Calling all Bitlocker experts:where the heck's the password?

[mgo]

Maybe I just don't "get it" with Bitlocker. When using True Crypt to encrypt the system partition, one must create a password that is then asked for at bootup.

With Bitlocker, there is no dialog at all to create a password at boot. Yes, my T60 has the TPM, and Bitlocker does the TPM setups when enabling it. But then, after the drive is encrypted, there is no log on password. Geeze, just any old person can start my machine.

Am I missing something here? Is it the overly complex Policies area that is hiding password enabling? ....or does Bitlocker in Windows 7 still just suck as always?

[tinue]

Bitlocker is about drive encryption. The password to decrypt your drive is stored inside the security chip of your Thinkpad.
To fully secure your system you also need to set an ordinary Windows logon password.
This way, if someone steals your Laptop, you are protected:
If the thief tries to circumvent the Windows logon security (e.g. by booting Linux, which ignores the Windows security), then the Thinkpad will kick in: It prevents the release of the disk password, because the logon doesn't happen in the ordinary way. Therefore, Linux will boot, but can't read a a single unencrypted bit from the drive.
-> Only Bitlocker and Windows Logon password together will fully secure your laptop.

Regards, Martin

[dsvochak]

Only Bitlocker and Windows Logon password together will fully secure your laptop.

How is this more secure than the thinkpad built in power on, supervisor and hard disk password?

[mgo]

Bitlocker is about drive encryption. The password to decrypt your drive is stored inside the security chip of your Thinkpad.
To fully secure your system you also need to set an ordinary Windows logon password.
This way, if someone steals your Laptop, you are protected:
If the thief tries to circumvent the Windows logon security (e.g. by booting Linux, which ignores the Windows security), then the Thinkpad will kick in: It prevents the release of the disk password, because the logon doesn't happen in the ordinary way. Therefore, Linux will boot, but can't read a a single unencrypted bit from the drive.
-> Only Bitlocker and Windows Logon password together will fully secure your laptop.

Regards, Martin

Oh....I see! Nowhere in any of the various articles I have read, including those from Microsoft did I see a mention that it is the -Windows log on password- that makes bitlocker work! I did not realize the Windows logon was tied to Bitlocker. Now, it makes some sense to me!

If you don't mind, could you tell me where you got that information? I very much would like to read up on it some more.


thanks....

[tinue]

How is this more secure than the thinkpad built in power on, supervisor and hard disk password?

The disk password doesn't encrypt the data. In principle one could probably replace the drive electronics with one from another drive that does not contain the disk password. The question in the end is if your data is valuable enough for the attacker to warrant such expensive measures.
All I want is to sleep well after I accidently leave my laptop somewhere. People with "normal" equipment should not be able to casually look around my data. For this, I prefer Bitlocker over a disk password because I don't have to type it at boot time.

If you don't mind, could you tell me where you got that information? I very much would like to read up on it some more.

I can't remember a single source / article. I think I came from the "other side": Seeing the achilles heel of the ordinary Windows security model. As soon as someone gets physical access to a machine, the security is toast. A NTFS formatted disk contains security descriptors, but they can be ignored by a program which can read NTFS structures (such as Linux). One can even boot a Windows recovery DVD and reset the Administrator password.
Now as soon as the disk content is encrypted all this no longer works, physical access is no longer enough to crack a system.

There still is an angle of attack to Bitlocker, it is called a "cold boot attack" (see Wikipedia). But like replacing the drive electronics, this attack requires some level of sophistication and therefore not any casual finder of a lost laptop will bother.

Regards, Martin

[bapatterson]

Succinct explanation. Thanks.

So which is a better alternative: Bitlocker or True Crypt?

If I have to read the disk in another computer due to a hardware failure, it seems like not being tied to the TPM chip would be a good thing.

Isn't the only side of True Crypt that you have to enter a separate password at boot-up?

[dsvochak]

For this, I prefer Bitlocker over a disk password because I don't have to type it at boot time.

Since I've been tying in the boot/supervisor password, the hard disk password and the windows password for as long as I can remember, and would continue to do so, I see no advantage to Bitlocker.

[mgo]

[/quote] Since I've been tying in the boot/supervisor password, the hard disk password and the windows password for as long as I can remember, and would continue to do so, I see no advantage to Bitlocker.[/quote]

Agreed on the hard drive password. I use that all the time and feel secure with the idea. Up until Windows 7, BitLocker has been very much half-baked and unpleasant to set up. The only reason BitLocker is attractive to me now, is the ability to encrypt a USB external drive or other device. This gives me standardized data protection, rather than having to use a 3rd party encryption program for that spare backup drive that I keep in the car.

[Ryan_C]

You can backup your bitlocker key (by printing it or storing it on another volume or USB key) by going to Control panel, Security, Bitlocker Drive Encryption, Manage bitlocker, and Duplicate the recovery password.

[DesktopJinx]

ThinkPad hard disk password crack is available out there.

BitLocker offers its own startup password. If you don't want your encrypted partitions to be readable by someone who steals your notebook, consider setting up a (good) BitLocker startup password. TPM alone is only worthwhile if you trust that all your Windows passwords are good and your Windows OS is unexploitable.

Oh, also, all the startup passwords in the world are for naught if you just put your notebook to sleep and it wakes back up without prompting as a running OS, reducing security to just your Windows password (unless you've disabled that too...).

Defense in depth