1

I understand that there are multiple reasons that a recovery key might be needed on a system partition, but why would I want the extra security risk of having a way of circumventing my password for removable media?

Why is windows asking for my recovery key?

Windows will require a BitLocker recovery key when it detects an insecure condition that may be an unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure

If I've understood this correctly, it only applies to fixed drives. Why not write down my password, or a reminder, rather than a key that's impossible to remember and does the same thing?

This feels like a stupid question, but I've been unable to find a straightforward answer. Have I misunderstood something about how BitLocker to Go works? Does the recovery key offer any protection against the media or data being corrupted?

VeraCrypt appears to only require a rescue disk for the system partition.

One scenario I thought of was if law enforcement want you to unlock a drive and you don't want to give up a password that is used elsewhere or key escrow.

To try and expand upon my confusion, the message when you setup bitlocker on a system partition:

A recovery key can be used to access your files and folders if you're having problems unlocking your PC. It's a good idea to have more than one and keep each in a safe place other than your PC.

"safe" here is ambiguous:

  1. Safe from attackers as it can bypass your password
  2. Safe from being lost, because you might need it even if you still have your password due to hardware failure or a change in configuration

In fact, for system drives, both are true.

For portable drives, the message reads

If you forget your password or lose your smart card, you can use your recovery key to access your drive.

Comparing this with EFS on wikipedia:

Files encrypted with EFS can only be decrypted by using the RSA private key(s) matching the previously used public key(s). The significance of this is occasionally lost on users, resulting in data loss if a user forgets his or her password, or fails to back up the encryption key.

Where presumably the private key is still symmetrically encrypted with a password.

a2k42
  • 113
  • 3
  • 1
    When attack conditions are detected (and the appropriate group policy has been set by an administrator) Bitlocker locks out password attempts and requires the 48-digit recovery key. This is to prevent unlimited attempts at cracking a password that is almost certainly less secure than the recovery key. – fuzzydrawrings Apr 13 '21 at 23:52

1 Answers1

0

BitLocker (in all uses) has a master encryption key which is encrypted using keys based on several "protectors". Common protectors for system partitions are TPM, passphrase ("PIN"), file-based key, and so on. BitLocker can also be temporarily "suspended" by writing a plain-text protector to the volume. Across all use cases, the recovery key is an additional protector (it can be disabled if you want to, though you'll probably need to use the command-line manage-bde.exe tool to do it).

For any version of BitLocker where a PIN/passphrase protector is used, there's a risk of an attacker attempting to brute-force it. BitLocker has standard protections against this (mostly the use of an extremely slow password hashing function), which work both for online and offline attacks. However, in the case of online attacks, BitLocker can also respond to repeated incorrect password attempts by removing the PIN/passphrase protector (deleting the data necessary to derive the protection key for decrypting the master key, even if the correct password is later entered). While this doesn't stop somebody who imaged the BL metadata before attempting their attack, or who is accessing the volume through a write-blocker, it does prevent casual attempts to break into an encrypted flashdrive or external hard disk.

However, with the PIN/passphrase protector gone, you need some other protector if you want to ever decrypt the drive. That - in addition to "forgot password" cases - is what the recovery key is for. It also provides a long-term secret that can be thrown in a safe or something and doesn't need to be updated even if you change the passphrase.

CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • There aren't many scenarios that I can think of where an attacker has access to removable media and I'm ever getting that media back. If the device is lost or stolen it's gone. A flatmate or burglar who gets access to the device would also have access to any locally stored recovery keys, [The Man](https://en.wikipedia.org/wiki/The_Man#:~:text=%22The%20Man%22%20is%20a%20slang,commonly%20used%20to%20describe%20oppression.) can no doubt get access to my Microsoft account. The system does seem to assume you have an offsite safe. a) key is stronger than password b) recover accidental lock-outs – a2k42 Apr 14 '21 at 08:51
  • A flatmate, burglar, colleague, family member, etc might have access to a recovery key stored in the file system, if I've let an untrustworthy person use my machine unobserved or left the computer logged in and unlocked (or unencrypted). They wouldn't have access to a recovery key stored in a safe (unless they lift the key off me too), or on a slip of paper in my wallet, or indeed in my MSFT account (sure, The Man could get that one). As for getting it back, stop thinking e.g. state actors and think instead nosy kids or teammates or janitors or lost-and-found (official or "friendly"). – CBHacking Apr 14 '21 at 09:24
  • Opening a backdoor for nosy kids who'd never crack my password doesn't seem worth it. The added complexity of the recovery key only seems to make sense for more sophisticated attacks, that as you point out, I don't really need to worry about. What you seem to be saying is that *I do need to worry* about 'nosy kids' locking me out of a removable drive if I don't have a recovery key for it, because that's how it works, and therefore also need to be careful about where I keep that backdoor. – a2k42 Apr 14 '21 at 10:55
  • You'd need to make sure the password protector doesn't delete itself if somebody tries to brute-force it, then. If you're confident enough to do without the (minor) brute-forcing protection of that feature, though, and can be confident it's disabled... Well, you asked why the recovery key exists, and now you know. – CBHacking Apr 14 '21 at 11:57