Windows Vista Bitlocker: Boon or Bust?

A controversial new Vista feature called Bitlocker sounds simple enough. Combined with a Trusted Platform Module (TPM) chip on a PC's motherboard, Bitlocker encrypts an entire hard drive. Microsoft says this feature will help companies, especially those with executives traveling around with key corporate data on their laptops, keep private company information private. But there are fears that Bitlocker will be used by lawbreakers to secure their data as well. And because Microsoft has pledged that there will never be any backdoors created for Bitlocker, information stored on those encrypted hard disks will always be safe from prying eyes, good or bad.

Here's how it works. Bitlocker is a hardware-backed encryption feature that protects an entire hard drive from being hacked. It integrates with a TPM 1.2 chip and leverages an 128-bit or 256-bit AES encryption algorithm. (You can optionally use Bitlocker on non-TPM systems as well, but in such a case you must supply a USB memory key or an alphanumeric password in order to access the system.) Bitlocker interacts with TPM-enabled systems and is thus secure even during the boot-up process when used in conjunction with TPM. (On non-TPM systems, Bitlocker cannot guarantee boot file integrity.)

If you're familiar with the Encrypting File System (EFS), a feature of NTFS, you may be wondering what the big deal is. While there are some serious technical differences between the two features--most obviously, that Bitlocker utilizes a stronger hardware-based encryption scheme--the end result is the same: Data is encrypted so that thieves won't be able to recover it by simply plugging the hard drive into a different PC. Bitlocker is what Microsoft used to call Secure Startup and Full Volume Encryption. For the truly security conscious, it's even possible to use both Bitlocker and EFS together. That's because Bitlocker only protects the volume on which the Windows operating system is installed. So you can use EFS to protect data on other volumes, and because EFS stores its encryption keys on the OS partition, all of the EFS-protected data is more secure as a result.

Confusingly, Bitlocker requires a number of configuration options, including two separate partitions for the boot files and operating system. Microsoft provides instructions for configuring a system for Bitlocker, so I won't repeat those steps here (see the Microsoft Web site for more information). The more important point, I think, is that Bitlocker raises a lot of questions.

For corporations that don't mind investing in TPM-based hardware, Bitlocker may seem like an obvious choice. But Microsoft isn't yet admitting what kind of performance hit Bitlocker-based systems will incur. And it appears that Bitlocker requires an onerous amount of configuration to be used effectively. It's unclear that even in heavily managed environments that Bitlocker can easily be rolled out to individuals without a lot of hands on work by administrators.

Machines that utilize Bitlocker without TPM can technically succumb to brute force attacks. Indeed, even hardware-based Bitlocker-based systems could theoretically be usurped, though Microsoft calls such attempts "unfeasible." Ultimately, the effectiveness of Bitlocker is determined largely by how well its configured and set up to begin with. Thus, the possibility of human error raises its ugly head once again.

And then there's the recovery issue. Data protected by Bitlocker is literally unrecoverable in the event that the user forgot their recovery password or lost the recovery key. (Unless of course Moores Law finally catches up with 256-bit AES encryption.) Microsoft recommends that users store this information in a safe place, but again, people are human. Mistakes happen.

I've only tested Bitlocker briefly, but I'm intrigued by its Windows integration and Group Policy capabilities, and of course, no one wants to think that their data is being pawed over by others, be they competitors, criminals, or both. But I'm a bit nervous that Bitlocker might ultimately do more harm than good. Will the number of people burned by Bitlocker's unbreakable encryption exceed those who are saved by this feature? Only time will tell.

This article originally appeared in the May 5, 2006 issue of Windows IT Pro UPDATE.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish