Laptop with installed Windows 7 Ultimate and accordingly, the option to enable full disk encryption. Thus, as we know, is created (if, for any reason, was not created during installation) a new section of roughly 200 Mb, where the system stores a set of system files needed to start Windows — this partition is not encrypted.
The encryption key stored in the TPM chip. If the laptop is missing the TPM chip is used the bootstrap method with inserted usb-flash drive that stores the encryption key.
Way to download the encryption key from the flash drive seems to be even safer, because without the flash drive, Windows will refuse to boot at all.
Question: is it Necessary to put a complex password on the log on to Windows?
As I understand it, all data is encrypted using the key file and password to sign in. What happens if you downloaded from one of the many disks to reset the password and reset the password? As I understand it, the data will be irretrievably lost, or at least not available with a new password.
Accordingly, provided that the password is not so easy to be able to manually select at log on screen, like you can not worry about its complexity and length.
However, as I understand it, because Windows does not decrypt encrypted data before entering a password, then obviously the file with the password hash stored on an unencrypted partition. Accordingly, it can be copied and then usually to crack the password selection. In this case, the complexity of the password should be treated as usual — with due attention.
Couldn't find documentation about how BitLocker works technically, so I ask if anyone knows if I'm right in their reasoning and conjectures.
Save is relatively easy, but amenable to brute force the password using BitLocker to fully encrypt all disks, including the system?