Security Basics mailing list archives
RE: MS Vista BitLocker - volume or drive?
From: "Honer, Lance" <lhoner () smartgrp com>
Date: Fri, 23 Mar 2007 21:51:09 -0400
Refer to the NOTE section under 'BitLocker Drive Encryption' http://www.microsoft.com/technet/windowsvista/security/protect_sensitive _data.mspx Note: BitLocker provides protection for the Windows partition and is not a replacement for EFS. BitLocker does not encrypt data stored outside the Windows partition, but it does provide an added security layer for EFS by encrypting the EFS keys within the Windows partition. It seems to me that any way you look at it BitLocker can only encrypt the volume that Windows is installed on. You must have at least 2 volumes to use BitLocker, one for the startup files & BitLocker engine which won't be encrypted and one for Windows which will be encrypted. If you have a 3rd volume, even if it's part of the same logical partition as the Windows volume, you would need to use EFS on it if you wanted it encrypted. Lance -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ali, Saqib Sent: Friday, March 23, 2007 6:23 PM To: spencerforhire Cc: security-basics () securityfocus com Subject: Re: MS Vista BitLocker - volume or drive? it depends on how you set it up..... If you don't have TPM on your computer, and DON'T want to use a USB Drive for a Startup key, then you are limited to volume encryption. i.e. you partition your drive in 2, and encrypt one of the volume. The unencrypted volume contains the start-up files. Three alternatives for using BitLocker are: 1) Partition the HDD in 2, and encrypt one volume. This is useful if you don't have TPM. 2) Use TPM to wrap + bind + store the encryption key 3) Use USB Drive to store the encryption key and startup files. saqib http://www.full-disk-encryption.net -------------------------------------------------------- SMART Business Advisory and Consulting, LLC and SMART and Associates, LLP have an alternative practice structure. The two companies are separate and independent legal entities that work together to meet clients' business needs. SMART Business Advisory and Consulting, LLC is not a licensed CPA firm. This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient (or authorized to act on behalf of the intended recipient) of this message, you may not disclose, forward, distribute, copy, or use this message or its contents. If you have received this communication in error, please notify us immediately by return e-mail and delete the original message from your e-mail system.
Current thread:
- MS Vista BitLocker - volume or drive? spencerforhire (Mar 23)
- Re: MS Vista BitLocker - volume or drive? Ali, Saqib (Mar 23)
- RE: MS Vista BitLocker - volume or drive? Honer, Lance (Mar 26)
- Message not available
- Re: MS Vista BitLocker - volume or drive? Ali, Saqib (Mar 27)
- RE: MS Vista BitLocker - volume or drive? Honer, Lance (Mar 26)
- Re: MS Vista BitLocker - volume or drive? Ali, Saqib (Mar 23)
- RE: MS Vista BitLocker - volume or drive? Michael Herold (Mar 26)