Since the recent demise of TrueCrypt, an open source utility for encrypting internal and external storage devices as well as files and folders, there have been rumours of the project being picked up by a Switzerland based team. However, there is no guarantee it will return, no time frame has been give, and who knows if the public will ever fully trust it again. It will certainly undergo heavy scrutiny if a new product is ever released. According to the TrueCrypt website, BitLocker has been named as the successor, for Windows based machines.
As a past user of TrueCrypt, I decided to take a look at the capabilities and limitations of the named successor. BitLocker comes included with Enterprise and Ultimate editions of Windows Vista and Windows 7, Professional and Enterprise versions of Windows 8 and Windows 8.1, as well as all versions of Windows Server since Windows Server 2008.
Is BitLocker really a viable alternative to TrueCrypt?
- BitLocker uses AES encryption by default with 128-bit or 256-bit keys and since Windows 7 it can be used to encrypt hard drives, removable media, files and folders.
- If your machine has a TPM (Trusted Module Platform) chip, it can use this to store the encryption key. When starting the computer, the TPM chip will check the early boot files, if they are unmodified, the chip will decrypt its stored key, pass this over to the system loader and allow the machine to decrypt the hard drive and load the Operating System.
- Other authentication methods include a USB key that needs to be plugged into the machine in order for it to boot, or a PIN code that needs to be entered as soon as the machine has been switched on.
- If a user has physical access to your machine and does not tamper with it, TPM will not stop them from gaining access. Ideally TPM should be used in conjunction with at least one other form of authentication to increase the security of your machine.
Simple best practice can help prevent attacks
Despite pressure from agencies such as the UK Home Office and the FBI, Microsoft claim that no backdoor has been created and they have no intention of creating one in the future. This does not mean that BitLocker is safe from all attacks. Like other encryption products, BitLocker is susceptible to attacks such as the ‘cold boot attack’. However, by following simple best practice, as with other encryption products, these attacks can be thwarted.
- Rather than entering ‘sleep mode’ when not using your computer, shut it down. Your computer will not re-encrypt the drive when in sleep mode, essentially by leaving it in this state you will have decrypted it for an attacker and left it easy for them to gain access.
- Use a combination of TPM and at least one other authentication method mentioned previously.
- Do not use an administrative account to perform your daily work, if an attacker gets on to your machine and you have an administrative account, it will be relatively easy for them to access files stored in the machine’s memory (where the decryption password will also reside).
Since BitLocker is a Microsoft product, it helps with compatibility and ensures continual support. For the purposes of preventing an opportunistic attack, BitLocker is a great product and in my opinion is certainly one that should be used whilst we wait for more news regarding TrueCrypt.
Priority One – IT Security
<img alt="linkedin" title="Share on Linkedin" class="synved-share-image synved-social-image synved-social-image-share" width="48" height="48" style="display: inline; width:48px;height:48px; margin: 0; padding: 0; border: none; box-shadow: none;" src="https://priorityoneit.co.uk/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96×96/linkedin project management web app.png” />