Bitlocker Security Questions

Win711 · Jan 26, 2025

Coincidence? The flow was so continuous that I didn't know a year had gone by until barreleye mentioned resurrecting the thread lol

Win711 · Jan 26, 2025

TraderGary said:
In my research neither AES 128-bit encryption nor AES 256-bit encryption used by BitLocker has ever been hacked. Does anyone have evidence to the contrary?

You have it the wrong way around. The right question is does anyone have evidence that it cannot be hacked. Your assumption always must be that it can unless proven that it cannot.

Hitler thought enigma was uncrackable, and the joke was that it would have been faster for German commanders to ring Bletchley to get their orders.

hdmi · Jan 26, 2025

Win711 said:
You have it the wrong way around. The right question is does anyone have evidence that it cannot be hacked. Your assumption always must be that it can unless proven that it cannot.

Hitler thought enigma was uncrackable, and the joke was that it would have been faster for German commanders to ring Bletchley to get their orders.

This. And you don't necessarily have to crack the encryption algorithm itself to still be able to decrypt. Microsoft kept insinuating that stealing the keys was so difficult in fact, you had to be a bit paranoid to be worried. Until someone proved that stealing them was close to effortless in a lot of cases. Next, Microsoft kept propelling the false belief that persists among average users, that an attacker who has the ability to swap the motherboard + SSD without easily being detected cannot easily manufacture a fake BitLocker screen to covertly transmit the valid PIN i.e. after letting the unsuspecting user enter the PIN. I have said it before, and will keep saying it.. just because you're paranoid, doesn't mean they're not after you.

Win711 · Jan 26, 2025

hdmi said:
And you don't necessarily have to crack the encryption algorithm itself to still be able to decrypt.

Exactly. Engima probably still is uncrackable even today with supercomputers if using brute force and trying every combination, but by intelligently eliminating a lot of possibilities the combinations can be reduced to a manageable size. I'm not a cryptologist, but it seems that theory could be applied to any puzzle.

Russia's one-time pad couldn't be cracked either, until someone used the one-time pad twice, and then someone noticed. One-time pad - Wikipedia

Locks just keep honest people out.

hdmi said:
just because you're paranoid, doesn't mean they're not after you.

Just because the water is calm doesn't mean there are no crocodiles

hdmi · Jan 26, 2025

Win711 said:
Exactly. Engima probably still is uncrackable even today with supercomputers if using brute force and trying every combination, but by intelligently eliminating a lot of possibilities the combinations can be reduced to a manageable size. I'm not a cryptologist, but it seems that theory could be applied to any puzzle.

Russia's one-time pad couldn't be cracked either, until someone used the one-time pad twice, and then someone noticed. One-time pad - Wikipedia

Locks just keep honest people out.

Just because the water is calm doesn't mean there are no crocodiles

Another excellent example was the Sky ECC app.

Win711 · Jan 26, 2025

hdmi said:
Another excellent example was the Sky ECC app.

I don't know of any communications that hasn't be compromised by a government, except talking in person by white noise and covering your lips.

Bitlocker will stop friends and family but it's not stopping a government or pro criminal. I wouldn't trust $1 million in bitcoin to bitlocker, for sure.

TraderGary · Jan 26, 2025

All I was asking for was proof that AES 256-bit encryption has ever been hacked. I understand that theoretically it can be hacked but never has been as it would take computer power we don't currently have. Until then, I'm confident using AES 256-bit encryption in my password manager and in BitLocker.

kelper · Jan 26, 2025

I'm certain defeating any modern encryption would require stealing the key. So it's not the encryption that is insecure, just the user!

Marie SWE · Jan 26, 2025

TraderGary said:
All I was asking for was proof that AES 256-bit encryption has ever been hacked. I understand that theoretically it can be hacked but never has been as it would take computer power we don't currently have. Until then, I'm confident using AES 256-bit encryption in my password manager and in BitLocker.

you almost never go after the encryption.. a door has a lock and then you pick the lock instead of digging through a ten foot concrete wall.

TraderGary · Jan 26, 2025

Marie SWE said:
you almost never go after the encryption.. a door has a lock and then you pick the lock instead of digging through a ten foot concrete wall.

And that would entail going after the unencrypted data while it's currently in use. Now you're talking about basic security of the PC itself, the weakest link.

Marie SWE · Jan 26, 2025

TraderGary said:
And that would entail going after the unencrypted data while it's currently in use. Now you're talking about basic security of the PC itself, the weakest link.

You always go after the weakest link.. why complicate things if the goal is to obtain the data.
Hackers always go after the login credentials to get access to high security setups.. You cant hack a network with an active enterprise firewall if you are on the outside.. so you go after the person that has the login credentials with social engineering to obtain the goal(key)

hdmi · Jan 26, 2025

Marie SWE said:
You always go after the weakest link.. why complicate things if the goal is to obtain the data.
Hackers always go after the login credentials to get access to high security setups.. You cant hack a network with an active enterprise firewall if you are on the outside.. so you go after the person that has the login credentials with social engineering to obtain the goal(key)

Also, the social engineering part becomes even less complicated if the unsuspecting user continues to falsely believe that the data is secure as a result of it being protected by using BitLocker with AES 256-bit encryption. In essence, the stronger the encryption algorithm, the better. For the hackers anyway...

