How does bitlocker windows 10 work? Do you need a TPM key for BitLocker? Method of encrypting disks and removable media


Good day, friends.

Have you set a password for certain information on your computer and now want to remove it? Don't know how to do this? This article presents simple instructions, how to disable Bitlocker - the very program that protects your data from hacking.

Bitlocker is a built-in utility in Windows systems, created to ensure the security of important information from unauthorized access. Having installed it, the computer owner puts a password on all or individual files. The application allows you to save it on external media or print it in order to leave the PIN only in memory, because it can fail.

Encryption of information consists in the fact that the program converts it into special format, which can only be read after entering the password.

If you try to open a file without it, you will be presented with unrelated numbers and letters.

Initially, you can configure the utility so that the lock is removed when a flash drive with a key is inserted. It is better to have several media with a password.

Important! If you forget and lose all the keys, you will lose access to all data on the disk (or flash drive) forever.

For the first time the application started working in an extended version Windows Vista. Now it is available for other generations of this system.

Ways to disable Bitlocker

To unblock a block, you don’t need to be a hacker or a professional IT specialist. Everything is done simply; of course, if you set the password yourself and are not going to hack other people's data. This is true? Then let's start the analysis.

There are several ways to unlock files. The simplest one looks like this:

  • Click right click mouse on the desired drive and in the window that appears, click “Manage BitLocker”;

  • A new menu will open where you should select “ Turn off"(disable).

When you reinstall Windows 10 or another version of the OS, you will need to pause encryption. To do this, follow the instructions below:

  • Open Start - Control Panel - System and Security - BitLocker Drive Encryption;
  • Select “Pause protection”, or “Manage BitLocker” - then “Disable BitLocker” (In Win7).
  • Click "Yes" to confirm that you are deliberately disabling it.

Through the same menu, you can completely turn off the blocking by pressing the corresponding button.

Keep in mind that Windows Vista and other versions of the system may have different names for the sections described above. But anyway you will find required settings via the control panel. For example, in Windows 8 you can open it like this:

To be honest, I don’t know how to disable this encryptor if the password is lost... I can only recommend formatting the device - as a result of which the disk will be available for work. But in this situation, naturally all the data on it will be lost.

Well, that's all, I hope it was useful.

See you soon friends!

To encrypt your personal data, you can use many methods, and more specifically, software third party companies. But why, if there is BitLocker from Microsoft. Unfortunately, some people have problems recovering files after BitLocker encryption. With BitLocker encryption, you need to create special key restoration, it must be preserved, and it does not matter where, the main thing is reliably. You can print it or save it using an account, but not a local one, but from Microsoft. If the disk does not unlock itself, then you need to use the same key, otherwise there is no other way.

But there are also cases when the key is lost. What to do then? Sometimes you can forget your login password, which makes the decryption process extremely difficult. Let's try to study all these problems and understand what to do. This article should help you solve problems with BitLocker .

Some articles about data encryption:

What to do with the recovery key, what if it is lost?

So, the human factor is such a thing that when it comes to memory, which at a certain moment is very necessary, it fails us. If you forgot where you put the recovery key, then remember how you saved it in BitLocker. Since the utility offers three ways to save the key - printing, saving to a file and saving to an account. In any case, you had to choose one of these methods.

So, if you saved the key in your account, then you need to go to OneDrive from the browser and enter the section "BitLocker Recovery Keys". Log in to the system with your credentials. The key will definitely be there, provided that you uploaded it there. If it's not there, maybe you saved it in another account?


It happens that a user creates more than one key, then you can determine a specific one using the identifier in the BitLocker utility and compare it with the one from the key; if they match, then this is the correct key.

If your computer doesn't want to boot into the system due to BitLocker?

Let's say you encrypted system disk and a problem occurs in which the system does not want to unlock, then there is probably some problem with the TRM module. It should unlock the system automatically. If this is indeed the case, then a picture will appear before your eyes that says: and you will be asked to enter the recovery key. And if you don’t have it because you lost it, then you’ll hardly be able to log into the system. Most likely, only reinstalling the system will help. So far I don’t know how to unlock BitLocker without a key, but I will try to study this issue.


How to unlock BitLocker encrypted drives in Windows?

