How safe is Windows BitLocker?

[vanished]

I'm just curious, how safe is the encryption used by BitLocker?  Is it FBI-proof level stuff or is it more like a minor inconvenience?

Anyone had any good or bad experiences using it?  (I'd be looking at maybe using it on external backup drives)

[pspfreak]

I personally wouldn't just it, its closed-source. I've never used it, but usually its not good to be closed-source in this situation, because Microsoft could of possibly put a backdoor into it for the FBI or the likes.

[StevenSensei]

Microsoft stores a copy of the encryption key on their servers. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

 

It also means that any police agency could simply request your key via warrant and decrypt all of your data without any problems at all. 

[Jarsky]

35 minutes ago, Papakuma said:

Microsoft stores a copy of the encryption key on their servers. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

 

It also means that any police agency could simply request your key via warrant and decrypt all of your data without any problems at all. 

 

Just to clarify, this only applies to machines that are connected with a Microsoft Account, and it is stored against your account.

They do not hold keys for computers that aren't joined to an MS account, or to Domain computers.

 

Also just to add, what is the likeliness of someone having both your computer and have hacked a secure database system at Microsoft? Fairly slim...

 

If youre using it in an enterprise environment, you would keep the Bitlocker/TPM recovery information in your Active Directory. Ideally, you should of ensure that the key is backed up in your domain after an image, to ensure that the keys are available before loading any information onto it.

 

If you have a standalone/workgroup computer without a Microsoft Account, then you'll want to back it up somewhere.

 

Bitlocker uses AES encryption, so its very secure

[vanished]

So what I'm getting is it's not exactly top of the line unbreakable, but it is certainly more than enough for piece of mind around the house

OK thanks everyone

[theanimun]

I might add, given enough time anything can be hacked