IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [bitlocker]

A logical volume encryption feature included with specific versions of Microsoft Windows Vista and later.

BitLocker is a logical volume encryption feature included with specific versions of Microsoft Windows Vista and later.

Related reading

168 questions
46
votes
8 answers

Force user to remove USB token

I'm looking at setting up secure laptops using BitLocker with pre-boot PIN and startup key. I'm wondering if there is a way to force the user, who is remote, to remove the USB with the startup key before they can log on or use Windows. Otherwise,…
IamNaN
  • 742
  • 2
  • 9
  • 15
35
votes
11 answers

Is Windows BitLocker secure?

Naturally I feel that I have to ask this question, since it's a built-in feature in Windows. Let's say someone has physical access to my PC, is there an easy way for them to access a BitLocker protected drive without physically tampering with the PC…
astralbanana
  • 453
  • 1
  • 4
  • 4
31
votes
2 answers

Is Bitlocker secure enough for portable storage devices?

I have recently lost a USB flash drive that contained some important information. Fortunately, it was protected by Bitlocker. I felt the impulse to ask exactly how secure it is. Most answers on this site related to Bitlocker seem to be about…
trisct
  • 415
  • 1
  • 4
  • 6
28
votes
2 answers

Right way to use the TPM for full disk encryption

I'm currently setting up a BitLocker equivalent using a TPM and LUKS. I've got the basics right and I'm able to measure the boot process and seal the FDE key using the TPM. Every time the sensitive parts (firmware, bootloader, kernel) are updated…
André Borie
  • 12,706
  • 3
  • 39
  • 76
21
votes
6 answers

Why use a Smartcard for (Two Factor) Auth instead of another medium?

I recently installed Bitlocker on my Windows 8.1 machine, using only a password. I was thinking of getting something other than just a password for my storage drive, something physical, like a USB, SD Card, or Smart Card! I've asked and poked…
Lighty
  • 2,368
  • 1
  • 23
  • 36
20
votes
2 answers

TrueCrypt vs BitLocker

I would like to ask which one of these TrueCrypt or BitLocker is safer to implement and encrypt the data in a small business environment (Windows 7, 8.1 and Windows Server 2012r) I read about BitLocker and I am confused. Many IT professionals…
Michal Koczwara
  • 1,580
  • 3
  • 15
  • 27
18
votes
4 answers

How can I tell if BitLocker is successfully enabled on remote hosts?

All machines from my network should have BitLocker successfully applied to them. Is there a way that I can remotely query the machines to see if: Bitlocker has been enabled, Bitlocker has fully encrypted the drive. Ideally I am looking for a way…
KingJohnno
  • 1,155
  • 2
  • 11
  • 19
17
votes
2 answers

BitLocker Drive Encryption NOT secure from drive mapping on network

I have a USB drive encrypted with BitLocker Drive Encryption. Each time I insert the drive in my USB port it works as expected, requires me to enter the password. Maybe I have the BitLocker Drive Encryption configured wrong or something not sure…
Rose
  • 405
  • 1
  • 4
  • 9
17
votes
3 answers

How does Bitlocker + TPM prevent me seeing the HDD contents with another OS?

I've googled the heck out of this, and have read multiple related questions on this site, but I'm still missing a crucial piece of the puzzle. I have a (work) laptop with Win10 Pro which is encrypted with Bitlocker. For quite a while I didn't even…
Neilski
  • 171
  • 1
  • 8
15
votes
2 answers

When do shared disks "leak" data to other VMs, and how is that mitigated?

Inspired by this answer, I would like to know what are some common threats and mitigation techniques used to prevent one VM from leaking data to another via the shared storage infrastructure. Possible vulnerable scenarios include EMC SANs that…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
12
votes
4 answers

Is looking for plain text strings on an encrypted disk a good test?

I have a dual boot PC, where the Win10 (uncompressed) partition is encrypted with BitLocker. I was curious about making this test (and also encryption took quite a short time in my opinion), so while running Linux I did this: # cat /dev/nvme0n1p3 |…
golimar
  • 239
  • 2
  • 7
11
votes
3 answers

Can a physical attacker compromise a Windows machine with UEFI, secure boot and bitlocker?

Machines such as the MS Surface Pro 3 comes with bitlocker encryption and UEFI secure boot out of the box. However, the default boot order is network -> usb -> ssd. If an attacker gets physical access to the machine (while it is locked or…
Kevin Lee
  • 456
  • 4
  • 12
11
votes
2 answers

Secure Boot on Microsoft Surface Pro 3 (or modern PCs)?

Got a Surface Pro 3 today and noticed in it's EFI that it's got TPM enabled, "Secure Boot" enabled (unsure what such an umbrella/catch all term actually covers) And then in Windows 8.1, it's got BitLocker turned on I was a little surprised that…
DeepSpace101
  • 2,143
  • 3
  • 22
  • 35
11
votes
3 answers

Offline Bruteforce attack against a Bitlockered Windows PC

I am currently assessing the security of Bitlocker from the perspective of an offline attack against a stored password (used to secure the Full Disk Encryption key). My assumption is that the password used to decrypt/determine the FDE key has to be…
MattCotterellNZ
  • 153
  • 1
  • 1
  • 7
9
votes
1 answer

Are there other ways to encrypt files other then TrueCrypt and BitLocker

I don't trust BitLocker. Probably backdoored and relies on TPM which can be hacked according to DEFON. It also does not allow for hidden partitions or other advantages like TrueCrypt. With TrueCrypt and the state that it is in, are there any other…
Jason
  • 3,086
  • 4
  • 20
  • 24
1
2 3
11 12