If you have a couple of partitions or external hard drives encrypted with using BitLocker, but it needs to be unblocked, I will try to help.

Connect the device to the PC (if it is external). Launch “Control Panel”, you can do it from the search, and go to the “System and Security” section. Find the section there "BitLocker Drive Encryption". By the way, this operation can only be performed on PRO versions, keep this in mind.

Find the disk you encrypted in the list that you need to decrypt. Click next to option "Unlock disk".


Now enter the unlocking data you need (PIN or password). Don't have this data? Don't you remember them? Then click "Extra options" and select the item.

As a conclusion, I want to say one thing. If you lose your password or PIN code, it is possible to restore access to the drive using a recovery key, this is 100%. You must store it in a safe place and always remember where it is. If you have lost this key, you can say goodbye to your data. So far I have not found a method where you can decrypt BitLocker without a key.

BitLocker encryption technology first appeared ten years ago and has changed with every version of Windows. However, not all changes in it were designed to increase cryptographic strength. In this article we will take a detailed look at the device of different versions of BitLocker (including those pre-installed in the latest Windows builds 10) and show how to bypass this built-in protection mechanism.

Offline attacks

BitLocker technology was Microsoft's response to the increasing number of offline attacks that were especially easy to carry out against Windows computers. Anyone can feel like a hacker. It will simply turn off the nearest computer, and then boot it up again - with its OS and a portable set of utilities for finding passwords, confidential data and dissecting the system.

At the end of the working day, you can even organize a small crusade with a Phillips screwdriver - open the computers of departed employees and pull out the drives from them. That same evening, in a quiet home environment, the contents of the extracted disks can be analyzed (and even modified) in a thousand and one ways. The next day, just come early and return everything to its place.

However, it is not necessary to open other people’s computers right at the workplace. A lot of confidential data leaks after recycling old computers and replacing drives. On practice secure erase And low level formatting There are only a few decommissioned disks made. What can stop young hackers and collectors of digital carrion?

As Bulat Okudzhava sang: “The whole world is made of restrictions, so as not to go crazy with happiness.” The main restrictions in Windows are set at the level of access rights to NTFS objects, which do not protect against offline attacks. Windows simply checks read and write permissions before processing any commands that access files or directories. This method is quite effective as long as all users work in a system configured by the administrator with limited accounts. However, as soon as you boot into another operating system, not a trace will remain of such protection. The user will reassign access rights or simply ignore them by installing another driver file system.

There are many complementary methods to counter offline attacks, including physical security and video surveillance, but the most effective ones require the use of strong cryptography. Bootloader digital signatures prevent startup foreign code, A the only way The only way to truly protect the data on your hard drive is to encrypt it. Why has full disk encryption been missing from Windows for so long?

From Vista to Windows 10

There are a lot of different people working at Microsoft, and not all of them code with their back left foot. Alas, the final decisions in software companies have long been made not by programmers, but by marketers and managers. The only thing they really consider when developing a new product is sales volume. The easier it is for a housewife to understand the software, the more copies of this software she will be able to sell.

“Just think, half a percent of clients are concerned about their safety! The operating system is already a complex product, and here you are scaring us with encryption target audience. We can do without him! We managed before!” - Microsoft’s top management could have reasoned approximately this way until the moment when XP became popular in the corporate segment. Among administrators, too many specialists have already thought about security to discount their opinion. Therefore in next version Windows has introduced the long-awaited volume encryption, but only in the Enterprise and Ultimate editions, which are aimed at the corporate market.

The new technology is called BitLocker. This was probably the only good thing about Vista. BitLocker encrypted the entire volume, making custom and system files unreadable bypassing the installed OS. Important documents, cat photos, registry, SAM and SECURITY - everything turned out to be unreadable when performing an offline attack of any kind. In Microsoft terminology, a “volume” is not necessarily a disk as a physical device. A volume can be a virtual disk, a logical partition, or vice versa - a combination of several disks (a spanned or striped volume). Even a simple flash drive can be considered a mounted volume, for end-to-end encryption of which, starting with Windows 7, there is a separate implementation - BitLocker To Go (more details in the sidebar at the end of the article).

