Bitlocker (disk encryption) strenght and performance?

VictordeHolland · 2018-08-08, 10:53

Not sure this is the right forum (we have a Linux subforum but no Windows, could also go in a crypto forum).

Question: Is Bitlocker (disk encryption in Win10 Pro and Edu) safe to use? As in is the encryption standard used not broken? The implementation by Microsoft could contain bugs *kuch*NSAbackdoors*kuch*, but that is not something we can check. Are there any good alternatives? I read Truecrypt, but that is not developed anymore, so I'm a bit reluctant to try that.

The data I'm trying to protect contains sensitive customer data (telephone numbers, emailadresses), so I just want to make sure that a stolen PC or HDD cannot be read by thieves. Protection against 3-letter agencies is not needed.

What is the performance impact of Bitlocker?
The motherboard doesn't have a TPM chip, so it will be with a passphase? How do I backup the key/recovery safely in case somebody forgets the password?

CRGreathouse · 2018-08-08, 13:24

It uses AES which has not been broken and is not likely to be broken in the near future. As far as we can tell from the Snowden documents the NSA does not have a cryptographic break. AES is quantum resistant: small quantum computers are no threat, large efficient quantum computers might break AES-128 but not AES-256 (for the foreseeable future).

BitLocker and similar schemes are vulnerable to cold boot attacks unless you are using (at least) 2-factor authentication.

VictordeHolland · 2018-08-08, 18:55

So basicly it is safe to use for the purpose I was thinking of?

CRGreathouse · 2018-08-08, 19:31

If you use a secure passphrase and don't allow people physical access to the machine while and shortly after it has power I think it should be safe for that scenario, yes.

retina · 2018-08-09, 01:30

I would suggest TrueCrypt's successor VeraCrypt.

It is open source.
It is honest about what it does and does not protect.
It does not send any "recovery key" to anyone (unlike BitLocker which sends the master key to MS).
It is also cross platform in that the partition format is public and they can be opened in Linux and Windows clients, so you don't have to have a valid Windows license to recover the data.
The master key is not tied to the system, since it doesn't use the TPM, so the data can be opened in any system (with the correct passphrase of course).
It also has cypher cascading so if any one cypher is broken or backdoored it can have another one, or two, cyphers in cascade still protecting the data.

Edit: You can have multiple passphrases to the same data by exchanging the header. So if someone forgets a passphrase you can replace the header with a backup.

CRGreathouse · 2018-08-09, 14:01

Quote:

Originally Posted by retina

It also has cypher cascading so if any one cypher is broken or backdoored it can have another one, or two, cyphers in cascade still protecting the data.

That's a nice feature. Remember to put the cipher you trust the most *first* in the cascade: the cascade is guaranteed to be as strong as the first cipher, and it's possible (however unlikely) to weaken a cipher by putting a worse cipher ahead of it.

Ueli M. Maurer and James L. Massey, Cascade ciphers: the importance of being first, Journal of Cryptology 6:1 (1993), pp. 55-61.

LaurV · 2018-08-10, 05:25

Quote:

Originally Posted by retina

Edit: You can have multiple passphrases to the same data by exchanging the header. So if someone forgets a passphrase you can replace the header with a backup.

You lost me here. How is that possible, and still be secure? If the encryption key is generated from the password, then it means they have a way to generate the same key from different passwords, which is by itself insecure (imagine SHA256 but being able to get the same hash from two different sets of data). If the encryption key is not generated from the passphrase, then is is stored somewhere (is that why a "header" is needed?) and the passphrase is used to get to it, which is also not so secure if the attacker can get his hands on some copies of different "headers".

retina · 2018-08-10, 10:35

Quote:

Originally Posted by LaurV

You lost me here. How is that possible, and still be secure? If the encryption key is generated from the password, then it means they have a way to generate the same key from different passwords, which is by itself insecure (imagine SHA256 but being able to get the same hash from two different sets of data). If the encryption key is not generated from the passphrase, then is is stored somewhere (is that why a "header" is needed?) and the passphrase is used to get to it, which is also not so secure if the attacker can get his hands on some copies of different "headers".

The passphrase only encrypts the master key. The master key never changes. So you can change your passphrase without having to re-encrypt the entire drive, you only have to re-encrypt the header. The header contains the master key. Then the master key is used to encrypt the rest of the data.

R. Gerbicz · 2018-08-10, 10:43

Quote:

Originally Posted by VictordeHolland

Are there any good alternatives?

Yes, your own (secure) decryption. Ofcourse this needs some Maths background to construct such one.

CRGreathouse · 2018-08-10, 14:32

Quote:

Originally Posted by R. Gerbicz

Yes, your own (secure) decryption. Ofcourse this needs some Maths background to construct such one.

