Pinterest Stumbleupon Whatsapp
Ads by Google

bitlocker drive encryptionEver heard that quote about trying to explain how a television works to an ant? I’m not calling you an ant, even though you are hard-working and enjoy the occasional sip of aphid milk. What I am saying is that I’m going to explain how Windows BitLocker works, without you having to have a degree in computer science and cryptography experience.

BitLocker is a feature of Windows 7 and 8 that is extremely useful, included in the operating system, and not nearly as many people know about it as they should. If you’re curious about what other cool stuff your Windows operating system might have, check out Christian Cawley’s, “The Top 5 Cool Hidden Features In Windows 8 The Top 5 Cool Hidden Features In Windows 8 The Top 5 Cool Hidden Features In Windows 8 It’s very square, Windows 8, don’t you think? Those tiles have such defined lines – edges you could almost cut yourself on – and impressions of the whole user experience seem to change from person... Read More ” and Yaara Lancet’s article, “8 Hidden Tools In Windows 7 You Still Might Not Know About 8 Hidden Tools In Windows 7 You Still Might Not Know About 8 Hidden Tools In Windows 7 You Still Might Not Know About Windows 7 is by no means a new operating system. This why I was doubly surprised to realize that there are still some hidden tools in Windows 7 I did not know about. Even if... Read More “. Here, though, I’ll be focusing on Windows’ military-grade privacy tool called BitLocker.

What Is BitLocker?

Not all Windows’ operating systems have BitLocker bundled with them. At this point, it is just in the Ultimate and Enterprise editions of Vista, and Windows 7, and with Pro and Enterprise editions of Windows 8. You can also find it in Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. What BitLocker is, it’s a drive encryption tool. A drive encryption tool is something that takes all your data on any particular drive and make it completely unreadable to anyone but you. If you don’t have one of these operating systems, I suggest you take a look at TrueCrypt and our TrueCrypt User’s Guide: Secure Your Private Files.

There are two meanings for ‘drive’ in this case. One is any volume or partition on a single hard drive. You need at least two volumes on the drive to use BitLocker – a main volume that you probably will do your day to day work in, and another volume that is at least 100MB in size that will be your system’s volume. Your computer will boot from this volume. This volume can NOT be encrypted. That would make booting your computer very difficult.

The other ‘drive’ is any removable drive like your USB drive. This type of drive does NOT require a boot volume. Which is really cool, because if you encrypt your USB flash drive and you have sensitive information on it, you don’t really have to worry about anyone getting that information if you lose the drive.

How Does It Encrypt My Drive?

BitLocker drive encryption takes all the data on your drive and applies a bunch of fancy math to that data. Remember, all data can be boiled down to just numbers so it can be manipulated with math. Officially, this math comes in the form of algorithms, or sets of instructions, such as AES – 128-bit or 256-bit encryption, and Diffuser.

Ads by Google

Let’s go through a very simplified process of encrypting the word ‘USE’.

Diffuser takes those three letters and scrambles them. It could come out as ESU, SUE, SEU and so on. Then BitLocker creates the key, which is the way to unscramble that word, and holds on to it for you.

Now BitLocker applies AES. AES is the Advanced Encryption Standard adopted by the US Government as a standard in 2001 – hence the military-grade designation in the title. 128-bit or 256-bit encryption defines how many bits a single bit of your original data may be represented by. Now, a bit is just one piece of data, like a letter or a number. Then, the math makes that particular bit into a ‘combination’ or key that is either 128 or 256 bits long. It’s like slapping a combination lock with a 256-numbers-long combination on a locker holding the letter ‘U’. Think about that.

Let’s go back to encrypting the word ‘USE’. You have to open three different lockers with three different combination locks, each with a combination that is 256 numbers long. Now, you can see how this would be a pain to anybody but the most dedicated cracker.

This is where it gets military-grade, I mean tank tough! Remember AES? Well that application puts each combination lock through the math 14 times for 256-bit encryption! Now, you have to know 14 different 256-bit-long combinations to get at your letter ‘U’. Forget it. Go home, cracker. Of course, BitLocker creates a key that will unlock, or decrypt that word for you.

At the end of it, there are two keys now needed to start the process of decrypting your data. If someone doesn’t have access to both of those keys, they are going to have to be very patient, very smart, and very dedicated to get at your information.