With the advent of BitLocker, it became more difficult to load a third-party OS, since all boot loaders received digital signatures. However, a workaround is still possible thanks to Compatibility Mode. Worth changing in BIOS mode boot from UEFI to Legacy and disable Secure function Boot, and the good old bootable flash drive will come in handy again.

How to use BitLocker

Let's look at the practical part Windows example 10. In build 1607, BitLocker can be enabled through the control panel (section “System and Security”, subsection “BitLocker Drive Encryption”).


However, if the motherboard does not have a TPM crypto processor version 1.2 or later, then BitLocker simply cannot be used. To activate it, you will need to go to the local editor group policy(gpedit.msc) and expand the branch “Computer configuration -> Administrative templates -> Windows components-> BitLocker Drive Encryption -> Operating System Drives" to the setting "This policy setting allows you to configure the requirement for additional authentication at startup." In it you need to find the setting “Allow BitLocker without a compatible TPM...” and enable it.


In the adjacent sections of local policies you can set additional settings BitLocker, including key length and AES encryption mode.


After applying the new policies, return to the control panel and follow the instructions of the encryption setup wizard. For additional protection, you can choose to enter a password or connect a specific USB flash drive.



Although BitLocker is considered a full-disk encryption technology, it allows partial encryption of only occupied sectors. This is faster than encrypting everything, but this method is considered less reliable. If only because in this case, deleted but not yet overwritten files remain available for direct reading for some time.


Full and partial encryption

After setting all the parameters, all that remains is to reboot. Windows will ask you to enter your password (or insert a USB flash drive) and then start in normal mode and will start background process volume encryption.


Depending on the selected settings, disk size, processor frequency and its support for individual AES commands, encryption can take from a couple of minutes to several hours.


After this process is completed, new items will appear in the Explorer context menu: changing your password and quickly going to BitLocker settings.


Please note that all actions except changing the password require administrator rights. The logic here is simple: since you have successfully logged into the system, it means you know the password and have the right to change it. How reasonable is this? We'll find out soon!


How BitLocker works

The reliability of BitLocker should not be judged by the reputation of AES. A popular encryption standard may not frankly have weak points, but its implementations in specific cryptographic products are often replete with them. Microsoft does not disclose the full code of BitLocker technology. It is only known that in different versions Windows it was based on different schemes, and the changes were not commented on in any way. Moreover, in build 10586 of Windows 10 it simply disappeared, and two builds later it reappeared. However, first things first.

First BitLocker version used Ciphertext Block Chaining (CBC) mode. Even then, its shortcomings were obvious: the ease of attacking a known text, weak resistance to attacks such as substitution, and so on. Therefore, Microsoft immediately decided to strengthen protection. Already in Vista, the Elephant Diffuser algorithm was added to the AES-CBC scheme, making it difficult to directly compare ciphertext blocks. With it, the same contents of two sectors gave completely different results after encryption with one key, which complicated the calculation of the overall pattern. However, the key itself was short by default - 128 bits. Through administrative policies it can be extended to 256 bits, but is it worth doing?

For users, after changing the key, nothing will change externally - neither the length of the entered passwords, nor the subjective speed of operations. Like most full-disk encryption systems, BitLocker uses multiple keys... and none of them are visible to users. Here circuit diagram BitLocker.

  1. When activating BitLocker using a generator pseudorandom numbers a main bit sequence is created. This is the volume encryption key - FVEK (full volume encryption key). It is with this that the contents of each sector are now encrypted.
  2. In turn, FVEK is encrypted using another key - VMK (volume master key) - and is stored in encrypted form among the volume metadata.
  3. VMK itself is also encrypted, but already different ways at user's choice.
  4. On new ones motherboards The VMK key is encrypted by default using the SRK key (storage root key), which is stored in a separate cryptoprocessor - trusted platform module (TPM). The user does not have access to the TPM content, and it is unique to each computer.
  5. If there is no separate TPM chip on the board, then instead of SRK, a user-entered PIN code or an on-demand USB flash drive with key information pre-recorded on it is used to encrypt the VMK key.
  6. In addition to the TPM or flash drive, you can protect the VMK key with a password.

