BitLocker

from Wikipedia, the free encyclopedia

BitLocker is a proprietary disk encryption of the company Microsoft , which from the server Windows Server 2008 and the client side in the Ultimate and Enterprise versions of Windows Vista and Windows 7 as well as the Pro and Enterprise versions of Windows 8 , Windows 8.1 and Windows 10 is included .

functionality

In order to be able to encrypt the system drive, Bitlocker needs its own partition on the hard drive, which is created automatically if necessary. It starts before the operating system and by default accesses a Trusted Platform Module (TPM) to check whether the hardware is unchanged and thus trustworthy. Microsoft recommends that you also force the entry of a PIN . However, when selecting the PIN, make sure that it is queried during the start routine at a time when the country-specific keyboard settings have not yet been loaded, i.e. the keyboard always corresponds to the US English standard. This means that Y and Z are swapped compared to the German keyboard, special characters are often on other keys, umlauts cannot be entered using the keyboard. As an alternative or in addition to the PIN, the start of the system can be made dependent on whether a USB stick with a key file is inserted. If neither is configured, BitLocker will not appear as long as the hard drive environment remains unchanged. For computers without a Trusted Platform Module, a key file on a USB stick can alternatively be used or a password can be entered.

The encryption is carried out by AES with a key length of 128 or 256 bits. Compared to Windows Vista, BitLocker from Windows 7 also supports the encryption of USB media (“BitLocker to Go”), which can also be read under Windows Vista and XP.

In principle, it is also possible to encrypt the system partition entirely without TPM and to use the PIN entry instead.

Recovery functionality

BitLocker saves the recovery data for decryption of the partition without a password during the encryption process in plain text on a data carrier and in managed environments also in the Active Directory . A key is created here for each partition. If a TPM chip is used, its recovery password is also saved. Either the original password or the TPM password is required for decryption; challenge-response authentication is currently not provided.

Software for extracting the BitLocker password during operation

Various companies such as Elcomsoft with System Recovery from version 7.05 offer software to cancel the Bitlocker encryption by reading the main memory of a mounted BitLocker drive. To do this, a program transfers the contents of the RAM, for example via the FireWire port. The key can then be displayed on another PC in the memory image. Access to protected data of the attacked computer is possible immediately or later. A memory image and thus the reading of the key is only possible on a computer that is switched on and on which the password has already been entered. This possibility of attack also exists for comparable programs such as TrueCrypt . TrueCrypt and Bitlocker delete the entered password from the RAM, only the key remains in the memory due to the principle involved.

Crisis of trust in hardware-based SSD encryption

Security experts found out in 2018 that hardware-based encryption of a solid-state drive (SSD hard drive) is not implemented correctly by many manufacturers. Some manufacturers were unwilling to give older SSDs a firmware update, especially not for the popular Samsung Evo range. Instead, the manufacturers indicated that they should switch to software encryption - also because this is easier to correct in the event of errors. Microsoft Windows drew the conclusion from this and automatically activates BitLocker for new installations and avoids the hardware encryption ex works with Windows 10 Version 1903. According to the magazine c't, the performance losses are "more measurable than noticeable" even if there is no AES acceleration.

Web links

Individual evidence

  1. ^ Ian Paul, Contributor, PCWorld | About | Smart fixes for your PC hassles: A beginner's guide to BitLocker, Windows' built-in encryption tool. August 1, 2016, accessed February 4, 2020 .
  2. BitLocker Drive Encryption - Microsoft Windows. Retrieved July 12, 2015 .
  3. Protecting Files with BitLocker - Microsoft Windows Help. Retrieved July 12, 2015 .
  4. Getting Started with BitLocker Drive Encryption . Microsoft. Retrieved April 26, 2010.
  5. How Strong Do You Want the BitLocker Protection? . Microsoft. Retrieved April 26, 2010.
  6. PC Magazin, BitLocker To Go under Vista and XP, http://www.pc-magazin.de/ratgeber/bitlocker-to-go-unter-vista-und-xp-1054748.html
  7. Elcomsoft Introduces BitLocker Support and Provides Instant Access to Locked Accounts , June 30, 2020, accessed July 28, 2020
  8. Cop2Cop News on internal security, police, security, justice, fire brigade and their interest groups : "... to bring a solution onto the market that offers the police, detectives and private detectives the opportunity to seize BitLocker and now also TrueCrypt encryption Bypassing computers. "
  9. PR Newswire: Passware Kit Forensic decrypts TrueCrypt hard drives in minutes
  10. Passware, Inc .: Acquiring Memory Image Using Passware FireWire Memory Imager
  11. golem.de: Decrypt Truecrypt and Bitlocker hard drives quickly
  12. Dennis Schirrmacher: Data from some self-encrypting SSDs can be viewed without a password. In: heise online. November 6, 2018, accessed November 3, 2019 .
  13. a b c Jan Schüßler: Trust is lost. BitLocker avoids hardware-based SSD encryption . In: c't . No. 23 , 2019, pp. 156–157 ( heise.de [accessed November 3, 2019]).