicked, get that wrong and it turns into a western digital paperweight.

so if i've got it right, theres a few questions i've got about it:
1. am i being too paranoid about this? all i've got is uni work, music, and ofc my various steam libraries [still don't like the concept of easy access if yobbo's nick it]

2. can the usb key stick be used for other things, like storing the pins/keys for bitlocker to go usb sticks? [planning on doing this to a couple of pens]

3. is there much of a running performance hit once it's set up?

4.is there any problem with usb sticks/usb hard drives being connected pre-boot? i've got one currently running backup against idiot deletion of files for uni work, gonna get another one [need the capacity] and i cba plugging and unplugging every time i want to start my pc.

5. if i [somehow] manage to mess up recovery mode pin and it locks the drive, can i still format/reinstall [and obv lose my stuff]?

6. is it going to go into recovery mode every time i edit the bios?[tuning/updating the bios/getting a new mobo/cpu]

any help would be appreciated, still debating if its a worthy precaution or not.

MacRS4 · 4 May 2014 at 08:52

Personally, absolutely everything of mine is encrypted where it can be. Doesn't degrade performance notably, but also means that should my kit be stolen/lost then the data is relatively secure.

I suppose you need to consider the value of your data. My kit has a lot of very personal information on that I'd not want out in the public domain - passport copies, etc.

The key from bit locker you can put anywhere you like once it's on the USB - just make sure you don't lose it!

If you lose access to the volume you can just reformat it, removing the encrypted volume.

nightmare99 · 4 May 2014 at 09:23

I think I'm right in saying in Windows 8 the key is stored in your Microsoft account so you can do away with the USB stick.

adolf hamster · 4 May 2014 at 15:29

MacRS4 said:
The key from bit locker you can put anywhere you like once it's on the USB - just make sure you don't lose it!

not got too much personal stuff, apart from maybe uni work and tbh thats not exactly critical. it's more of a principle thing, don't like yobbo's getting my stuff.

if you do lose the usb key, you can still use a pin to unlock? one of those 3 time attempt jobs

nightmare99 said:
I think I'm right in saying in Windows 8 the key is stored in your Microsoft account so you can do away with the USB stick.

i believe so, i'm on w7 though.

Philtor · 4 May 2014 at 15:49

I would use TrueCrypt personally but that's just me

Anon-e-mouse · 4 May 2014 at 16:42

I personally wouldn't use the MS provided (and very probably NSA audited) BitLocker. And how nice of MS, to upload it to your account so the NSA can retrieve it remotely.

And like Philtor, I would strongly suggest Truecrypt.

Memphis · 4 May 2014 at 17:12

Anon-e-mouse said:
I personally wouldn't use the MS provided (and very probably NSA audited) BitLocker. And how nice of MS, to upload it to your account so the NSA can retrieve it remotely.

And like Philtor, I would strongly suggest Truecrypt.

Wear a tinfoil hat as well?

tom_e · 4 May 2014 at 17:21

I truecrypted my drives when I ran Win 7 but it doesn't look like it's been updated to support Win 8 system encryption yet

Django x2 · 4 May 2014 at 22:50

Anon-e-mouse said:
I personally wouldn't use the MS provided (and very probably NSA audited) BitLocker. And how nice of MS, to upload it to your account so the NSA can retrieve it remotely.

And like Philtor, I would strongly suggest Truecrypt.

Dude, wtf are you talking about? The Windows bitlocker (in Win 8) is IL3 and 4 certified. IE, it makes TrueCrypt look like a childs toy. The choice to upload it to your account however, granted, is retarded, but you'd have to be retarded to do it. However, the BLRP is largely meaningless if MS (and the NSA) don't know what machine / drive it relates to.

You just have to save the BLRP someone. If you are confident you won't forget your pin or passphrase, you can delete the BLRP file.

Energize · 4 May 2014 at 23:51

tom_e said:
I truecrypted my drives when I ran Win 7 but it doesn't look like it's been updated to support Win 8 system encryption yet

It works with Windows 8, just as long as you use the NTFS filesystem.

Django x2 said:
Dude, wtf are you talking about? The Windows bitlocker (in Win 8) is IL3 and 4 certified. IE, it makes TrueCrypt look like a childs toy.

