Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Throble2010-11-05 03:49:18
Passwords
Throble, 2010-11-05 03:49:18

How effective is BitLocker for full drive encryption? Do you need a complex password?

System


A laptop with Windows 7 Ultimate installed and, accordingly, the ability to enable full disk encryption. In this case, as you know, a new partition of approximately 200 Mb is created (if for some reason it was not created during installation), on which the system stores a certain set of system files necessary to start Windows - this partition is not encrypted.

The encryption key is stored in the TPM chip. If the laptop does not have a TPM chip, the boot method is used with an inserted usb-flash, which stores the encryption key.

The method of loading the encryption key from a flash drive seems even safer, because. Without a flash drive, Windows will refuse to boot at all.

Question: Is it necessary to set a complex password to log in to Windows?


As I understand it, all data is encrypted using a key file and a password to enter the system. What happens if you boot from one of the many password reset disks and reset your password? As I understand it, the data will be irretrievably lost, or at least inaccessible with a new password.

Accordingly, provided that the password is not so easy that it can be manually picked up in the log on screen, then it seems that you can not care about its complexity and length.

However, as I understand it, because Windows does not decrypt the encrypted data until the password is entered, so obviously the password hash file is stored on the unencrypted partition. Accordingly, it can be copied and then, as usual, crack the password by selection. In this case, the complexity of the password should be treated as usual - with due attention.

I could not find documentation on how BitLocker technically works, so I'm asking if anyone knows if I'm right in my reasoning and guesses.

Will a relatively easy but brute force password save when using BitLocker to fully encrypt all drives, including the system one?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

8 answer(s)
Report
S
Sicness, 2010-11-05
@Sicness

Some strange thing if a password is used to enter the system ... The question arises: what if there are a lot of users? :)
As far as I understood from the wiki, in your case the key is stored in the TPM from where it is taken. That is, the password has nothing to do with it. According to the wiki, if you want a password, then the so-called PIN code is also used. That is, as far as I understand, the password from the user in Windows has nothing to do with it.
I recommend to pay attention to www.truecrypt.org

Report
N
NanoDragon, 2010-11-05
@NanoDragon

It is best to encrypt the entire disk, so that someone smart does not boot from a USB flash drive and leak / upload information to the hard drive.
For this, IMHO, the best program is DiskCryptor (Author from the Russian Federation), it has a plus compared to truecrypt in that it can encrypt unmarked hard, and I can see it as clean.

Report
Z
ZloyKakPes, 2010-11-05
@ZloyKakPes

The safest way is TRM and USB key fob :)
As far as I remember, the key is encrypted in the unencrypted boot area, and the key to it is PIN, TMP or USB, or a variation of these options.
When resetting the password, there will be no business - the data will remain encrypted, and the system will go into recovery mode.

Report
Z
ZloyKakPes, 2010-11-05
@ZloyKakPes

exactly. Even in the case of a reshuffle of Windows, having a key, you can restore access to data.

Report
T
throble, 2010-11-05
@throble

In general, I come to the conclusion that it makes sense to create, like Linux users, a separate partition a la home, make a user profile symlink to it, and encrypt this partition with BitLocker, because Again, it's stupid to waste CPU time encrypting/decrypting executable files and libraries.

Report
V
vladandreev174, 2015-01-15
@vladandreev174

Is it possible to encrypt data on all flash drives without exception?
And then when buying flash drives in i-no stores, it writes in the description that you can encrypt data on a flash drive, but I choose another one - nothing is mentioned about encryption.

Report
A
Alex, 2017-05-18
@asilonos

My opinion
- Full disk encryption does not make sense, because. does not help in some cases.
- It is more convenient to protect and encrypt important data using crypto containers such as VeraCrypt, Rohos Mini Drive. And immediately set up a permanent backup of the container in the Cloud by placing the container file in the Google Drive folder on the PC.
- it makes no sense to make the password on Windows complex, BUT the main thing is that it should not be "12345", i.e. something 8-character like Mihail51 will do!
- In the case of BitLocker, the principle "Encryption Is Not Enough" works - there is no open source code for the entire protocol and the community cannot study it. I personally don't trust them.

Similar questions
N
Nathan Trilesnik2014-07-21 01:22:55
Where are login options stored in Mac OS X? 0Reply
U
UserMiao2020-11-19 17:29:51
Why can't I log in to my Unity Id with the correct email and password? 0Reply
A
Anton Piskunov2014-09-29 04:36:34
Storing passwords and using them in a team. What are you using? 1Reply
D
Dmitry Logvinenko2016-11-03 00:18:39
What password manager do you use on Linux/Android? 9Reply
I
Intersect2014-11-24 12:54:19
Current cross-platform password manager? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question