These keys aren’t physical keys of course, and they don’t resemble passwords either. By themselves, they would look like gobledy-gook to ordinary folk like you and me. But what Windows does is allow BitLocker to use those two keys to get at your data, as long as you can prove to the computer that you are who you say you are. These keys are held by the Trusted Platform Module.

What is a Trusted Platform Module?

The Trusted Platform Module is another key piece in the BitLocker set of tools to protect you. This is a bit of hardware that can be found on most computers.

what is bitlocker

What it does is check out your computer each time it boots to make sure no one has been trying to mess with the start-up procedures to get around your encryption. What it also does is prevent someone from just slipping the hard drive out of your computer and popping it into their computer to get at the files.

Depending how you set up your BitLocker, your TPM may just let you log on to your computer. Or, you might set it up so that it requires a PIN number to continue to logging in. Or, you can create a USB key that has to be plugged into your computer when you boot, to get you to the login stage. Or you can go hardcore and set it up to require that you have a PIN AND a USB key. The TPM applies only to volumes that are physically on your computer. USB drives don’t need a TPM, but they may need a PIN or USB key for verification.
There are computers without TPM’s, but for most computers manufactured after 2006, the TPM module is already on the motherboard.

Is BitLocker Totally Safe?

Well, no, nothing really is. But it’s as safe as you’re going to get without having the budget of the CIA or MI-5. Speaking of government spying, the UK’s Home Office has asked Microsoft to put a backdoor in BitLocker to allow them to have easy access to your data. Microsoft has flat out refused to do so. Score one for Microsoft.

what is bitlocker

So, How Do I Use BitLocker?

It’s surprisingly easy to use if you are just going to encrypt your main volume on the hard drive in your computer. Check out this short video on how easy it is.

If you want to get into the guts of BitLocker and use it on external drives or set up the different TPM validation methods, it can get a bit more complicated. Microsoft does have a Step-By-Step Guide for BitLocker on Windows 7. I haven’t seen any real documentation on Windows 8 yet. If you have, let us know in the comments, please.

Should I Use BitLocker Drive Encryptiong?

BitLocker is the best protection for your data that you are going to get just by buying a Windows computer. If you are concerned about data theft and the security of your information, why wouldn’t you make this military-grade tool a part of your computer security arsenal? It just makes sense. BitLocker is a serious tool developed for you by a company so many people think of as being evil at different times. I think this application is a redeeming quality for Microsoft and makes me feel less disgruntled about the cost of getting Windows.

What do you think? Do you currently use BitLocker drive encryption? I’d like to hear about your experiences with it. Do you feel safer knowing BitLocker is out there and may be a part of your Windows computer? Let’s hear about it in the comments. No encrypting please.

Image Credit: TPM on Asus Motherboard via WikiCommons, BitLocker Icon via WikiCommons, UK Home Office via WikiCommons, Lockers via Shutterstock

  1. Ping
    June 14, 2016 at 2:58 pm

    Hi guys, anyone know how bit locker 2 factor authentication works? If I plug in a bit locker 2FA dongle into laptop and access to the data in that laptop. When I plug out the dongle, should the laptop log me out of access?

  2. Kalle Klæp
    June 19, 2015 at 8:58 pm

    Well...problem is Microsoft did not refuse SIS, CIA,NSA or what ever they are called to get a backdoor into the Bitlocker encryption software...!
    On the contrary..like Apple, they happily provide intelligence services with information about how to get around their so called "security" measurements...
    The customer is simply tricked into the false belive that he and his data are safe from prying eyes...that's the simple truth..

    • Guy McDowell
      June 22, 2015 at 2:14 pm

      Wouldn't surprise me much, yet if you have proof it'd be great if you posted it here.

  3. GonePhishing
    February 27, 2015 at 8:49 am

    You tell us that "UK’s Home Office has asked Microsoft to put a backdoor in BitLocker to allow them to have easy access to your data. Microsoft has flat out refused to do so. Score one for Microsoft." OK. Microsoft may have not provided a backdoor for UK's Home Office but you can be quite sure there IS a backdoor into BitLocker. Saying who requested it/who it was provided for is semantics.
    Even though development on TrueCrypt has mysteriously stopped, it is still the tool of choice when it comes to drive encryption. Being open source means there are no back-doors...for anyone.

    • Guy
      February 27, 2015 at 12:41 pm

      Hey GonePhising,

      Thank you for that! It's good to know. I'm not terribly surprised about it, and I wouldn't be shocked if either the Home Office or Microsoft wasn't sharing the whole truth. That's standard practice in security and politics isn't it?