Such general scheme BitLocker continued to work in subsequent Windows releases up to the present time. However, BitLocker's key generation methods and encryption modes have changed. So, in October 2014, Microsoft quietly removed the additional Elephant Diffuser algorithm, leaving only the AES-CBC scheme with its known shortcomings. At first, no official statements were made about this. People were simply given a weakened encryption technology with the same name under the guise of an update. Vague explanations for this step followed after independent researchers noticed simplifications in BitLocker.

Formally, the abandonment of Elephant Diffuser was required to ensure Windows compliance with the requirements of the US Federal Information Processing Standards (FIPS), but one argument refutes this version: Vista and Windows 7, which used Elephant Diffuser, were sold without problems in America.

Another imaginary reason for abandoning the additional algorithm is the lack of hardware acceleration for Elephant Diffuser and the loss in speed when using it. However, in previous years, when processors were slower, the encryption speed was somehow satisfactory. And the same AES was widely used even before separate sets commands and specialized chips to speed it up. With time it was possible to do hardware acceleration and for Elephant Diffuser, or at least give customers a choice between speed and security.

Another, unofficial version looks more realistic. The "elephant" interfered with NSA employees who wanted to spend less effort decrypting the next disk, and Microsoft willingly cooperates with authorities even in cases where their requests are not entirely legal. Indirectly confirms the conspiracy theory is the fact that before Windows 8, when creating encryption keys in BitLocker, the pseudo-random number generator built into Windows was used. In many (if not all) releases of Windows this was Dual_EC_DRBG - a "cryptographically strong PRNG" developed by the Agency national security USA and containing a number of inherent vulnerabilities.

Of course, secretly weakening the built-in encryption caused a powerful wave of criticism. Under her pressure, Microsoft rewrote BitLocker again, replacing the PRNG with CTR_DRBG in new releases of Windows. Additionally, in Windows 10 (starting with build 1511), the default encryption scheme is AES-XTS, which is immune to manipulation of ciphertext blocks. In the latest “tens” builds, other known BitLocker flaws have been fixed, but the main problem still remains. It is so absurd that it makes other innovations meaningless. We are talking about the principles of key management.

Los Alamos principle

The task of decrypting BitLocker drives is also simplified by the fact that Microsoft is actively promoting alternative method restoring access to data via Data Recovery Agent. The point of the “Agent” is that it encrypts the encryption keys of all drives within the enterprise network with a single access key. Once you have it, you can decrypt any key, and therefore any disk used by the same company. Comfortable? Yes, especially for hacking.

The idea of ​​using one key for all locks has already been compromised many times, but it continues to be returned in one form or another for the sake of convenience. Here is how Ralph Leighton recorded Richard Feynman's recollections of one characteristic episode of his work on the Manhattan Project at the Los Alamos Laboratory: “...I opened three safes - and all three with the same combination.<…>I dealt with them all: I opened the safes with all the secrets of the atomic bomb - the technology for producing plutonium, a description of the purification process, information about how much material is needed, how the bomb works, how neutrons are produced, how the bomb works, what its dimensions are - in a word, everything, which they knew about in Los Alamos, the whole kitchen!”.

BitLocker is somewhat reminiscent of the safe design described in another fragment of the book You're Surely Joking, Mr. Feynman! The most impressive safe in a top-secret laboratory had the same vulnerability as a simple filing cabinet. “...This was a colonel, and he had a much more sophisticated, two-door safe with large handles that pulled four three-quarter-inch thick steel rods out of the frame.<…>I examined the back of one of the imposing bronze doors and discovered that the dial was connected to a small lock that looked exactly like the lock on my Los Alamos closet.<…>It was obvious that the lever system depended on the same small rod that locked the filing cabinets.<…>. Pretending some kind of activity, I began to turn the dial at random.<…>Two minutes later - click! - the safe opened.<…>When the safe door or top drawer of a filing cabinet is open, it is very easy to find the combination. This is exactly what I did when you read my report, just to demonstrate to you the danger.".

BitLocker crypto containers themselves are quite secure. If they bring you a flash drive that came from nowhere, encrypted with BitLocker To Go, then you are unlikely to decrypt it in an acceptable time. However, in a real scenario of using encrypted disks and removable media full of vulnerabilities that can be easily exploited to bypass BitLocker.

