BitLocker demystified: Common misconceptions

This segment of the BitLocker guide clears up rumors about the security tool by addressing and correcting two common misconceptions to help channel professionals gain a deeper understanding of BitLocker's strengths and weaknesses.

This segment of the BitLocker guide, courtesy of SearchWindowsSecurity.com, clears up rumors about the security tool by addressing and correcting two common misconceptions to help channel professionals gain a deeper understanding of BitLocker's strengths and weaknesses.

BitLocker Drive Encryption, the security feature touted in Windows Vista, is sparking controversy. Some of the furor is predicated on misinformation about what BitLocker really is or how it is to be used, or how it might be possible to perform an end-run around it.

BitLocker has no key escrow system. "Key escrow," a controversial provision in some encryption systems, allows a third party such as a government body to hold a set of universal keys that would allow any data encrypted by the system to be unlocked with one of those keys. When asked if BitLocker would have any such "back door" provisions, Niels Ferguson, one of the Microsoft developers responsible for BitLocker, responded as bluntly as possible: "Over my dead body. … In the unlikely situation we're forced to [add key escrow] by law, we'll either announce it publicly or withdraw the entire feature."

You can't gain access to a BitLocker volume by simply installing a parallel copy of Vista or moving the hard drive to another computer. BitLocker uses multiple key structures to ensure that a system volume cannot be decrypted by using another parallel install of Vista or some other extra operating system (OS) mechanism. Only the OS, encrypted by a given combination of keys, can access the key required to read the boot volume.


BitLocker demystified: End-to-end encryption for Vista

  Introduction
  The basics
  Keying up
  Common misconceptions
  Competition

About the author
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

This tip originally appeared on SearchWindowsSecurity.com.

This was first published in January 2007

Dig deeper on Application security and data protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close