Jump to content



Photo

Bitlocker with key on USB, how secure?

bitlocker usb security

  • Please log in to reply
21 replies to this topic

#1 bobbba

bobbba

    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 05 October 2013 - 18:46

Hi,

 

I've come across a friend's setup where he has secured his boot/system hard drive using Windows 7 Bitlocker using a key stored on a USB drive that he always leaves in the computer (with no startup PIN). If his PC was stolen how secure would it actually be?

 

We've discussed it at length as I'm pretty sure that it is the equivalent of locking your house but leaving the keys in the door. Do any of you know for a fact how secure this actually is? I'd also appreciate any articles or references that state the facts about this?

 

Any help greatly appreciated!




#2 OP bobbba

bobbba

    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 05 October 2013 - 18:52

just to clarify this is security from a "relatively determined  techie willing to spend some time on it" point of view and not from a "hide stuff from the FBI" point of view!



#3 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 05 October 2013 - 18:52

Well if you always leave the usb key in, what exactly is the point?

I am going to have to agree with you, but if someone didn't know and they inadvertently took it out and wiped the usb then the information on the hard drive would be useless, but common theft really aren't after what is on the hard drive,.... They want the hardware.

#4 OP bobbba

bobbba

    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 05 October 2013 - 19:03

Well if you always leave the usb key in, what exactly is the point?

I am going to have to agree with you, but if someone didn't know and they inadvertently took it out and wiped the usb then the information on the hard drive would be useless, but common theft really aren't after what is on the hard drive,.... They want the hardware.

 

Well the Windows install does have password protected users so if a thief powered it on they would see a logon prompt. I'm not 100% sure of how the PC would operate if the thief tried a basic recovery disk or even just reinstalled Windows over the top. Would it just find the key on the USB drive and allow access to all the PC's files as though it was not even encrypted for example or is it better than that?



#5 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 05 October 2013 - 19:27

The windows password can be easily cracked it is about as secure as a twisty tie keeping thieves away. There are plenty of password reset utilities available by a Google search.

#6 OP bobbba

bobbba

    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 05 October 2013 - 19:34

The windows password can be easily cracked it is about as secure as a twisty tie keeping thieves away. There are plenty of password reset utilities available by a Google search.

 

But would Bitlocker block them being able to do the pw reset though (at least the typical/mainstream ones)? Or would the PC boot into password reset utility and access the Bitlocker'd drive using the USB drive's encryption key?



#7 greenwizard88

greenwizard88

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 28-November 04

Posted 05 October 2013 - 19:44

Bitlocker uses a logical partition that's encrypted. It's theoretically impossible to break into without the key. If you leave the key plugged in all of the time, that's another story, but the implementation of bitlocker should be very secure.

 

More: http://en.wikipedia....rive_Encryption



#8 Matthew_Thepc

Matthew_Thepc

    Neowinian

  • Joined: 16-July 11
  • Location: San Jose, CA
  • OS: Windows 8.1 RTM

Posted 05 October 2013 - 19:50

If he leaves it in all the time it's completely useless. If nothing else, the thief could just boot into Windows To Go, and then decrypt the C:\ drive and take all the data that way.

I know you're not talking about the FBI and stuff, but it's legally safer to have a password instead of a USB key, since the government can force you to hand over a physical key, while they can't force you to incriminate yourself by telling them the encryption password.



#9 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 05 October 2013 - 19:55

But would Bitlocker block them being able to do the pw reset though (at least the typical/mainstream ones)? Or would the PC boot into password reset utility and access the Bitlocker'd drive using the USB drive's encryption key?


Yes and no. If you can uninstall bit locker with the usb installed that is moot, uninstalling bit locker will negate the security bit locker provides

#10 +LightEco

LightEco

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 17-November 06
  • Location: San Francisco, CA
  • OS: Win 8

Posted 05 October 2013 - 19:59

The way he has it setup is like putting your car in a vault, but leaving the vault door open. The only real defense left is the car's door locks (Windows Password), the vault itself (Bitlocker) is totally useless unless you lock the door.



#11 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 05 October 2013 - 20:42

also assume that BitLocker is backdoored



#12 OP bobbba

bobbba

    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 05 October 2013 - 20:42

All of the above pretty much mirrors my thoughts on it. I was hoping for some clear cut reference though that demonstrates it's a futile step without having to resort to testing it in practice. Does anyone know of any or is it so bad that nobody has given it any serious consideration?



#13 Gotenks98

Gotenks98

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 18-December 01

Posted 05 October 2013 - 21:12

I would say don't bother unless its on a HDD that in a system supports TPM. What I see happening a lot is for BL is doing it for a USB key the data does get corrupted easy. I have had 5 of these to get corrupted in this past year alone. I am not sure what it is about usb keys but not HDDs.



#14 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 05 October 2013 - 21:17

I goes beyond documented proof.... It is common sense

#15 arachnoid

arachnoid

    A day without sunshine is like night.

  • Tech Issues Solved: 5
  • Joined: 03-November 11

Posted 05 October 2013 - 21:26

 

“When BitLocker is suspended, BitLocker keeps the data encrypted but encrypts the BitLocker volume master key with a clear key.” – Is that so? 

More digging around the documentation did finally reveal that yes, Microsoft knows that the system must be logged out "gracefully" for encryption to work.

Source

 

Unlock BitLocker under Windows PE

 

 

To unlock a BitLocker encrypted drive from the command prompt, you need the Windows command manage-bde. However, if you only have a common bootable Windows PE USB stick, your heroic deed will miserably fail with this error message:

ERROR: An error occurred (code 0×80040154):
Class not registered