Microsoft’s man in Europe thinks Bitlocker is something it isn’t – Tales from the Crypto

Microsoft’s man in Europe thinks Bitlocker is something it isn’t

I’ve discussed this before – Bitlocker in Vista, by default, only offers to encrypt your laptop using a key it gets from the onboard TPM chip. This means that you can boot the laptop to a logon screen, and try to attack the system not only through the logon password, but also through all of the data ports, with no resistance from the encryption scheme.


According to Jean-Philippe Courtois, president of Microsoft International, however, “Even if your laptop is stolen, nobody will be able to use it because it will be fully encrypted”.


That statement has a couple of problems:


1. It’s not strictly true. As far as I can tell, I’ll be able to use your laptop by reformatting it. That’s not really a big deal, though – BitLocker is about protecting your data.


2. It’s not even true if you assume he’s talking about the data on the laptop, in BitLocker’s default mode of operation. Encryption of data is only sensible if the keying material is not stored with the data.


In the interests of balance, I’m going to back off the alarmist nature a little here.


Most laptop thefts will be by technically inept opportunists, interested only in the value of the hardware itself. The laptop will then proceed through a chain of nefarious idividuals who will simply format it and install some half-baked pirated copy of Windows on it before selling it on. Your data will probably not be used.


Probably.


On the other hand, of course, that data is probably more valuable to a smart and motivated thief. The same guys that have dabbled in identity theft and credit card fraud are going to be quite at home with pulling your information out of a laptop, using a tool they download from a web site somewhere.


Do you want to take that risk? Not if you were thinking of installing BitLocker.

Leave a Reply

Your email address will not be published. Required fields are marked *