Potential vulnerabilities

You've probably noticed that you have to wait a long time when you activate BitLocker for the first time. This is not surprising - the process of sector-by-sector encryption can take several hours, because even reading all the blocks of a terabyte HDD is not possible faster. However, disabling BitLocker is almost instantaneous - how can that be?

The fact is that when disabled, BitLocker does not decrypt data. All sectors will remain encrypted with the FVEK key. Simply, access to this key will no longer be limited in any way. All checks will be disabled, and the VMK will remain recorded among the metadata in open form. Every time you turn on the computer, the OS bootloader will read the VMK (without checking the TPM, asking for a key on a flash drive or a password), automatically decrypt FVEK with it, and then all files as they are accessed. For the user, everything will look like a complete lack of encryption, but the most attentive may notice a slight decrease in the performance of the disk subsystem. More precisely, there is no increase in speed after disabling encryption.

There is something else interesting about this scheme. Despite the name (full-disk encryption technology), some data still remains unencrypted when using BitLocker. The MBR and BS remain open (unless the disk was initialized in GPT), damaged sectors and metadata. An open bootloader gives room for imagination. Pseudo-bad sectors are convenient for hiding rootkits and other malware, and the metadata contains a lot of interesting things, including copies of keys. If BitLocker is active, then they will be encrypted (but weaker than FVEK encrypts the contents of sectors), and if deactivated, they will simply lie in the clear. These are all potential attack vectors. They are potential because, in addition to them, there are much simpler and more universal ones.

Recovery key

In addition to FVEK, VMK, and SRK, BitLocker uses another type of key that is created “just in case.” These are recovery keys, which are another popular attack vector. Users are afraid of forgetting their password and losing access to the system, and Windows itself recommends that they make an emergency login. To do this, the BitLocker encryption wizard prompts you to create a recovery key at the last step. It is not possible to refuse its creation. You can only choose one of the key export options, each of which is very vulnerable.

In the default settings, the key is exported as a simple text file with a recognizable name: “BitLocker Recovery Key #”, where the computer ID is written instead of # (yes, right in the file name!). The key itself looks like this.


If you forgot (or never knew) the password you set in BitLocker, then simply look for the file with the recovery key. Surely it will be saved among the current user’s documents or on his flash drive. Maybe it's even printed on a piece of paper, as Microsoft recommends. Just wait until your colleague goes on a break (forgetting to lock his computer, as always) and start searching.


Login with recovery key

To quickly locate a recovery key, it is convenient to limit the search by extension (txt), creation date (if you can imagine when BitLocker could have been turned on) and file size (1388 bytes if the file was not edited). Once you find the recovery key, copy it. With it, you can bypass standard authorization in BitLocker at any time. To do this, just press Esc and enter the recovery key. You will log in without any problems and can even change your BitLocker password to a custom one without specifying the old one! This is already reminiscent of tricks from the “Western Construction” section.


Opening BitLocker

A real cryptographic system is a compromise between convenience, speed and reliability. It must include procedures transparent encryption with on-the-fly decryption, methods for recovering forgotten passwords and conveniently working with keys. All this weakens any system, no matter what strong algorithms it is based on. Therefore, it is not necessary to look for vulnerabilities directly in the Rijndael algorithm or in various schemes of the AES standard. It is much easier to detect them in the specifics of a particular implementation.

In the case of Microsoft, such “specifics” are enough. For example, copies of BitLocker keys are sent to SkyDrive and deposited in Active Directory by default. For what? Well, what if you lose them... or Agent Smith asks. It’s inconvenient to keep a client waiting, much less an agent.

For this reason, comparing the cryptographic strength of AES-XTS and AES-CBC with Elephant Diffuser fades into the background, as do recommendations to increase the key length. No matter how long it is, an attacker can easily obtain it in unencrypted form.

Receiving deposited keys from the account Microsoft records or AD is the main way to break BitLocker. If the user has not registered an account in the Microsoft cloud, and his computer is not on a domain, then there will still be ways to extract the encryption keys. In the course of normal operation they open copies always saved in random access memory(otherwise there would be no “transparent encryption”). This means that they are available in its dump and hibernation file.

Why are they kept there at all? No matter how funny it may seem - for convenience. BitLocker was designed to protect against offline attacks only. They are always accompanied by a reboot and connecting the disk to another OS, which leads to clearing of RAM. However, in the default settings, the OS dumps the RAM when a crash occurs (which can be provoked) and writes its entire contents to a hibernation file whenever the computer goes into deep sleep. Therefore, if you have recently logged into Windows with BitLocker enabled, there is a good chance that you will receive a decrypted copy of the VMK key, and use it to decrypt the FVEK and then the data itself along the chain. Shall we check?

All the BitLocker hacking methods described above are collected in one program - Forensic Disk Decryptor, developed by the domestic company Elcomsoft. It can automatically retrieve encryption keys and mount encrypted volumes as virtual disks, decrypting them on the fly.

Additionally, EFDD implements another non-trivial method of obtaining keys - an attack via the FireWire port, which is advisable to use in cases where it is not possible to run your software on the attacked computer. We always install the EFDD program itself on our computer, and on the computer being hacked we try to do the minimum necessary steps.

For example, let's just run test system with BitLocker active and “invisibly” we will make a memory dump. So we will simulate a situation in which a colleague went out for lunch and did not lock his computer. We launch RAM Capture and in less than a minute we receive a complete dump in a file with a .mem extension and a size corresponding to the amount of RAM installed on the victim’s computer.


Making a memory dump

By and large, it doesn’t matter what you do with the dump. Regardless of the extension, this will result in a binary file, which will then be automatically analyzed by EFDD in search of keys.

We write the dump onto a flash drive or transfer it over the network, after which we sit down at our computer and launch EFDD.

Select the “Extract keys” option and enter the path to the memory dump file as the key source.

Specify the key source

BitLocker is a typical crypto container, like PGP Disk or TrueCrypt. These containers turned out to be quite reliable on their own, but client applications To work with them under Windows, they litter the encryption keys in RAM. Therefore, EFDD implements a universal attack scenario. The program instantly finds encryption keys from all three types of popular crypto containers. Therefore, you can leave all the boxes checked in case the victim secretly uses TrueCrypt or PGP!

After a few seconds, Elcomsoft Forensic Disk Decryptor shows all found keys in its window. For convenience, you can save them to a file - this will be useful in the future.

Now BitLocker is no longer a problem! You can carry out a classic offline attack - for example, pull out HDD colleagues and copy its contents. To do this, simply connect it to your computer and run EFDD in “decrypt or mount disk” mode.

After specifying the path to the files with the saved keys, EFDD will, at your choice, perform a full decryption of the volume or immediately open it as a virtual disk. In the latter case, files are decrypted as they are accessed. In any case, no changes to original volume is not deposited, so you can return it the next day as if nothing had happened. Working with EFDD occurs without a trace and only with copies of data, and therefore remains invisible.

BitLocker To Go

Starting with the “seven” in Windows, it became possible to encrypt flash drives, USB-HDDs and others external media. A technology called BitLocker To Go encrypts removable drives exactly the same as local disks. Encryption is enabled using the appropriate item in the Explorer context menu.


For new drives, you can use encryption of only the occupied area - anyway, the free space of the partition is filled with zeros and there is nothing to hide there. If the drive has already been used, it is recommended to enable full encryption on it. Otherwise, the location marked as free will remain unencrypted. It may contain recently deleted files that have not yet been overwritten.


Even fast encryption of only the occupied area takes from several minutes to several hours. This time depends on the volume of data, bandwidth interface, drive characteristics and processor cryptographic calculation speed. Because encryption is accompanied by compression, the free space on the encrypted disk usually increases slightly.

The next time you connect an encrypted flash drive to any computer running Windows 7 or higher, the BitLocker wizard will automatically be called to unlock the drive. In Explorer, before unlocking, it will be displayed as a locked disk.


Here you can use both the already discussed options for bypassing BitLocker (for example, searching for the VMK key in a memory dump or hibernation file), as well as new ones related to recovery keys.

If you do not know the password, but you managed to find one of the keys (manually or using EFDD), then there are two main options for accessing the encrypted flash drive:

  • use the built-in BitLocker wizard to directly work with a flash drive;
  • use EFDD to completely decrypt the flash drive and create its sector-by-sector image.

