Companies Running Vista Will Be Able to Safely Throw HDDs Away

[polonyc2]

The companies who will decide to switch from Windows XP to Vista will have nevertheless some important benefits. One of them is the hard disk encryption technology, known as Bitlocker.

BitLocker Drive Encryption is linked to a chip called TPM (Trusted Platform Module) in the computer's motherboard and it is aimed at preventing tampering with computers but it would also prevent people from downloading unlicensed films or media. This chip contains a key which encrypts and decrypts data using Advanced Encryption Standard (AES), the same standard used by the US government.

In early March, Microsoft declined rumors that Vista would contain backdoors which could be used by authorities to access the data on the hard-disks.

http://news.softpedia.com/news/Compa...ay-22265.shtml

[Protoplasm72]

Does this mean all the data is always going to be encrypted? or is there just an option to encrypt it before you throw it away? Isn't it going to be slow to encrypt all the data on a hard drive?


Either way encryption is a poor substitute for destruction. It's possible to decrypt data but it's not possible to recover data from a melted pile of goo that once was a hard drive

[polonyc2]

Quote:

Originally Posted by Protoplasm72

Either way encryption is a poor substitute for destruction. It's possible to decrypt data but it's not possible to recover data from a melted pile of goo that once was a hard drive

"The technology itself is 100 percent secure, we will not be producing any backdoors. There are no backdoors in Bitlocker technology"

don't know if I believe that...what about in criminal cases where the contents of the hard drive need to be looked at?...if it is 100% secure even against gov't decryption technology then it is a virtual safe haven for all pediophiles and other criminals to use this to their advantage...there has to be a back door written into it

[h20-ski]

Agreed, but depending on the encryption. They may not be able to crack it until you yourself are long gone. Although now that Seagate said it will implement a hardware encryption on its laptop hard drives intiatially and maybe desktop drives too, that kind of makes it pointless.

[pointreyes]

Quote:

Originally Posted by Protoplasm72

Does this mean all the data is always going to be encrypted? or is there just an option to encrypt it before you throw it away? Isn't it going to be slow to encrypt all the data on a hard drive?

Yes, the drive will be fully encrypted and even without Windows on the system, you are still required to provide a password to get through the encryption. So, the idea of simply throwing away the drive is still an issue since cracking the password would be the weakest link for the protection of the data. Not sure how much of an affect the encryption/decryption of the drive will hit the performance. People that are on a Microsoft Windows 2003/XP network already have this form of encryption (AES - TLS 1.0 standard) available for data transferring through the network by using the free built-in functionality of IPSec. Personally, I still hold that destruction of a drive is the better method to follow if concern of data on the drive is an issue.

For those of you insterested in learning more about AES: http://csrc.nist.gov/publications/fi...7/fips-197.pdf
More about TLS: http://www.csrc.nist.gov/publication...2/SP800-52.pdf

[Protoplasm72]

Quote:

Originally Posted by polonyc2

"The technology itself is 100 percent secure, we will not be producing any backdoors. There are no backdoors in Bitlocker technology"

100% secure = data is unrecoverable. If a method exist for retrieving the data then someone will be able to retrieve it. It doesn't mean someone will crack the encryption algorithm(but they might), it just means someone might get access the password or the hardware used to encrypt it or whatever.


This quote fits very nicely on a famous list of quotes
"There is only need for 10 computers in the whole world"
"Everything that can be invented already has been"
"The technology itself is 100 percent secure"
etc...

[k0NG0]

Decrypting the data by entering a correct password isn't a backdoor to the technology. You can do it via social engineering or similar techniques, but the technology bit may still be backdoor free. The system as a whole, if you include the users in that, is never perfectly secure. Humans are bugs, as far as security is concerned. Mitnick mostly used social engineering, he rarely hacked in the modern sense of the word.

And key escrow and backdoors are two of the most hated concepts in the security community, as far as I know. It's all BS, because there is no way to ensure that a future legal bill won't make it possible to use the escrowed key to make sure a user doesn't have an mp3 or something else on the computer. And backdoors are boring anyway.

