A logical volume encryption feature included with specific versions of Microsoft Windows Vista and later.
BitLocker is a logical volume encryption feature included with specific versions of Microsoft Windows Vista and later.
Questions tagged [bitlocker]
168 questions
3
votes
1 answer
Writing to drive with full drive encryption without decrypting
Consider the case where a computer has 2 drives: one for a Windows OS and one for a Linux OS. The user then uses full drive encryption, BitLocker, on the Windows drive.
It can be assumed that Linux cannot read data from the encrypted drive in normal…
schroeder
- 123,438
- 55
- 284
- 319
3
votes
1 answer
Bitlocker on a laptop without carrying around recovery key
We have a rule in my company that all PC drives must be encrypted with BitLocker, including laptops.
My own Windows 8 laptop has a tendency to hang at shutdown, black screen but the computer never stops (once waited for 30 minutes to no avail). I'd…
guillaume31
- 133
- 4
3
votes
1 answer
Bitlocker lock drive on standby or switch users
Is it possible to autolock a drive with Bitlocker when the laptop goes on standby or sleep mode?
Or when the user is changed?
I want the drive to be accessible only by one user.
gtht90
- 31
- 3
3
votes
2 answers
Is there a reliable way to simulate "Evil Maid Attack" boot path tampering when using bitlocker?
Suppose you have a system whose OS drive is encrypted with bitlocker and uses TPM + PIN authentication to authenticate the boot path against tampering. As I understand it, this setup theoretically protects against bootkits that otherwise could…
alx9r
- 569
- 4
- 18
3
votes
1 answer
Can I secure the bootloader without a TPM?
I have a lot of PCs without a TPM installed. Buying TPMs for all of them is not an option, but I still want to do encryption on them.
From what I've studied so far, the entire system/boot partition can be encrypted. The bootloader (or the ESP…
Livy
- 133
- 3
3
votes
1 answer
Has there ever been a known case of Bitlocker breach through lock screen?
Scenario: A Windows user with Bitlocker-encrypted OS drive uses Win+L shortcut to lock their computer, but leaves it powered on. At this point, their house is raided (by police, or thieves, or FBI, simply someone with desire to gain access to the…
masiton
- 33
- 3
3
votes
0 answers
Is 256-bit BitLocker encryption really 256-bit?
It might sound like a silly question, but clearly I'm not getting something. I've enabled 256-bit encryption in group policy settings and encrypted a drive. manage-bde -status says Encryption Method: XTS-AES 256. But the recovery key is still 48…
user228001
- 43
- 2
3
votes
0 answers
BitLocker Sleep/Hiberate Settings for DMA protection
The Bitlocker the guidance from Microsoft is to disable sleep states and use hibernate in combination with TPM + PIN for elevated security against cold boot and DMA attacks. Unfortunately this is pretty inconvenient as it results in very frequent…
asdf
- 31
- 1
3
votes
1 answer
What is the relationship between Windows BitLocker and Hasleo BitLocker Anywhere?
Whilst researching alternatives to BitLocker which work on Windows 10 Home, I came across a product called "BitLocker Anywhere" from Hasleo. Since they use such similar names I was trying to figure out if they are related.
Is this a completely…
Andy
- 253
- 2
- 6
3
votes
1 answer
Do pre-boot software keyloggers exist?
Let's sat for example that I have a laptop with just one hard drive running Windows 10. The Laptop's C:\ (boot) drive is encrypted using Bitlocker, and it set up to ask for a PIN on start to decrypt the drive and load the OS.
Is there such a thing…
Digital Lightcraft
- 153
- 5
3
votes
1 answer
Is full disk encryption per disk or per partition?
This is mostly a general question about full disk encryption, but I have bitlocker in mind.
What does it mean when people say full disk encryption? Because I imagined that it literally encrypts the whole physical disk, which requires a pre-boot…
vpskbk8s83hak7df3_ir
- 41
- 1
- 3
3
votes
1 answer
Is it possible to extract secrets from a TPM without knowing the PIN?
I understand the general operation of a TPM, and in particular the interest of using a pre-boot PIN: if someone gets access to the machine (turned off), turning on the computer will not be enough to get the keys stored in the TPM and thus decrypt…
crypto-guest
- 31
- 2
3
votes
1 answer
Will new data written to disk while BitLocker is encrypting the disk be encrypted?
When you enable BitLocker, there is a period of time where BitLocker is slowly encrypting the contents of the drive in the background. During this time, is it guaranteed that new data written to the disk will be encrypted as it is written? Or is it…
Chris Vasselli
- 133
- 1
- 4
3
votes
2 answers
Safety level of encrypting data with BitLocker?
Is it kind of impossible to decrypt data that is encrypted by BitLocker and data will be safe enough if my computer was stolen?
Hany Pharmacy
- 33
- 3
3
votes
2 answers
At what point is a Bitlocker drive unlocked and how does additional pre boot pin add to security?
If I enable Bitlocker on a regular Windows 10 machine, how does the unlocking process work? I presume I put in my Windows password and at that point it starts the unlock process. Why is there an additional pre boot option and how does this add to…
user1102550
- 981
- 1
- 10
- 15