Please don't. There are lots of ways to make mistakes, lots of unobvious side-channel attacks, lots of vulnerabilities. It's hard to test your own software rigorously. Phil Zimmermann gives an example of how he created a crypto scheme he created in college used as an example in intro to cryptography texts as an exercise on how to break cryptosystems...

Maybe if you are Robert Gerbicz or Phil Zimmermann this doesn't apply to you, but for most people:
https://motherboard.vice.com/en_us/a...our-own-crypto

M344587487 · 2018-08-10, 16:29

Quote:

Originally Posted by CRGreathouse

Please don't. There are lots of ways to make mistakes, lots of unobvious side-channel attacks, lots of vulnerabilities. It's hard to test your own software rigorously. Phil Zimmermann gives an example of how he created a crypto scheme he created in college used as an example in intro to cryptography texts as an exercise on how to break cryptosystems...

Maybe if you are Robert Gerbicz or Phil Zimmermann this doesn't apply to you, but for most people:
https://motherboard.vice.com/en_us/a...our-own-crypto

True, but at the same time security through obscurity isn't the worst idea as a last mile step for personal use only. Just take the cascade idea you commented on above and put custom crappyEncryption (TM) at the end, preferably something that leaves no data footprint and can be memorised/forgotten as necessary. It's a little batshit but we are talking largely enthusiast dabbling and nothing more.

2018-08-08, 10:53	#1
VictordeHolland "Victor de Hollander" Aug 2011 the Netherlands 3²×131 Posts	Bitlocker (disk encryption) strenght and performance? Not sure this is the right forum (we have a Linux subforum but no Windows, could also go in a crypto forum). Question: Is Bitlocker (disk encryption in Win10 Pro and Edu) safe to use? As in is the encryption standard used not broken? The implementation by Microsoft could contain bugs kuchNSAbackdoorskuch, but that is not something we can check. Are there any good alternatives? I read Truecrypt, but that is not developed anymore, so I'm a bit reluctant to try that. The data I'm trying to protect contains sensitive customer data (telephone numbers, emailadresses), so I just want to make sure that a stolen PC or HDD cannot be read by thieves. Protection against 3-letter agencies is not needed. What is the performance impact of Bitlocker? The motherboard doesn't have a TPM chip, so it will be with a passphase? How do I backup the key/recovery safely in case somebody forgets the password?

2018-08-08, 13:24	#2
CRGreathouse Aug 2006 1011101100100₂ Posts	It uses AES which has not been broken and is not likely to be broken in the near future. As far as we can tell from the Snowden documents the NSA does not have a cryptographic break. AES is quantum resistant: small quantum computers are no threat, large efficient quantum computers might break AES-128 but not AES-256 (for the foreseeable future). BitLocker and similar schemes are vulnerable to cold boot attacks unless you are using (at least) 2-factor authentication. Last fiddled with by CRGreathouse on 2018-08-08 at 13:25

2018-08-09, 01:30	#5
retina Undefined "The unspeakable one" Jun 2006 My evil lair 1A89₁₆ Posts	I would suggest TrueCrypt's successor VeraCrypt. It is open source. It is honest about what it does and does not protect. It does not send any "recovery key" to anyone (unlike BitLocker which sends the master key to MS). It is also cross platform in that the partition format is public and they can be opened in Linux and Windows clients, so you don't have to have a valid Windows license to recover the data. The master key is not tied to the system, since it doesn't use the TPM, so the data can be opened in any system (with the correct passphrase of course). It also has cypher cascading so if any one cypher is broken or backdoored it can have another one, or two, cyphers in cascade still protecting the data. Edit: You can have multiple passphrases to the same data by exchanging the header. So if someone forgets a passphrase you can replace the header with a backup. Last fiddled with by retina on 2018-08-09 at 01:34

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Laymans explanation of RSA encryption	Fusion_power	Programming	3	2013-11-04 20:50
Encryption and governments	retina	Soap Box	119	2012-02-28 05:00
A good encryption ?	science_man_88	Soap Box	14	2010-10-14 18:31
Interesting Encryption problem	FDCmercs	Math	0	2007-01-07 15:50
No disk writing	Max	Software	22	2006-10-27 21:26

2018-08-08, 18:55	#3
VictordeHolland "Victor de Hollander" Aug 2011 the Netherlands 2233₈ Posts	So basicly it is safe to use for the purpose I was thinking of?

2018-08-08, 19:31	#4
CRGreathouse Aug 2006 2²×3×499 Posts	If you use a secure passphrase and don't allow people physical access to the machine while and shortly after it has power I think it should be safe for that scenario, yes.