The first option allows you to immediately access the files recorded on the flash drive, copy or change them, and also write your own. The second option takes much longer (from half an hour), but has its advantages. The decrypted sector-by-sector image allows you to further perform more subtle analysis file system at the forensic laboratory level. In this case, the flash drive itself is no longer needed and can be returned unchanged.


The resulting image can be opened immediately in any program that supports the IMA format, or first converted to another format (for example, using UltraISO).


Of course, in addition to detecting the recovery key for BitLocker2Go, EFDD also supports all other BitLocker bypass methods. Just go through everything available options in a row until you find a key of any type. The rest (up to FVEK) will be decrypted along the chain, and you will get full access to the disk.

conclusions

BitLocker full-disk encryption technology differs between versions of Windows. After adequate configuration, it allows you to create crypto containers that are theoretically comparable in strength to TrueCrypt or PGP. However, the mechanism built into Windows for working with keys negates all algorithmic tricks. In particular, the VMK key used to decrypt the master key in BitLocker is recovered using EFDD in a few seconds from an escrowed duplicate, a memory dump, a hibernation file, or a FireWire port attack.

Once you have the key, you can perform a classic offline attack, quietly copy and automatically decrypt all the data on the “protected” disk. Therefore, BitLocker should only be used in conjunction with other security measures: Encrypting File System (EFS), Rights Management Service (RMS), Program Launch Control, Device Installation and Attachment Control, as well as more stringent local policies and general security measures.

Last updated by at February 28, 2017.

Windows 10 and earlier versions of Windows provide file encryption using BitLocker technology. You only need to configure it once, and you can be sure that no one will gain access to your files or be able to run your programs, even if they do. physical access to the drive of your laptop or computer.

How do I enable BitLocker encryption? First of all, you need to activate security policies:

1. Press Win+R and run the command gpedit.msc.
2. Go to Administrative Templates > Windows Components BitLocker Drive Encryption > Operating System Drives.

3. Double-click on “This policy setting allows you to configure the requirement for additional authentication at startup” and select the “Enabled” option.

Now you can proceed directly to encryption:

1. Open File Explorer > My Computer and select the drive you want to encrypt.
2. Right-click the drive icon and select Enable BitLocker.

3. A dialog box will open with options for accessing encrypted data. Follow its instructions and restart your computer. The disk will be encrypted. The encryption process can be lengthy, its duration depending on the volume of data being encrypted.

During the encryption setup process, you will need to create a key or password to decrypt the data. The password must use mixed-case letters and numbers. When the drive is installed in your computer, data is encrypted and decrypted automatically, but if you remove the encrypted drive from it and connect it to another device, you will need a key to access the files.

Data for key recovery can be stored on a flash drive, in Microsoft account, V text file or on a printed sheet of paper. Keep in mind that this is not the key itself, but only information that will help you recover it. The key can only be obtained after entering the login and password for your Microsoft account, which makes it more difficult to crack the encryption.

If you have encrypted the system logical drive, then the password will have to be entered during a cold start of the device or after it reboots.

Many users with the release of the Windows 7 operating system were faced with the fact that an incomprehensible BitLocker service appeared in it. Many people can only guess what BitLocker is. Let's get on specific examples Let's clarify the situation. We will also consider questions that relate to whether it is advisable to activate this component or disable it completely.

BitLocker Service: What is it for?

If you look carefully, you can conclude that BitLocker is a fully automated, universal means of encrypting data stored on your hard drive. What is BitLocker on a hard drive? This is a regular service that, without user intervention, allows you to protect folders and files by encrypting them and creating a special text key that provides access to documents. At the moment when the user works under his account, he doesn’t even realize that the data is encrypted. All information is displayed in a readable form and access to folders and files is not blocked for the user. In other words, such a protection tool is designed only for those situations in which access to the computer terminal is carried out. unauthorized access when attempting to intervene from the outside.

