Windows Vista security

BitLocker demystified: Common misconceptions

This segment of the BitLocker guide, courtesy of, clears up rumors about the security tool by addressing and correcting two common misconceptions to help channel professionals gain a deeper understanding of BitLocker's strengths and weaknesses.

BitLocker Drive Encryption, the security feature touted in Windows Vista, is sparking controversy. Some of the furor is predicated on misinformation about what BitLocker really is or how it is to be used, or how it might be possible to perform an end-run around it.

BitLocker has no key escrow system. "Key escrow," a controversial provision in some encryption systems, allows a third party such as a government body to hold a set of universal keys that would allow any data encrypted by the system to be unlocked with one of those keys. When asked if BitLocker would have any such "back door" provisions, Niels Ferguson, one of the Microsoft developers responsible for BitLocker, responded as bluntly as possible: "Over my dead body. … In the unlikely situation we're forced to [add key escrow] by law, we'll either announce it publicly or withdraw the entire feature."

You can't gain access to a BitLocker volume by simply installing a parallel copy of Vista or moving the hard drive to another computer. BitLocker uses multiple key structures to ensure that a system volume cannot be decrypted by using another parallel install of Vista or some other extra operating system (OS) mechanism. Only the OS, encrypted by a given combination of keys, can access the key required to read the boot volume.

BitLocker demystified: End-to-end encryption for Vista

  The basics
  Keying up
  Common misconceptions

About the author
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

This tip originally appeared on

This was first published in January 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: