We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
BitLocker
techquest
Posts: 294 Forumite
in Techie Stuff
Anybody have any views on this.
"Even if you enable BitLocker encryption on a system, Windows 10 may not actually be encrypting your data. Instead, Windows 10 may be relying on your SSD to do it, and your SSD’s encryption may be easily broken."
Though I have TPM on my laptop and could encrypt the c: drive with BitLocker. Would it be better to turn off hardware encryption in gpedit and use BitLocker software encryption method instead?
"Even if you enable BitLocker encryption on a system, Windows 10 may not actually be encrypting your data. Instead, Windows 10 may be relying on your SSD to do it, and your SSD’s encryption may be easily broken."
Though I have TPM on my laptop and could encrypt the c: drive with BitLocker. Would it be better to turn off hardware encryption in gpedit and use BitLocker software encryption method instead?
0
Comments
-
I could use bit locker, but I have more faith in this. https://www.veracrypt.fr/en/Home.html0
-
-
Its easy enough to force bitlocker to use software based AES-256.
Even if you did have a drive vulnerable to this attack vector its still much better to use it than nothing. Unless you have something really important to protect.0 -
For business users, the only approved product appears to be Becrypt Disk Protect:
https://www.ncsc.gov.uk/index/certified-product?f%5B0%5D=field_product_type%3A141&f%5B1%5D=field_organisation%3A329&f%5B2%5D=field_assurance_status%3AAssured
https://www.becrypt.com/uk/products-and-services/data-protection-suite/disk-protect/0 -
Anybody have any views on this.
"Even if you enable BitLocker encryption on a system, Windows 10 may not actually be encrypting your data. Instead, Windows 10 may be relying on your SSD to do it, and your SSD’s encryption may be easily broken."
Though I have TPM on my laptop and could encrypt the c: drive with BitLocker. Would it be better to turn off hardware encryption in gpedit and use BitLocker software encryption method instead?
Do you store anything on your SSD that would make it worthwhile for a thief to go to the trouble of reprogramming the SSD to circumvent the password?
If not then don't worry about it. The vast majority of thefts are opportune or part of a house break. The intention being to get hardware that can generate money on sale. A common or garden thief will probably have one attempt at getting in then forget about it when they see the Bitlocker prompt.
For the vast majority of purposes Bitlocker, even with the flaw highlighted in the above article, is sufficiently secure for consumers and the majority of businesses.
Don't be so paranoid, you are a minion, nobody gives a toss about the content of your hard drive if they can't get in first time.0 -
Microsoft changed the default behaviour of Bitlocker last month to no longer use the SSD hardware...
https://bit-tech.net/news/tech/software/microsoft-flips-bitlocker-encryption-default/1/0 -
Frozen_up_north wrote: »For business users, the only approved product appears to be Becrypt Disk Protect:
https://www.ncsc.gov.uk/index/certified-product?f%5B0%5D=field_product_type%3A141&f%5B1%5D=field_organisation%3A329&f%5B2%5D=field_assurance_status%3AAssured
Which actually means that only this product has a secret government backdoor access built in so the police/security services can access the data without knowing the users password.
In others words avoid at all costs.
A decade or more ago when I wrote programs inside corporate companies for internal use I always put in a backdoor in them for my own access. Not that you would have found that by looking at the source code as the listed source code would not have been the one I used to create the final executable.0 -
Which actually means that only this product has a secret government backdoor access built in so the police/security services can access the data without knowing the users password.
In others words avoid at all costs.
A decade or more ago when I wrote programs inside corporate companies for internal use I always put in a backdoor in them for my own access. Not that you would have found that by looking at the source code as the listed source code would not have been the one I used to create the final executable.
Or suffer the expensive fine from the ICO for using a non approved solution to “secure” your company confidential information on a lost/stolen laptop or USB memory stick.There are Government approved products for a reason, it’s about real experts reviewing the product to ensure it does secure the data.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards