How effective is the use BitLocker for full disk encryption? Whether you need a complex password?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
22 views

System


Laptop with installed Windows 7 Ultimate and accordingly, the option to enable full disk encryption. Thus, as we know, is created (if, for any reason, was not created during installation) a new section of roughly 200 Mb, where the system stores a set of system files needed to start Windows — this partition is not encrypted.

The encryption key stored in the TPM chip. If the laptop is missing the TPM chip is used the bootstrap method with inserted usb-flash drive that stores the encryption key.

Way to download the encryption key from the flash drive seems to be even safer, because without the flash drive, Windows will refuse to boot at all.

Question: is it Necessary to put a complex password on the log on to Windows?


As I understand it, all data is encrypted using the key file and password to sign in. What happens if you downloaded from one of the many disks to reset the password and reset the password? As I understand it, the data will be irretrievably lost, or at least not available with a new password.

Accordingly, provided that the password is not so easy to be able to manually select at log on screen, like you can not worry about its complexity and length.

However, as I understand it, because Windows does not decrypt encrypted data before entering a password, then obviously the file with the password hash stored on an unencrypted partition. Accordingly, it can be copied and then usually to crack the password selection. In this case, the complexity of the password should be treated as usual — with due attention.

Couldn't find documentation about how BitLocker works technically, so I ask if anyone knows if I'm right in their reasoning and conjectures.

Save is relatively easy, but amenable to brute force the password using BitLocker to fully encrypt all disks, including the system?
by | 22 views

7 Answers

0 like 0 dislike
Any encryption easily decrypted restorannogo methods of cryptanalysis. And if you seriously, why encrypt everything?? more problems IMHO, if the system will fly out the chance to lose everything != 0. The same section contains sifrovany truecrypt file container, you may need to store there, and losing him is difficult, and a hidden container inside the container can be made, i.e. if ectodermally cryptanalysis work, give the master password, and there is for example just porn, and important data and are not visible.
by
0 like 0 dislike
What a strange thing, if you use a password to enter the system... the question Arises: if you have many users? :)
As far as I understood in the wiki, in Your case, the key stored in the TPM, and from where taken. That is, the password and. According to the wiki, if you want the password, it uses a so-called PIN code. That is, as I understand, the password of user in Windows here not and.
I recommend to pay attention to www.truecrypt.org
by
0 like 0 dislike
It is best to encrypt the whole disk, that would be somebody smart Zagros with the stick and drained/filled the old hard.
For this IMHO the best program DiskCryptor(the Author is from Russia), it has a plus compared to TrueCrypt that it can encrypt not marked hard, and he cert like net.
by
0 like 0 dislike
The safest way is TPM and USB keychain :)
As far as I remember — the key is encrypted in an unencrypted rubble area, and the key to it is a PIN, TMP or USB, or a variation of these options.
When resetting a password will not be the case — the data will remain encrypted, and the system will go into recovery mode.
by
0 like 0 dislike
exactly. Even in the case of permutations having a Windows key, you can restore access to the data.
by
0 like 0 dislike
In General, I come to the conclusion that it makes sense to have as Linux users, separate section a La home, make it a symlink in the user profile and this section to encrypt BitLocker'ohms, because again, it's stupid to spend CPU time on encryption/decryption executables and libraries.
by
0 like 0 dislike
To encrypt data on all drives, without exception?
And when buying flash drives and no stores writes in the description that you can encrypt data on a flash drive, and choose another napominalka anything about encryption.
by

Related questions

0 like 0 dislike
5 answers
0 like 0 dislike
6 answers
asked Mar 21, 2019 by ItHamster
0 like 0 dislike
2 answers
0 like 0 dislike
1 answer
110,608 questions
257,186 answers
0 comments
27,873 users