Hardly, Truecrypt provides features above and beyond bitlocker. If anything Truecrypt makes bitlocker look like a childs toy. Truecrypt supports multiple encryption algorithms, which is very sensible because if AES gets broken (or is already broken) then your data will still be safe, and plausible deniability via nested partitions is also another feature that protects your data against adversaries forcing you to reveal your key. There is also the ability to create containers rather than just encrypt the entire hard drive, and of course multiple operating system support. Truecrypt is far more flexible and feature filled than bitlocker, which is very basic in comparison.

Django x2 · 5 May 2014 at 08:48

it just doesn't work on Tablets, so...it's useless for touch screen only devices, or those with no access to a dock. Yep, sounds flexible

Energize · 5 May 2014 at 11:40

Django x2 said:
it just doesn't work on Tablets, so...it's useless for touch screen only devices, or those with no access to a dock. Yep, sounds flexible

That is a minor consideration compared to everything I just mentioned, especially given that tablets don't generally hold any real sensitive data. So your statement is still completely wrong.

Does bitlocker work on most tablets? No.

adolf hamster · 5 May 2014 at 12:15

i doubt i'm going to be pursued by the nsa, and lets face it if someone has a knife to my throat i'll tell them the password. as for encryption breaking, well if someone goes to those lengths to break my hdd then they'll find it was a massive waste of time.

i assume then that bitlocker is good for my purposes?

Energize · 5 May 2014 at 12:44

adolf hamster said:
i doubt i'm going to be pursued by the nsa, and lets face it if someone has a knife to my throat i'll tell them the password. as for encryption breaking, well if someone goes to those lengths to break my hdd then they'll find it was a massive waste of time.

It's not someone trying to break your hdd, if the algorithm is broken then every device in the world using it becomes unprotected. The other concern is that the bitlocker source code is not in the public domain. And someone holding a knife to your throat (or more realistically the police asking for your key) is exactly what truecrypt protects against, you can reveal a password, but not the real one and it will still decrypt.

i assume then that bitlocker is good for my purposes?

Yes.

Don't see why you'd want to bother with a USB stick though, it's just a liability.

Django x2 · 5 May 2014 at 17:46

Energize said:
That is a minor consideration compared to everything I just mentioned, especially given that tablets don't generally hold any real sensitive data. So your statement is still completely wrong.

Does bitlocker work on most tablets? No.

Windows 8 Bitlocker works on all Windows tablets....So, yes.

theheyes · 5 May 2014 at 18:04

On tablets Bitlocker is generally referred to as 'Device Encryption' depending on the SKU.

Both Bitlocker and Truecrypt have their limitations. There are some (not uncommon) situations where Truecrypt just flat-out won't work. Same goes for Bitlocker.

Horses for courses. I find them equally good and use them both regularly.

Energize · 5 May 2014 at 18:43

Django x2 said:
Windows 8 Bitlocker works on all Windows tablets....So, yes.

The answer is no then, because Android and Apple make up most of the market, which is my exact point, lack of OS support. Funnily enough Truecrypt works on many Windows tablets because they are often hydrid devices.

In any case this is digression from your original statement which has been thoroughly refuted, so I'm not going to continue to debate minor points. The fact is Truecrypt is a powerful piece of software with many important features that bitlocker doesn't have, and has cross platform support.

metalmackey · 5 May 2014 at 20:03

Bitlocker can use hardware encryption of modern SSD's.

Anon-e-mouse · 6 May 2014 at 15:35

Django x2 said:
Dude, wtf are you talking about? The Windows bitlocker (in Win 8) is IL3 and 4 certified. IE, it makes TrueCrypt look like a childs toy.

http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development

Or

http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html

So if you think that an MS closed source program that was very probably overseen by the NSA is safe, I'm not the one who needs tinfoil.

Truecrypt is having it's open source code audited for backdoors and exploits. Do you seriously think MS is going to let you do that with their program.. I doubt their NSA handlers will let them.

Django x2 · 6 May 2014 at 15:41

Firstly, we're talking Windows 8, and secondly, you actually believe that 2nd article?

BWHAHAHAAHHAHAHAHAHA

BitLocker, as found in 8/8.1 is not closed source as it's fundamental core protection is enhanced around Intels AES-NI