AES is all based on mathematics (polynomial fields and whatnot) mostly because DES wasn't and people always thought there could be an NSA backdoor just for that reason. Currently no polynomial time attacks are available for AES, but there are various algebraical attacks in polynomial time that people poke around. None that solve the equations AES present, though. Yet.

[Water_abx]

Wait a minute. Is the TPM a form of "Trusted Computing?'

[ABoard]

Quote:

Originally Posted by Protoplasm72

Does this mean all the data is always going to be encrypted? or is there just an option to encrypt it before you throw it away? Isn't it going to be slow to encrypt all the data on a hard drive?

Using BitLocker is completely optional and requires:

- that a TPM-equipped machine have the TPM chip initialized and turned on; or

- in lieu of TPM, a USB Flash drive is required to store the startup key;

- after providing for the above, you have to take specific partitioning steps to allow for the implementation of BitLocker (it requires extra, specific-purpose partitions);

- once set-up, BitLocker can be temporarily disabled (for any length of time) via a Control Panel applet; per the documentation, it takes about 1 minute per gigabyte to decrypt the encrypted data. In order to re-enable, new keys must be generated, but beyond that, it requires very little effort to enable / disable once properly set-up.

[k0NG0]

Bruce Schneier mentioned that BitLocker may interfere with dual-booting in some way. During Infosec. Read about it at The Register, I believe.

Edit: I was wrong. Check ABoard's posts below.

[ABoard]

Quote:

Originally Posted by kONGO

Bruce Schneier mentioned that BitLocker may interfere with dual-booting in some way. During Infosec. Read about it at The Register, I believe.

The title / subtitle of the article is a little hyberbolic, to say the least (what do we expect from The Register?):

BitLocker gives dual-boot systems the elbow
Vista security feature is 'anti-Linux'

It only gives dual-booting the elbow in the sense that an encrypted file system can't be shared with Linux. You still have the option to set your system up however you want.

[bzcool32]

Why are we even discussing the encryption. Already there are plenty of 3rd party programs that provide the same level of security on existing XP systems.

This new "Feature" is merely a way to sell the TPM technology. Once TPM is on your computer then it is up to Microsoft, Intel and others supporting this technology (RIAA) as to what is stored on your hard drives.

Besides, I would never trust any of my sensitive data to a company with a proven track record of fallibility.

[ABoard]

I just noticed that the Register article was first mentioned over in the Vista Poll thread by Moonlitfire. Because of the article, Moonlitfire expressed concern that dual-booting might have to be dropped in favor of virtual machines, even though virtual machines may not be the best solution for some users.

I really urge some re-reading of the Register article and some [plain] reading up on what BitLocker is and isn't before concluding that it will be cause for any dual-booting frustration, at least not for the reasons that the Register article is hyping. BitLocker allows you to specify that the entire operating system volume (see Note 1) be encrypted rather than single files or folders as is currently available with E[ncrypted] F[ile] S[ystem] in Win 2000, XP, etc. That's it. Additionally, as I have noted earlier, BitLocker is completely optional and can be disabled once set-up (and as Pointreyes noted in the Vista Poll thread, the current plan is to have BitLocker only available with top-line Vista editions ... specifically, as I've read, Vista Ultimate and Enterprise editions).

For dual-booting with BitLocker, a person can choose to create one or more data volumes (in addition to the operating system volume encrypted with BitLocker) so that the data on those volumes can be shared between Windows and Linux. This is not unlike dual-booters who are currently creating and formatting shared volumes with FAT32 (FAT32 can't be encrypted with BitLocker anyway) to provide maximum compatibility between Windows and Linux.

Some may correctly argue that the ability to use Linux "live" distributions for Windows troubleshooting or repair will be "impossible" with BtLocker enabled, but I think if you decide to use BitLocker, that's a trade-off that you must weigh before deciding to use BitLocker. As a matter of fact, one of the main reasons for using BitLocker would be to prevent hackers from gaining access to the Windows OS using the "live" distributions.

