Q&A with the Windows Vista Bitlocker Team

Q&A with the Windows Vista Bitlocker Team

Russell Humphries - BitLocker™ Drive Encryption is an exciting new feature in Windows Vista™ that provides enhanced data protection for your computer.

BitLocker is Microsoft’s response to one of our top customer requests: address the very real threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware and tightly integrate the solution into Windows.

BitLocker prevents a thief who boots another OS or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive. It is a hardware-enhanced full disk encryption feature that addresses the clear need for enhanced data protection.

The feature optionally uses a Trusted Platform Module (TPM) 1.2 to protect user data and to ensure that a PC running Windows Vista has not been tampered with while the system was offline. BitLocker provides both mobile and office enterprise information workers with enhanced data protection should their systems be lost or stolen and secure data deletion when it comes time to decommission those assets.

Windows Connected - What form of encryption is or can be used? Is it configurable?

Russell Humphries -BitLocker leverages AES as its encryption algorithm with configurable key lengths of 128 or 256 bits. These options are configurable using Group Policy.

Windows Connected - Is a brute force attack possible and if so how long would it take to crack?

Russell Humphries -Brute force attacks against the volume encryption keys are currently computationally unfeasible just as with any other AES 128-bit or 256-bit protected data.

BitLocker also has an optional PIN or USB ‘multi-factor authentication’ feature that can be used in conjunction with a TPM for added layers of security.

Windows Connected - What other types of attacks is Bitlocker susceptible too? i.e. what are it's weaknesses

Russell Humphries -That depends on the configuration of BitLocker that the user implements.

Using the PIN or USB multi-factor authentication options along with the TPM provides higher security, though it also requires that users not leave a PIN written down or the USB key left with the computer. Configurations that don’t take advantage of these external key authentication options may be susceptible to hardware based attacks, though that would be dependent on the hardware configuration of the computer.

Also, when using BitLocker with Windows Vista, the security of the OS still relies on users choosing strong passwords for logon, so weak passwords are still a concern.

http://windowsconnected.com/blogs/joshs_blog/archive/2006/03/03/1144.aspx