BitLocker™ Drive Encryption Vista Security Discuss BitLocker™ Drive Encryption in the Windows Vista forums; An exciting new frontier in hardware-based security is being unleashed in Windows Vista. BitLocker Drive Encryption promises to provide stronger data protection by attaching a microchip to the motherboard. ...

[ultralexy]

An exciting new frontier in hardware-based security is being unleashed in Windows Vista. BitLocker Drive Encryption promises to provide stronger data protection by attaching a microchip to the motherboard. The microchip, called Trusted Platform Module (TPM), contains passwords, digital certificates, keys and other vital security information. Due to the manner in which BitLocker encrypts and unlocks data, Microsoft feels this will ensure your computer is even protected while offline, lost or if it’s stolen. One of the neat things about TPM is that is relies totally on hardware to provide software encryption/decryption. Because it does not rely on the operating system, and rather its own internal circuitry, it is not vulnerable to software attacks.

An interesting side note: According to an article I read at PCWorld, TPM theoretically could be used in some pretty nefarious ways to circumvent the long arm of the law gaining access to your PC. Considering that we often see news footage of PC’s being carted away to aid the prosecution, this technology could prove to be quite a bump in the road. Do I hear a Justice Department review getting started already?

For those of you who are already running Vista, you can enable BitLocker Drive Encryption even without the TPM. I must warn you, this is not for the light-hearted. It can render your machine unusable if done incorrectly. So kids, don’t try this at home. And the rest of you, if you must, do this on a test machine. For the complete set of instructions, check out this site.

[dazzlin]

Wow, first I've heard of that. Cool stuff.

[ultralexy]

Yeah, it's pretty neat. I've done a bit more research into the Trusted Platform Module concept and found out some more interesting info. (Probably too much info, but I found it quite fascinating)

TPM is a specification created by the Trusted Computing Group. The Trusted Computing Group is a not-for-profit organization formed in 2003 to promote hardware-based security solutions. It's led by AMD, Intel, IBM, HP, Microsoft and a few other well-known tech companies. (Some irony there.)

There are only a handful of manufacturers that produce the microcontrollers at this time. And there are currently a few desktops and notebooks equipped with TPM's from companies such as Dell, Fujitsu, HP, Intel, Lenovo, and Toshiba.

The microcontrollers can be fitted into just about any computer requiring hardware-based security including email, VPN's and wireless authentication for 802.1.

From what I gather, TPM's can be used in conjuction with technologies like smart cards and biometrics. Should be very interesting to see how this emerges. Looks like this is a technology to keep an eye on.

Donna, do you think TPM's, in their application, might be a good example of a smarter gadget?

Lexy

[dazzlin]

Definitely a good example of how gadgets can use technology as they get more intelligent. I'll have to do a little research and blog about it over at Smarter Gadgets. Good tip.

[JoshW02@hotmail.co.uk]

think about it a lot of these new tech MS are bring out don't exists or aren't widely used yet just look at this list correct me if I am worng;

Bitlocker (tm)
Windows Side-show (tm)
Hybrid hard disk drive support (the HDD aren't around yet)

So therefore to me all this hyper future stuff no one is going to be able to use!

Don't get me wrong i voted for getting vista when it comes out on the VistaBabble.com poll but come on Mr Gates what is the point of adding things that is not going to be usable on release date?

[W.Harbaugh]

What about an attack on the firmware of the hardware? A virus could easily infect the Motherboard bios and effectively install a quiet logger than could decrypt the information eventually based on the data that goes into it.

[triumph]

I was just reading up on this. I actually use TrueCrypt on my PC right now and have a drive totally encrypted as well as some other data. To have a native ability to do that with the OS might be good. It does depend on the levels of encryption though, as no public encryption is going to be entirely safe from someone with enough time and resources.

I am also concerned about the security of their encryption methods as well. Any encryption security experts out there able to tell me how this Bitlocker functionality will compare to TrueCrypt? I definately like the idea of it.

[W.Harbaugh]

I don't bother encrypting my data. If big brother wanted to get at my data they could easily get it with a little work, I personally think the government has decryption algorithms for all OS's....a backdoor to make forensic work easier...

[triumph]

Quote:

Originally Posted by W.Harbaugh

I don't bother encrypting my data. If big brother wanted to get at my data they could easily get it with a little work, I personally think the government has decryption algorithms for all OS's....a backdoor to make forensic work easier...

Not quite accurate. With the right algorithims you can make it very expensive and difficult to unlock. This requires some discipline on your part though, like not leaving a password in your wallet, or using an easy to crack password. That being said I am not trying to hide my data from the government, but identity theft should be a large concern for everyone these days.

Regardless, with the right double-layered encryption you could require NSA caliber decryption that would be way too expensive for a typical criminal/civil investigation.

[W.Harbaugh]

This is true, but still I can't help but think that there's a super computer out there capable of decoding 256bit decryption in a few seconds...I don't keep mine in my wallet, it's a term from a movie with a number allthough I use variations of it on more secure and important sites...