BitLocker is Microsoft’s encryption tool that is built into certain versions of Windows operating systems (versions of Windows 8 and 8.1 Professional and Enterprise, Windows 7 Ultimate and Enterprise, Windows Vista Ultimate and Enterprise, and Windows Server 2008 and later). BitLocker is generally used for full-disk encryption, but can also be used to encrypt volumes, virtual drives, or containers, if the intent is to encrypt only specific data or files. The tool originated as a part of Microsoft’s Next-Generation Secure Computing Base architecture in 2004 as a way for organizations to protect devices and data, especially in the event of a lost or stolen laptop. BitLocker uses a Trusted Platform Module (TPM), a secure hardware chip, to store the encryption key and protect systems from untrusted software. BitLocker uses an AES encryption algorithm with either 128-bit or 256-bit keys.
During boot, the TPM releases the key that unlocks the encrypted partition only after comparing a hash of the operating system’s configuration values with the original activation. If the TMP detects the system has been tampered with, the user is prevented from accessing the system. The boot process itself is also cryptographically certified so an attacker can’t bypass Windows authentication and gain access to the data. Security can be enhanced through a combination of a TPM plus PIN or a startup key stored on a USB flash drive. If a TPM isn’t available, BitLocker may still be used but requires a USB for authentication.
Reports about bypassing and vulnerabilities evident in BitLocker have surfaced over the years, bringing into question the trustworthiness of the tool.
Get the DeMISTIfying InfoSec newsletter every Tuesday!