Does Bitlocker really encrypt?

[Onceler]

I mean you can change the PW after the volume is encrypted so it can't be using the password to encrypt.

 

[Savatar]

Yes, Bitlocker isn't based on user passwords though. It protects from users viewing the hard drive contents from Live CD/DVDs or by taking it out and trying to read the content in another computer. It encrypts the Windows volume - so naturally, it doesn't protect the data after you are booted into the operating system, though. This all happens on the fly with device-specific encryption keys that are generated.

Here is an overview about how Bitlocker works: http://windows.microsoft.com/en-us/windows-vista/bitlocker-drive-encryption-overview

 

[RampantAndroid]

Savatar is right on; once the OS begins to boot the volumes are open to Windows itself. You cannot however remove the drive from the machine and read it. You need to either enable the TPM on your machine and put the key in there, or manually type in a key on boot every boot.

 

[Onceler]

I should have clarified, I meant non OS disks

 

[RampantAndroid]

I should have clarified, I meant non OS disks

It'll be the same deal; be it the OS drive, non OS drive or even a USB stick, bitlocker will encrypt and requires a passcode that either is in the TPM or you type in.

Go ahead and load a live CD and try to view the volume - it won't be accessible.

Beyond that, I don't know what you're asking.

 

[RampantAndroid]

http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption

BitLocker does not contain an intentionally built-in backdoor; without a backdoor there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office,[22] which tried entering into talks with Microsoft to get one introduced, although Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they will not grant the wish to have one added.

 

[smakme7757]

I understand the question. Seeing as we can change the password instantly we cannot possibly be encrypting the contents of the drive with the password we type in. If we did it would have to re-encrypt the whole drive.

I haven't been able to find a source, but I presume that the user password is used to encrypt the primary encryption key used for the drive. So your user password unlocks the device password which then decrypts the data.

So when you change your user password you just re-encrypt the device password. Seeing as that doesn't change you don't need to encrypt the contents again.

 

[takeru]

http://redmondmag.com/articles/2013/09/13/encryption-backdoor-by-fbi.aspx

While Biddle denies building in a backdoor, his team worked with the FBI to teach them how they could possibly retrieve data, including targeting the backup encryption keys of users.

"As soon as we said that, the mood in the room changed dramatically," said the anonymous Microsoft engineer to Mashable. "They got really excited."

 

[ViRGE]

I understand the question. Seeing as we can change the password instantly we cannot possibly be encrypting the contents of the drive with the password we type in. If we did it would have to re-encrypt the whole drive.

I haven't been able to find a source, but I presume that the user password is used to encrypt the primary encryption key used for the drive. So your user password unlocks the device password which then decrypts the data.

So when you change your user password you just re-encrypt the device password. Seeing as that doesn't change you don't need to encrypt the contents again.

Bingo. The PIN/password controls access to the actual encryption key, which is typically stored in the TPM (or a USB flash drive). There's an MS blog that goes over all of this, but I can't for the life of me find it at the moment.