Focus on Microsoft
Bitlocker without PIN Feb 17 2011 11:07AM
Shang Tsung (shangtsung71 gmail com) (2 replies)
RE: Bitlocker without PIN Feb 23 2011 09:45PM
Alexander Kurt Keller (alkeller sfsu edu)
Speaking as an individual and not representing my institution. If you can handle the support overhead I would require the PIN or physical key in addition to the transparent TPM key for added protection.

Re: What happens if he boots with a linux live CD/USB? Can he decrypt the drive? The key is stored in the TPM. Does linux have access to the TPM?

No. This is not a viable attack, these links explain in a nutshell how TPM works:
http://windows.microsoft.com/en-US/windows-vista/BitLocker-Drive-Encrypt
ion-Overview
http://geekswithblogs.net/sdorman/archive/2006/07/04/84045.aspx

There are a number of viable attacks (and plenty more theoretical attacks) against all types of full drive encryption, including BitLocker, but it is not as trivial as using a Linux bootdisk.

Re: We are just not sure if the extra security worths having the users to type 2 passwords to boot a laptop.

If the attacker can gain physical access to the computer, and it uses TPM and boots straight to Windows, then they could attack the computer at the network layer and at the console, or via one of the more advanced hardware attacks (chip cooling, hibernation file excavation, etc.). Requiring a PIN at boot adds an extra layer of protection before the OS starts.

It comes down to a risk analysis of your environment and what you are trying to protect. For my laptop I use TrueCrypt (which by design requires a PIN) because it is a transient computer at risk for theft and contains information that could be leveraged in an attack against our infrastructure. Furthermore I use KeePass to encrypt all passwords, and AxCrypt for all sensitive documents, which offers a second layer of protection should the computer be compromised while it is booted.

It should be pointed out that BitLocker/TrueCrypt/EFS/etc. will do little or nothing to stop an attack inbound from the network or malicious code that has been allowed to execute on the running OS.

Best,
alex

Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller (at) sfsu (dot) edu [email concealed]

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shang Tsung
Sent: Thursday, February 17, 2011 3:07 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Bitlocker without PIN

Hello all,

We are on the process of setting up Bitlocker on our laptops for OS encryption and we are wandering if we should set up a PIN or not. If we do not, the attacker can get to Windows login screen, but this is where he will stop.

What happens if he boots with a linux live CD/USB? Can he decrypt the drive? The key is stored in the TPM. Does linux have access to the TPM?

We are just not sure if the extra security worths having the users to type 2 passwords to boot a laptop.

ST

[ reply ]
RE: Bitlocker without PIN Feb 23 2011 09:35PM
Thor (Hammer of God) (thor hammerofgod com)


 

Privacy Statement
Copyright 2010, SecurityFocus