G
Guest
I'm trying to understand the need for VMK. If a startup key is lost of
compromised, changing the VMK without also re-encrypting (i.e., changing the
FVEK) gives a false sense of security - I think.
In the Scenarios, User Experience, and Flow at
http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx
it states:
"The VMK directly protects the FVEK and therefore, protecting the VMK
becomes critical. This strategy of protecting the VMK indirectly protects the
encrypted volume and has the advantages that:
- The system can regenerate keys upstream in the chain if one or more of
these keys are lost or compromised.
- The recovery process can be done without decrypting and reencrypting the
entire volume, which is expensive in terms of the user’s time."
If I've lost my startup key, but I'm pretty sure no one's actually tried to
use it on my machine, then why not simply regenerate only the startup key?
If I think someone has used the key on my machine, then they have my VMK at
that moment, and if they have my VMK, they can retrieve my FVEK. So they
have my FVEK. Changing the VMK and Startup key won't lower my risk. I think
I'll have to re-encrypt...
For the first advantage, if for example I've lost my startup key on USB
flash, how do I tell BitLocker to generate a new, different startup key and
VMK without having to re-encrypt the whole drive? I tried disabling, then
re-enabling BitLocker under 5308, but it did not offer to place a different
startup key on my USB drive, nor save a new recovery key. When I went to
manage keys and request a copy of the startup key, I received the same key as
before.
As for the second advantage, why does the VMK provide an advantage? Is it
alone used to encrypt/decrypt some of the initial system files, which then
take over using the FVEK?? I'm just guessing at the reason...
In the BitLocker Technical Overview at
http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerTechOver.mspx
it states that after disabling BitLocker for maintenance:
"When BitLocker is reenabled, the clear key is removed from the disk volume
and BitLocker protection is turned on again. Additionally, the VMK is rekeyed
and reencrypted."
I think I understand - when the clear key is deleted, along with its
blob(VMK), the VMK is regenerated in case anyone snagged the clear key, or if
forensic tools are used to retrieve the deleted clear key and blob from
disk???
Thanks!
compromised, changing the VMK without also re-encrypting (i.e., changing the
FVEK) gives a false sense of security - I think.
In the Scenarios, User Experience, and Flow at
http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx
it states:
"The VMK directly protects the FVEK and therefore, protecting the VMK
becomes critical. This strategy of protecting the VMK indirectly protects the
encrypted volume and has the advantages that:
- The system can regenerate keys upstream in the chain if one or more of
these keys are lost or compromised.
- The recovery process can be done without decrypting and reencrypting the
entire volume, which is expensive in terms of the user’s time."
If I've lost my startup key, but I'm pretty sure no one's actually tried to
use it on my machine, then why not simply regenerate only the startup key?
If I think someone has used the key on my machine, then they have my VMK at
that moment, and if they have my VMK, they can retrieve my FVEK. So they
have my FVEK. Changing the VMK and Startup key won't lower my risk. I think
I'll have to re-encrypt...
For the first advantage, if for example I've lost my startup key on USB
flash, how do I tell BitLocker to generate a new, different startup key and
VMK without having to re-encrypt the whole drive? I tried disabling, then
re-enabling BitLocker under 5308, but it did not offer to place a different
startup key on my USB drive, nor save a new recovery key. When I went to
manage keys and request a copy of the startup key, I received the same key as
before.
As for the second advantage, why does the VMK provide an advantage? Is it
alone used to encrypt/decrypt some of the initial system files, which then
take over using the FVEK?? I'm just guessing at the reason...
In the BitLocker Technical Overview at
http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerTechOver.mspx
it states that after disabling BitLocker for maintenance:
"When BitLocker is reenabled, the clear key is removed from the disk volume
and BitLocker protection is turned on again. Additionally, the VMK is rekeyed
and reencrypted."
I think I understand - when the clear key is deleted, along with its
blob(VMK), the VMK is regenerated in case anyone snagged the clear key, or if
forensic tools are used to retrieve the deleted clear key and blob from
disk???
Thanks!
. So in short, use WMI/manage-bde key