Should Recovery Drive be Encrypted by Bitlocker?

  • Thread starter Thread starter glr
  • Start date Start date
G

glr

My Dell does not have TPM. I am using bitlocker with a USB.

I notice that the Recovery drive is neither protected nor eligible to be
protected. I am wondering whether this is a weakness in my protection.

Thanks for anyone's' insight
 
glr said:
My Dell does not have TPM. I am using bitlocker with a USB.

I notice that the Recovery drive is neither protected nor eligible to be
protected. I am wondering whether this is a weakness in my protection.

Thanks for anyone's' insight
Click to expand...


I would say it's not a problem, as long as you do not store any data on
it. I am assuming here that you mean a recovery drive as installed by
your PC maker in order to restore your system in the event of a disaster.

All that should be on there is a copy of Windows as it was when you got
the machine and various utilities from the PC maker, what could a thief
or spy gain from that?

Of course if the disaster ever happens and you have to use it then it
will lose all your encrypted stuff because it will reformat your system
drive, so encrypted or not you need to back up your data to something
else, ideally something that is not an integral part of the computer.

Sorry if I am misunderstanding your question.
 
Charlie Tame said:
I would say it's not a problem, as long as you do not store any data on
it. I am assuming here that you mean a recovery drive as installed by
your PC maker in order to restore your system in the event of a disaster.

All that should be on there is a copy of Windows as it was when you got
the machine and various utilities from the PC maker, what could a thief
or spy gain from that?

Of course if the disaster ever happens and you have to use it then it
will lose all your encrypted stuff because it will reformat your system
drive, so encrypted or not you need to back up your data to something
else, ideally something that is not an integral part of the computer.

Sorry if I am misunderstanding your question.
Click to expand...
You are on the right track. I think I should have phrased my question
better. The proper question is perhaps, does the Recovery partition on my
Vista machine include any confidential data?

No I do not use it for backup purposes but I think the drive was modified by
the Bitlocker Drive Preparation Tool when I established Bitlocker.
 
glr said:
You are on the right track. I think I should have phrased my question
better. The proper question is perhaps, does the Recovery partition on my
Vista machine include any confidential data?

No I do not use it for backup purposes but I think the drive was modified by
the Bitlocker Drive Preparation Tool when I established Bitlocker.
Click to expand...

Okay, that will help get other opinions.

The OEM install should not, there may be something to identify "The
Computer" but not you personally because the OEM did not know who was
going to buy it.

However if you used it for anything I guess you could have put something
on there by accident. I can't see Bitlocker doing that but who really
knows what the other organizations like NSA is capable of these days?

I guess my opinion is that it would take a pretty good expert to get
anything from the Recovery Partition if you didn't put anything there.
 
Bitlocker is used as a security device to encrypt your system against
'unauthorised' access. As your recovery drive contains only an image of your
installed operating system and no identifiable (to you anyway) information I
certainly would not be inclined to encrypt the recovery partition. If you
loose the encryption key or misplace the printed key version you will not
only be unable to access your system but you will also not be able to
reinstall the operating system from the recovery partition - well not unless
you have created a manufacturer's recover disc.

--

--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience

Web: http://www.winuser.co.uk
Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org
Web: http://www.silversurfer-guide.com

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
 
Also, where encryption is concerned, it is generally not a good idea to
encrypt "known" data with the same key as the rest of the protected
data.
Knowing what should be in the recovery partition can aid the bad guys in
deciphering the ciphertext version and discovering the key used.
 
John said:
Bitlocker is used as a security device to encrypt your system against
'unauthorised' access. As your recovery drive contains only an image of
your installed operating system and no identifiable (to you anyway)
information I certainly would not be inclined to encrypt the recovery
partition. If you loose the encryption key or misplace the printed key
version you will not only be unable to access your system but you will
also not be able to reinstall the operating system from the recovery
partition - well not unless you have created a manufacturer's recover disc.
Click to expand...

If one uses Acronys True Image you can attach a password to an OS system
backup image file. That's better than no security at all and prevents a
virus from being able to infect it.
 
Back
Top