Anyway, following are two examples of possible partitioning schemes under Vista, assuming the user enables BitLocker:

Example 1

Volume 1 - System Volume: Vista bootloader & secure-start files (NTFS / unencrypted)
Volume 2 - OS Volume: Vista OS, All 3rd-Party Apps, Games, All User Data - Unshared (NTFS / BitLocker encrypted)

Example 2

Volume 1 - System Volume: Vista bootloader & secure-start files (NTFS / unencrypted)
Volume 2 - OS Volume: Vista OS, Sensitive 3rd-Party Apps, Sensitive User Data - Unshared (NTFS / BitLocker encrypted)
Volume 3 - Data Volume: Other 3rd-Party Apps (NTFS)
Volume 4 - Data Volume: Mixed - Normal Data / Sensitive Data (NTFS / both unencrypted and EFS encrypted)
Volume 5 - TC Volume: Sensitive User Data - Shared (TrueCrypt Volume / encrypted)
Volume 6 - Data Volume: User Data - Shared (FAT32 / unencrypted)
Volume 7 - Data Volume: Games (NTFS / unencrypted)
Volume 8 - Data Volume: Music - Shared (FAT32 / unencrypted)


Example 1 represents a very simplistic, "anti-Linux" partitioning scheme. If the user intended to dual-boot with this set-up, he obviously is lacking any brain power and has only himself to blame for not being able to access any "Windows" data when booted into Linux. However, for anyone not intending to dual-boot, or not needing to share data between Windows and Linux in a dual-boot environment, Example 1 is ideal for what amounts to "full-disk" encryption.

Example 2 is not a likely configuration, but it does show many of the alternatives one has for creating both encrypted volumes and Windows / Linux shareable volumes. As shown, only Volume 2 is completely unavailable while booted into Linux (if BitLocker is disabled at a later time, Volume 2 would then be available in Linux, as well). As for the other volumes:

NTFS Volumes 3, 4, 7 - can be read in Linux, except for the EFS folders / files on Volume 4 (write capability is available with specialized drivers)
FAT32 Volumes 6, 8 - can be read / written natively in Linux
TC Volume 5 - can be read / written in Linux (beginning with TrueCrypt v 4.2+)

Okay ... that's my take on Vista BitLocker technology relative to dual-booting. As I see it, very little has changed except for extra functionality at the user's disposal and discretion. If the presence of the extra system volume containing the Vista bootloader causes dual-boot headaches (which is completely separate from the non-issue being spread around via the Register article), it should be easily circumvented using 3rd-party boot managers. I have not read anywhere, however, that the separate bootloader partition is problematic; I simply inserted it into the discussion to cover all bases.

Finally, none of the foregoing should lead anyone to believe I'm an advocate of closed source encryption, nor does it begin to touch on my opinion of the other potential drawbacks of TPM. The TPM option aside, BitLocker with the non-TPM, USB flash drive option might be a good idea for its main purpose of locking down the operating system because, as it stands now, open-source solutions like TrueCrypt don't have the ability to encrypt the OS volume (though other closed-source, full-disk encryption solutions do exist). So, it seems to me that BitLocker and 3rd-party volume encrypting solutions will co-exist together on the same systems for maximum security and flexibility, and whatever one chooses, dual-booting need not be / will not be negatively impacted by those particular choices.

------------
Note 1 - Currently, only the operating system volume on non-server editions of Vista can be encrypted with BitLocker, but within that volume, a user can place user data in addition to the OS. Only the server version of Vista has the ability to encrypt data volumes (i.e., volumes not containing the operating system).

[k0NG0]

Quote:

Originally Posted by ABoard

The title / subtitle of the article is a little hyberbolic, to say the least (what do we expect from The Register?):

BitLocker gives dual-boot systems the elbow
Vista security feature is 'anti-Linux'

It only gives dual-booting the elbow in the sense that an encrypted file system can't be shared with Linux. You still have the option to set your system up however you want.

Ah, OK. I didn't read it well enough. My bad, thanks for setting me straight.

[ABoard]

Quote:

Originally Posted by kONGO

Ah, OK. I didn't read it well enough. My bad, thanks for setting me straight.

That sounds a little sarcastic (thus I'm concerned I may have unintentionally offended you), though the edit of your previous post makes me think it might also be sincere.

I'll accept your comment either way you meant me to take it as the post you quote is admittedly a little less than adequate in conveying my intentional meaning ... thus my more detailed follow up in post #13.

Apologies if you thought I was being condescending or insulting in any way.