Microsoft Gives Details About Its Controversial Disk Encryption

Discussion in 'privacy technology' started by Dermot7, Jun 4, 2015.

  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    By Micah Lee

    https://firstlook.org/theintercept/2015/06/04/microsoft-disk-encryption/
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Quite a well informed article about Bitlocker and alternatives, which of course echoes what has already been discussed here:

    https://www.wilderssecurity.com/threads/hard-disk-encryption-options.372834/page-3#post-2470206

    and other previous threads.

    There are two things that strike me about the whole FDE/Windows/Linux heated debate:

    First, what's the point of limiting attention on the FDE itself, when we know endpoint security is terrifically weak anyway? I mean, it's a good idea to do it, but it depends on your adversary.

    Second, none of the common FDE solutions strikes me as actually meeting the modern set of threats for a very important reason: once you've unlocked the drive/container, all of the files are open to all process; and this makes it way too vulnerable to RATs and such. Seems to me that what is needed is a distinct storage subsystem (with different processor and RNG) - maybe a smart usb drive with display - and also some TFA with user consent to open files which have been individually encrypted with different salts.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That is the bottom line concern, I think.

    He does have a point that LUKS in Linux is vulnerable to "evil maid" /boot exploit. But paranoids can put /boot on an SD card, and even wipe the LUKS header. I've also seen guides for including /boot in the LUKS volume. While there must obviously be something unencrypted on disk, maybe it's less exploitable. Anyone know?
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Direct paste from article:

    Seriously? Then you could only comply with legitimate legal requests IF there is a backdoor available. They would have said no if there was no backdoor at all. My .02
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    As mirimir said, this is a serious matter. However, it is also possible for them to avoid that question in order to avoid the wrath of the 3 letter agencies (if the answer would be "NO"). So it is very hard to reveal the truth behind Microsoft's words.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Of course that makes some sense too!

    However; it would seem their business model (as a for profit business) would be to maximize the use of their products and bolster its reputation. Leaving severe doubts as to the encryption's ability to withstand a Gov adversary would be counterproductive. I mean this in all sincerity; if I knew I could trust this product in the respect we are examining it, I would start encrypting my system disk with BitLocker immediately. It would be seamless and integrated, but I don't trust it for numerous reasons, and that "crappy" answer to the backdoor question reinforces my doubts.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    A lot of smoke & mirrors in some of the responses in the article, which makes me Very suspicious.

    "Requires an administrator action to turn it on" Hello, isn't that what malware can do, eg .GOV malware !
     
  8. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Unfortunately this tells us all that we need to know. Microsoft probably is subject to some type of secret gag order under some provision of a law that we are not aware of. The problem being in a non-US country is that basic legal protections that may apply to US citizens are non-existent. They probably dont even need a warrant to get my bitlocker drive opened.

    This is the dilema of being a US tech company, you can say all you want but it is very hard to believe that you are not giving the NSA whatever it wants.
     
  9. silat

    silat Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    190
    Exactly.
    We must thank Snowden for what he gave us.
     
  10. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  11. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Is there some OEM OS that isn't vulnerable to boot exploits?

    I don't think I've ever heard of a software solution to an adversary having direct physical access to the machine itself.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Right. In that case, you need hardware hardening.
     
Loading...