BitLocker demystified: Common misconceptions

This segment of the BitLocker guide clears up rumors about the security tool by addressing and correcting two common misconceptions to help channel professionals gain a deeper understanding of BitLocker's strengths and weaknesses.

This segment of the BitLocker guide, courtesy of SearchWindowsSecurity.com, clears up rumors about the security tool by addressing and correcting two common misconceptions to help channel professionals gain a deeper understanding of BitLocker's strengths and weaknesses.

BitLocker Drive Encryption, the security feature touted in Windows Vista, is sparking controversy. Some of the furor is predicated on misinformation about what BitLocker really is or how it is to be used, or how it might be possible to perform an end-run around it.

BitLocker has no key escrow system. "Key escrow," a controversial provision in some encryption systems, allows a third party such as a government body to hold a set of universal keys that would allow any data encrypted by the system to be unlocked with one of those keys. When asked if BitLocker would have any such "back door" provisions, Niels Ferguson, one of the Microsoft developers responsible for BitLocker, responded as bluntly as possible: "Over my dead body. … In the unlikely situation we're forced to [add key escrow] by law, we'll either announce it publicly or withdraw the entire feature."

You can't gain access to a BitLocker volume by simply installing a parallel copy of Vista or moving the hard drive to another computer. BitLocker uses multiple key structures to ensure that a system volume cannot be decrypted by using another parallel install of Vista or some other extra operating system (OS) mechanism. Only the OS, encrypted by a given combination of keys, can access the key required to read the boot volume.


BitLocker demystified: End-to-end encryption for Vista

  Introduction
  The basics
  Keying up
  Common misconceptions
  Competition

About the author
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

This tip originally appeared on SearchWindowsSecurity.com.

This was last published in January 2007

Dig Deeper on Application security and data protection

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close