Home > Questions

How well can BitLocker be trusted?

I'm considering rolling out BitLocker to my Windows machines since (during tests, anyway) it integrates so well with AD. My question is how well can BitLocker be trusted? I have some fairly sensitive data that needs to be encrypted, but since it's proprietary software and users have been flipping out over the NSA scandal, I'm not sure whether or not there's a backdoor in BitLocker. TrueCrypt is nice and free, but damn is it difficult to manage.

Best Answered by

Ciki Liu

Answered on Tuesday, December 3, 2024

 

For general information and file encryption, BitLocker is a secure option. As the built-in full-disk encryption on Windows, it is able to safeguard your data by encrypting the entire volume. Without the encryption key or the recovery key, BitLocker stops any unauthorized access.

The new XTS-AES encryption algorithm is now supported by BitLocker. With XTS-AES encryption, your data gets an extra layer of protection from attacks that rely on modifying cipher text to create predictable changes in plain text. Meanwhile, both 128-bit and 256-bit XTS-AES keys are supported by BitLocker.

Additionally, you may use the TPM (Trusted Platform Module), a hardware component installed in newer computers, with BitLocker for maximum security. Hackers are not able to extract your BitLocker encryption keys out of the TPM hardware. Attacks from Evil Maid are also mitigated because TPM will check the pre-boot components to make sure nothing has been tampered with.

Furthermore, it won't be possible to boot your device from another OS, such as Linux and another Windows, to extract the recovery keys because the TPM won't release its keys if it detects you're doing so.

With that being said, BitLocker cannot be unlocked without the BitLocker recovery key and password. Anyone won't be able to access the encrypted data if both the recovery key and password are lost. Plus, it's a built-in feature of Windows, which makes it highly integrated with the operating system.

In terms of the TrueCrypt you mentioned, the key generation process used by TrueCrypt is rather poor that it cannot safeguard the computer capacity used by specialized services. Moreover, TrueCrypt is way more vulnerable to physical attacks when compared with BitLocker.