Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Register Now

Announcement

Collapse
No announcement yet.

Can BitLocker Encryption Be Trusted?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Can BitLocker Encryption Be Trusted?

    Many people speculate that BitLocker may have a backdoor. Do you think that is the case? Can BitLocker be trusted to protect my data on a Windows system?

    #2
    There is no way to know with certainty if Microsoft has constructed a backdoor or some sort of secondary access feature for BitLocker.

    Generally, there are known problems and vulnerabilities associated with BitLocker and the Windows operating system.

    Note that Microsoft is involved in a program where new vulnerabilities are revealed to the U.S. government before a patch is made available.

    Therefore, even though there might not be a deliberate backdoor, any undisclosed security flaw associated with BitLocker should already be known and exploitable by the NSA.

    If Microsoft has or is aware of any practical way to decrypt a BitLocker encrypted drive, it would be required by law to assist the government upon request.

    If I had to take a guess, I would say that law enforcement and the NSA could likely access a drive encrypted with BitLocker.

    Comment


      #3
      To elaborate on what phant0m said, the probability that Microsoft will assist law enforcement upon request is extremely high. BitLocker cannot be trusted if your adversary is a law enforcement agency or the NSA. Nevertheless, BitLocker would protect your data against an ordinary thief.

      In the event that your data was not previously encrypted, it would be a good idea to securely wipe your hard disk using a Gutmann 35 pass wipe.

      When you are done wiping the disk, proceed by encrypting prior to transferring files back over. The next step is to properly wipe the media you utilized to transfer the data.

      Bear in mind that if you have a hybrid or SSD, then it would be a good idea to physically destroy the drive and get rid of it. SSDs have wear leveling which implies that previous data written to that drive might not actually be deleted.

      Comment


        #4
        What do you guys recommend for full disk encryption?

        Comment


          #5
          Originally posted by Dark Carnage View Post
          What do you guys recommend for full disk encryption?
          I recommend VeraCrypt for Windows. And for Linux, I recommend LUKS.

          Comment


            #6
            Generally, BitLocker is secure and is used by companies around the globe.

            One can't simply extract keys out of the TPM hardware. Evil maid attacks are mitigated as TPM will validate the pre-boot components to ensure that nothing has been altered.

            If one attempts to boot into another operating system such as Linux in order to extract passwords or the data, it would not be achievable.

            The reason is that the TPM will refuse to release its keys if it sees one booting into another operating system.

            Like others have implied here, if you are using BitLocker as a tool to prevent sophisticated adversaries like the NSA or law enforcement from accessing your data -- I'd be wary.

            Comment


              #7
              Originally posted by Mr. Robot View Post
              Generally, BitLocker is secure and is used by companies around the globe.

              One can't simply extract keys out of the TPM hardware. Evil maid attacks are mitigated as TPM will validate the pre-boot components to ensure that nothing has been altered.

              If one attempts to boot into another operating system such as Linux in order to extract passwords or the data, it would not be achievable.

              The reason is that the TPM will refuse to release its keys if it sees one booting into another operating system.

              Like others have implied here, if you are using BitLocker as a tool to prevent sophisticated adversaries like the NSA or law enforcement from accessing your data -- I'd be wary.
              What if I manage to pass the TPM's integrity check? And what happens if I fail?

              Comment


                #8
                Originally posted by Digit View Post

                What if I manage to pass the TPM's integrity check? And what happens if I fail?
                Passing the TPM's integrity check means that the keys will be released to be employed for on-the-fly encryption and decryption. Failing results in getting a BitLocker recovery key lockout and have to provide the recovery key to unlock the drive.

                The attacker should never have obtained this key. This means that it is always a bad idea to put both the recovery and key and your computer together.

                Comment

                Working...
                X