Bitlocker experience

[Guest]

Hello:

I installed Windows Vista RC2 last sunday, and enabled Bitlocker that same
day. At first a little bit reluctant to the idea of having my whole volume
encrypted and potentially locked, since this was a fresh install (still had
no valuable info), I went for it.

Since my laptop does not have a TPM chip, I had to stick with storing the
key on a USB drive (which happens to be an iPod shuffle by the way).

Well, today, I have loaded all my personal information into the box, and my
experience with Bitlocker is just great. The functionality is truly as
transparent as the documentation states, and, to my surprise, system
performance has not been degraded. I actually run a virtual machine (which is
stored in the same encrypted volume) and it runs as fast as before enabling
Bitlocker.

The pre-OS user interface is straightforward and simple, impossible for an
end-user to get lost. I am an IT Security Consultant, but I always try to see
things as an end-user would.

To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
adhering to the Microsoft recommendations and guidelines
(http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx).

Thanks for your time, and my congratulations to the Bitlocker Team at
Microsoft. I think they've done a marvelous job.

 

[Jamie Hunter [MS]]

Thanks very much for this feedback Luis, this is the kind of thing that
makes my day!
-
Jamie Hunter [MS]

"Luis Carlos Delgado (Costa Rica)"

 

[Vipin]

And don't forget to take a printout of the recovery password

 

[Vipin]

Jamie,
Could you give me your email id?

--
Vipin Aravind
http://blogs.explorewindows.com

Thanks very much for this feedback Luis, this is the kind of thing that
makes my day!
-
Jamie Hunter [MS]

"Luis Carlos Delgado (Costa Rica)"

Hello:

I installed Windows Vista RC2 last sunday, and enabled Bitlocker that
same
day. At first a little bit reluctant to the idea of having my whole
volume
encrypted and potentially locked, since this was a fresh install (still
had
no valuable info), I went for it.

Since my laptop does not have a TPM chip, I had to stick with storing the
key on a USB drive (which happens to be an iPod shuffle by the way).

Well, today, I have loaded all my personal information into the box, and
my
experience with Bitlocker is just great. The functionality is truly as
transparent as the documentation states, and, to my surprise, system
performance has not been degraded. I actually run a virtual machine
(which is
stored in the same encrypted volume) and it runs as fast as before
enabling
Bitlocker.

The pre-OS user interface is straightforward and simple, impossible for
an
end-user to get lost. I am an IT Security Consultant, but I always try to
see
things as an end-user would.

To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
adhering to the Microsoft recommendations and guidelines
(http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx).

Thanks for your time, and my congratulations to the Bitlocker Team at
Microsoft. I think they've done a marvelous job.

 

[Jamie Hunter [MS]]

There's a link off http://blogs.msdn.com/si_team that can be used for direct
contact (save me posting anything in the newsgroups for the bots to find
-
Jamie Hunter [MS]

 

[Gerry Hickman]

Hi,

If the CIA/FBI get hold of a "terrorist" laptop that has bitlocker
encryption, how long will it take them to get the information off the
laptop if the suspected owner refuses to disclose the password?

Thanks very much for this feedback Luis, this is the kind of thing that
makes my day!
-
Jamie Hunter [MS]

"Luis Carlos Delgado (Costa Rica)"

Hello:

I installed Windows Vista RC2 last sunday, and enabled Bitlocker that
same
day. At first a little bit reluctant to the idea of having my whole
volume
encrypted and potentially locked, since this was a fresh install
(still had
no valuable info), I went for it.

Since my laptop does not have a TPM chip, I had to stick with storing the
key on a USB drive (which happens to be an iPod shuffle by the way).

Well, today, I have loaded all my personal information into the box,
and my
experience with Bitlocker is just great. The functionality is truly as
transparent as the documentation states, and, to my surprise, system
performance has not been degraded. I actually run a virtual machine
(which is
stored in the same encrypted volume) and it runs as fast as before
enabling
Bitlocker.

The pre-OS user interface is straightforward and simple, impossible
for an
end-user to get lost. I am an IT Security Consultant, but I always try
to see
things as an end-user would.

To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
adhering to the Microsoft recommendations and guidelines
(http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx).

Thanks for your time, and my congratulations to the Bitlocker Team at
Microsoft. I think they've done a marvelous job.

 

[Josh]

Well depends on how the notebook was encrypted.

If they are using TPM only then the key is in the chip and probalby
accesable with the technology they have. If they escrow the key to a domain
I am sure the FBI can get that too. If you do TPM + PIN using managebde
then there is less likely hood they could get at the data. But I dobut a
terrorist would trust the built in encryption technology anyway.

--
Josh
http://windowsconnected.com

Now with NNTP goodness!

Hi,

If the CIA/FBI get hold of a "terrorist" laptop that has bitlocker
encryption, how long will it take them to get the information off the
laptop if the suspected owner refuses to disclose the password?

Thanks very much for this feedback Luis, this is the kind of thing that
makes my day!
-
Jamie Hunter [MS]

"Luis Carlos Delgado (Costa Rica)"

Hello:

I installed Windows Vista RC2 last sunday, and enabled Bitlocker that
same
day. At first a little bit reluctant to the idea of having my whole
volume
encrypted and potentially locked, since this was a fresh install (still
had
no valuable info), I went for it.

Since my laptop does not have a TPM chip, I had to stick with storing
the
key on a USB drive (which happens to be an iPod shuffle by the way).

Well, today, I have loaded all my personal information into the box, and
my
experience with Bitlocker is just great. The functionality is truly as
transparent as the documentation states, and, to my surprise, system
performance has not been degraded. I actually run a virtual machine
(which is
stored in the same encrypted volume) and it runs as fast as before
enabling
Bitlocker.

The pre-OS user interface is straightforward and simple, impossible for
an
end-user to get lost. I am an IT Security Consultant, but I always try
to see
things as an end-user would.

To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
adhering to the Microsoft recommendations and guidelines
(http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx).

Thanks for your time, and my congratulations to the Bitlocker Team at
Microsoft. I think they've done a marvelous job.

 

[Gerry Hickman]

Hi Josh,

If they are using TPM only then the key is in the chip and probalby
accesable with the technology they have.

Does this mean there's a back door into TPM?

If they escrow the key to a domain
I am sure the FBI can get that too.

Can you explain what it means "escrow the key to a domain". Do you mean
like the laptop is joined to a domain and they have an enterprise
certificate setup (or similar) but the FBI could hack the corporate
domain and get the key?

If you do TPM + PIN using managebde
then there is less likely hood they could get at the data.
Interesting...

But I dobut a
terrorist would trust the built in encryption technology anyway.

Hehe!

 

[Josh]

Inline for your convience....

--
Josh
http://windowsconnected.com

Now with NNTP goodness!

Hi Josh,


Does this mean there's a back door into TPM?

Not at all, it means governments have unlimited resources and a known
starting point....

Can you explain what it means "escrow the key to a domain". Do you mean
like the laptop is joined to a domain and they have an enterprise
certificate setup (or similar) but the FBI could hack the corporate domain
and get the key?

sure once you apply the longhorn schema to your domain one of the options
for key escrow for Bitlocker is to an Active Directory domain. This writes
the key as a subobject of the computer object for recovery purposes. If the
FBI can get there hands on the domain then they would have the key.