Last week, I took a mile-high view at some of the features Windows Vista will offer the enterprise. This week, I'd like to look more closely at a controversial new Vista feature called BitLocker. BitLocker sounds simple enough. Combined with a Trusted Platform Module (TPM) chip on a PC's motherboard, BitLocker encrypts an entire hard disk. Microsoft says this feature will help companies, especially those with executives traveling around with key corporate data on their laptops, keep private company information private. But there are fears that lawbreakers will use BitLocker to secure their data as well. And because Microsoft has pledged that there will never be any backdoors created for BitLocker, information stored on those encrypted hard disks will always be safe from prying eyes, good or bad.
Here's how it works. BitLocker is a hardware-backed encryption feature that protects an entire hard disk from being hacked. It integrates with a TPM 1.2 chip and leverages a 128-bit or 256-bit Advanced Encryption Standard (AES) encryption algorithm. (You can optionally use BitLocker on non-TPM systems as well, but in such a case you must supply a USB memory key or an alphanumeric password to access the system.) BitLocker interacts with TPM-enabled systems and is thus secure even during the boot-up process when used in conjunction with TPM. (On non-TPM systems, BitLocker can't guarantee boot file integrity.)
If you're familiar with the Encrypting File System (EFS), a feature of NTFS, you might be wondering what the big deal is. Although some serious technical differences exist between the two features--most obviously, that BitLocker uses a stronger hardware-based encryption scheme--the end result is the same: Data is encrypted so that thieves won't be able to recover it by simply plugging the hard disk into a different PC. BitLocker is what Microsoft used to call Secure Startup and Full Volume Encryption. For the truly security conscious, it's even possible to use both BitLocker and EFS together. That's because BitLocker protects only the volume on which the Windows OS is installed. So you can use EFS to protect data on other volumes, and because EFS stores its encryption keys on the OS partition, all the EFS-protected data is more secure as a result.
Confusingly, BitLocker requires a number of configuration options, including two separate partitions for the boot files and OS. Microsoft provides semi-convoluted instructions for configuring a system for BitLocker (see URL below), so I won't repeat those steps here. The more important point, I think, is that BitLocker raises a lot of questions.
For corporations that don't mind investing in TPM-based hardware, BitLocker may seem like an obvious choice. But Microsoft isn't yet admitting what kind of performance hit BitLocker-based systems will incur. And it appears that BitLocker requires an onerous amount of configuration to be used effectively. It's unclear that even in heavily managed environments that BitLocker can easily be rolled out to individuals without a lot of hands-on work by administrators.
Machines that use BitLocker without TPM can technically succumb to brute force attacks. Indeed, even hardware-based BitLocker-based systems could theoretically be usurped, although Microsoft calls such attempts "unfeasible." Ultimately, the effectiveness of BitLocker is determined largely by how well it's configured. Thus, the possibility of human error raises its ugly head once again.
And then there's the recovery issue. Data protected by BitLocker is literally unrecoverable in the event that the user forgets his or her recovery password or loses the recovery key. (Unless of course Moore's Law finally catches up with 256-bit AES encryption.) Microsoft recommends that users store this information in a safe place, but again, people are human. Mistakes happen.
I've tested BitLocker only briefly, but I'm intrigued by its Windows integration and Group Policy capabilities, and of course, no one wants to think that their data is being pawed over by others, be they competitors, criminals, or both. But I'm a bit nervous that BitLocker might ultimately do more harm than good. Will the number of people burned by BitLocker's unbreakable encryption exceed those who are saved by this feature? Only time will tell.
Windows Vista Beta 2 BitLocker Drive Encryption Step-by-Step Guide (Microsoft)