      It reminds me of how the U.S. of A. gov't had back doors put into phone switching systems sold to Eastern Block countries. They could have shut down most of Russia's telecoms back in the Cold War.

  4. Bruce W
    May 27, 2013 at 1:14 am

    Here's Microsoft's Windows 8-specific section on Bitlocker:
    http://windows.microsoft.com/en-us/windows-8/bitlocker#1TC=t1

  5. Sazid Anik
    April 15, 2013 at 11:08 pm

    a partition of my external hard disk is protected by bit locker, so that when using it in friend's pc some of my data remain safe and locked...very handy tool and play with harmony with windows pc

  6. Manny R
    April 15, 2013 at 4:52 pm

    Your explanation about encryption in simple language enlightened me. Thanks, dude.

    • Guy McDowell
      April 15, 2013 at 7:07 pm

      Thank you!

      It's not a perfect explanation, but I think it gets the idea across about how much goes on when something is being encrypted.

  7. Manide
    April 12, 2013 at 5:20 pm

    I'll stick to TrueCrypt. I've tried different encryption tools and I decided long time ago That TrueCrypt it's my favourite. Anyway, I'll give a try to Bitlocker someday...

  8. dragonmouth
    April 12, 2013 at 12:54 pm

    If it was developed by Microsoft or one of its slave companies with the blessing or assist of the US Government, then it is not secure. MS may have refused a request from the UK government for a backdoor but did it put one in to be used by the NSA/FBI/CIA? I think I'll stick to independently developed encryption such as TrueCrypt and/or PGP.

    Microsoft and the government developing encryption for general use is like the fox developing the security for a chicken coop.

    • Guy McDowell
      April 13, 2013 at 4:11 pm

      The only secure computer is the one not connected to anything - not even the power.

      • dragonmouth
        April 14, 2013 at 1:59 pm

        "The only secure computer is the one not connected to anything – not even the power."

        A nice truism. Any security product with a built-in backdoor offers no protection whatsoever.

  9. Scott M
    April 12, 2013 at 10:33 am

    It would be a bit of over kill security for my system.I couldn't use it.

  10. android underground
    April 12, 2013 at 9:42 am

    ...and now my computer dies, so I stick its hard drive in a usb enclosure and hook it to another computer to rescue my data.

    Can I get into my bitlocked drive that way or am I locked out of my data if the mobo with the tpm chip fries?

    • dragonmouth
      April 12, 2013 at 12:56 pm

      "Can I get into my bitlocked drive that way or am I locked out of my data if the mobo with the tpm chip fries?"

      I'm sure MS or the government has all your data backed up. If you ask them nicely they may let you have it back.

    • Guy McDowell
      April 13, 2013 at 4:04 pm

      That's supposed to be one of the features of BitLocker/TPM - that you can't just pull the drive out and plug it in somewhere else and have full access.

  11. Pooky Joralyn
    April 12, 2013 at 8:36 am

    Mine doesn't have TPM, so how secure is it compared to TrueCrypt?

    • Guy McDowell
      April 13, 2013 at 4:10 pm

      Any security is better than no security.

      One of the hardest facts people need to learn about security is that whether it be a door lock or software encryption, it tends to only keep the honest people out. Anyone who has the resources and is determined will get what you have, if they want it bad enough.

      I recall selling door locks for the company I work with. People would always ask me what was the best lock. I'd tell them. Then they'd ask if anyone could get past the lock. I'd ask them if they had windows in the house. Of course, they'd say yes. Well, if they want in bad enough they'll go through the glass.

      Even modern houses today are built with only about five layers separating the inside from the outside: Vinyl siding, wall leveler, insulation, vapour barrier and then drywall. With a good sharp knife, a person can cut a hole in the wall and get into your house between the studs.

      • Manuth Chek
        April 14, 2013 at 10:12 am

        And how can I access a partition locked with BitLocker on Ubuntu?

  12. Mai Shun Han
    April 12, 2013 at 8:29 am

    Good Job to Microsoft to refuse the UK government to create a backdoor in Bitlocker... :)

  13. Mai Shun Han
    April 12, 2013 at 8:26 am

    I don't like using Bitlocker

  14. Nevzat A
    April 12, 2013 at 5:47 am

    Bitlocker seems a good security tool, but many would prefer TrueCrypt for its multiplatform support. I think it best suits for enterprises.

Leave a Reply

Your email address will not be published. Required fields are marked *