Cryptography and password issues

If we talk about what BitLocker is like in Windows 7 or in higher-ranking systems, it is necessary to note this unpleasant fact: if they lose their login password, many users will not only be able to log into the system, but also perform some actions to view documents that were previously available for moving, copying, and so on. But the problems don't end there. If you properly understand the question of what BitLocker Windows 8 and 10 is, then there are no significant differences. The only thing that can be noted is more advanced cryptography technology. The problem here is different. The thing is that the service itself is capable of operating in two modes, storing decryption keys either on the hard drive or on a removable USB drive. This suggests a completely logical conclusion: the user, if he has a saved key on the hard drive, without any problems gets access to all the information that is stored on it. When the key is stored on a flash drive, the problem is much more serious. In principle, you can see an encrypted disk or partition, but you won’t be able to read the information. Moreover, if we talk about what BitLocker is Windows 10 and more systems earlier versions, then it is necessary to note the fact that the service is integrated into context menus of any type, which are called by right-clicking the mouse. This is simply annoying for many users. Let’s not get ahead of ourselves and consider all the main aspects that are related to the operation of this component, as well as the advisability of its deactivation and use.

Method of encrypting removable media and disks

The strangest thing is that in various systems and their modifications, by default the Windows 10 BitLocker service can be either in active or in passive mode. In Windows 7 it is enabled by default, in Windows 8 and Windows 10 it is sometimes required manual activation. As for encryption, nothing new has been invented here. Typically, the same public key-based AES technology is used, which is most often used in corporate networks. Therefore, if your computer terminal with the appropriate operating system is connected to local network, you can be completely sure that the security and information protection policy used implies the activation of this service. Even if you have administrator rights, you will not be able to change anything.

Enabling the Windows 10 BitLocker service if it has been deactivated

Before you begin to resolve the issue related to BitLocker Windows 10, you need to consider the process of enabling and configuring it. The deactivation steps will need to be carried out in reverse order. Enabling encryption in the simplest way is done from the “Control Panel” by selecting the disk encryption section. This method can only be used if the key is not to be saved to removable media. If the non-removable media is locked, then you will have to look for another question about the Windows 10 BitLocker service: how to disable this component? This is done quite simply. Provided that the key is on removable media, to decrypt disks and disk partitions you need to insert it into the appropriate port, and then go to the security system section of the “Control Panel”. After this, we find the BitLocker encryption item, and then consider the media and drives on which the protection is installed. Below there will be a hyperlink designed to disable encryption. You need to click on it. If the key is recognized, the decryption process will be activated. All you have to do is wait for it to complete.

Configuring ransomware components: problems

As for the setup issue, it won’t be without a headache. First of all, it is worth noting that the system offers to reserve at least 1.5 GB for your needs. Secondly, you need to adjust the permissions of the NTFS file system, for example, reduce the volume size. In order to do such things, you should immediately disable this component, since most users do not need it. Even those who have this service enabled by default in their settings do not always know what to do with it, or whether it is needed at all. And in vain... On local computer You can use it to protect data even in the complete absence of anti-virus software.

How to disable BitLocker: getting started

First of all, you need to use the previously specified item in the “Control Panel”. The names of the service disabling fields may change depending on the system modification. The selected drive can be set to pause protection or indicate to disable the BitLocker service. But that's not the point. Particular attention should be paid to the fact that it is necessary to completely disable updating the BIOS and system boot files. Otherwise, the decryption process may take quite a long time.

Context menu

This is one side of the BitLocker coin. What this service is should already be clear. Reverse side is to isolate additional menus from the presence in them of references to this service. To do this, you need to take another look at BitLocker. How to remove all links to a service from context menu? Yes, very simple... When selected the desired file in Explorer we use the service and editing section of the context menu, go to settings, and after that we use the command settings and organize them. Next, you need to specify the value of “Control Panel” and find the one you need in the list of corresponding panel elements and commands and delete it. Then in the registry editor you need to go to the HKCR branch and find the ROOT Directory Shell section, expand it and delete the desired element by pressing the Del key or using the delete command from the right-click menu. That's the last thing about BitLocker. How to disable it should already be clear to you. But don’t delude yourself ahead of time. This service will still work in background, whether you like it or not.

Conclusion

It should be added that this is not all that can be said about the BitLocker encryption system component. We have already figured out what BitLocker is. You also learned how to disable and remove menu commands. The question is: is it worth disabling BitLocker? One piece of advice can be given here: corporate network There is no need to deactivate this component at all. But if we're talking about about a home computer terminal, then why not.


2024 gtavrl.ru.