Home > Questions

How well can BitLocker be trusted?

I'm considering rolling out BitLocker to my Windows machines since (during tests, anyway) it integrates so well with AD. My question is how well can BitLocker be trusted? I have some fairly sensitive data that needs to be encrypted, but since it's proprietary software and users have been flipping out over the NSA scandal, I'm not sure whether or not there's a backdoor in BitLocker. TrueCrypt is nice and free, but damn is it difficult to manage.

Best Answered by

iBoysoft author Ciki Liu

Ciki Liu

Answered on Thursday, January 12, 2023

 

For general information and file encryption, BitLocker is a secure option. As the built-in full-disk encryption on Windows, it is able to safeguard your data by encrypting the entire volume. Without the encryption key or the recovery key, BitLocker stops any unauthorized access.

The new XTS-AES encryption algorithm is now supported by BitLocker. With XTS-AES encryption, your data gets an extra layer of protection from attacks that rely on modifying cipher text to create predictable changes in plain text. Meanwhile, both 128-bit and 256-bit XTS-AES keys are supported by BitLocker.

Additionally, you may use the TPM (Trusted Platform Module), a hardware component installed in newer computers, with BitLocker for maximum security. Hackers are not able to extract your BitLocker encryption keys out of the TPM hardware. Attacks from Evil Maid are also mitigated because TPM will check the pre-boot components to make sure nothing has been tampered with.

Furthermore, it won't be possible to boot your device from another OS, such as Linux and another Windows, to extract the recovery keys because the TPM won't release its keys if it detects you're doing so.

With that being said, BitLocker cannot be unlocked without the BitLocker recovery key and password. Anyone won't be able to access the encrypted data if both the recovery key and password are lost. Plus, it's a built-in feature of Windows, which makes it highly integrated with the operating system.

In terms of the TrueCrypt you mentioned, the key generation process used by TrueCrypt is rather poor that it cannot safeguard the computer capacity used by specialized services. Moreover, TrueCrypt is way more vulnerable to physical attacks when compared with BitLocker.

People Also Ask

Read More Questions

Read More Advice From iBoysoft's Computer Experts

bitlocker automatic device encryption

BitLocker Automatic Device Encryption: It Explains Automatically Enabled BitLocker on Windows 10/11

This post elaborates on BitLocker automatic device encryption, including what it is, how it works, how to activate and disable it, etc. And explains why some users found it enabled without knowledge.

Wiki Tips

format bitlocker drive

Format BitLocker Drive with or Without Password/Recovery Key

Reading this post to know how to format BitLocker encrypted drive on Windows and macOS. You can format BitLocker drive with or without password and recovery key.

How to Tips

how to encrypt USB on Mac and Windows

How to encrypt, password protect USB drive for Mac & Windows PC usage?

How to encrypt, password protect USB flash drive for Mac and Windows PC usage? With help of M3 Mac BitLocker Loader, BitLocker encrypted USB flash drive can be used for Mac and Windows PC.

Bitlocker Tips