Marie SWE · Jan 26, 2025

hdmi said:
Also, the social engineering part becomes even less complicated if the unsuspecting user continues to falsely believe that the data is secure as a result of it being protected by using BitLocker with AES 256-bit encryption. In essence, the stronger the encryption algorithm, the better. For the hackers anyway...

we have to be careful of how much we say in here do to rule6 even we only talk about theory approaches and methods how to protect yourself against it... i have already got posts deleted.

hdmi · Jan 26, 2025

Marie SWE said:
we have to be careful of how much we say in here do to rule6 even we only talk about theory approaches and methods how to protect yourself against it... i have already got posts deleted.

I am not discussing the subject of hacking someone else's computer. Rather, I am discussing the simple fact that BitLocker Drive Encryption on editions of Windows 11 that support the feature never was designed to, by itself, be adequately secure in any way, shape or form. Its purpose is for it to be used in conjunction with a whole list of additional things like Multi-Factor Authentication (MFA) or better yet: passwordless authentication, UEFI Secure Boot, TPM 2.0, Windows Trusted Boot, Windows Measured Boot, an Anti Malware remote service, Device Health Attestation (DHA), surveillance of the physical environment, chassis intrusion detection mechanisms, and whatnot.

Marie SWE · Jan 26, 2025

hdmi said:
I am not discussing the subject of hacking someone else's computer. Rather, I am discussing the simple fact that BitLocker Drive Encryption on editions of Windows 11 that support the feature never was designed to, by itself, be adequately secure in any way, shape or form. Its purpose is for it to be used in conjunction with a whole list of additional things like Multi-Factor Authentication (MFA) or better yet: passwordless authentication, UEFI Secure Boot, TPM 2.0, Windows Trusted Boot, Windows Measured Boot, an Anti Malware remote service, Device Health Attestation (DHA), surveillance of the physical environment, chassis intrusion detection mechanisms, and whatnot.

I didn't either that time

Win711 · Jan 26, 2025

Put seed phrase for bitcoin wallet on laptop with bitlocker and say "come get it". If it's uncrackable there is nothing to fear.

TraderGary · Jan 26, 2025

Win711 said:
Put seed phrase for bitcoin wallet on laptop with bitlocker and say "come get it". If it's uncrackable there is nothing to fear.

This is not the purpose of BitLocker.

BitLocker is fully unlocked while I'm using my computer or when using my portable backup SSD drives. Only when I'm not logged in to my PC and when my portable SSD drives are not connected is BitLocker activated.

If my laptop is stolen, my laptop SSD can only be unlocked with Windows Hello biometrics or the 256-bit encryption key. If my backup portable drives are stolen, they cannot be decrypted without a password or 256-bit encryption key.

What needs to be understood is that BitLocker is protection from physical data theft and nothing more.

BitLocker is only one part of my total backup and security strategy.

Win711 · Jan 26, 2025

TraderGary said:
This is not the purpose of BitLocker.

BitLocker is fully unlocked while I'm using my computer or when using my portable backup SSD drives. Only when I'm not logged in to my PC and when my portable SSD drives are not connected is BitLocker activated.

If my laptop is stolen, my laptop SSD can only be unlocked with Windows Hello biometrics or the 256-bit encryption key. If my backup portable drives are stolen, they cannot be decrypted without a password or 256-bit encryption key.

What needs to be understood is that BitLocker is protection from physical data theft and nothing more.

BitLocker is only one part of my total backup and security strategy.

Of course if laptop is running then it's even easier. I'm describing a travel situation, where you set your device down for a moment then it's gone.

So to test the security, put bitcoin on a laptop, power it down, then publicly announce there is bitcoin on the laptop. If no one can break bitlocker then you cannot lose your bitcoin and you're only out the cost of the laptop in exchange for knowing that bitlocker is indeed secure.

Marie SWE · Jan 26, 2025

TraderGary said:
This is not the purpose of BitLocker.

BitLocker is fully unlocked while I'm using my computer or when using my portable backup SSD drives. Only when I'm not logged in to my PC and when my portable SSD drives are not connected is BitLocker activated.

If my laptop is stolen, my laptop SSD can only be unlocked with Windows Hello biometrics or the 256-bit encryption key. If my backup portable drives are stolen, they cannot be decrypted without a password or 256-bit encryption key.

What needs to be understood is that BitLocker is protection from physical data theft and nothing more.

BitLocker is only one part of my total backup and security strategy.

This is the problem if they steal the computer.

Beating Bitlocker In 43 Seconds

How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you’re running Windows, the most popular s…

hackaday.com

zbook · Jan 26, 2025

In the future quantum computing may allow quick access to a encrypted drive:

Quantum Computing (60 Minutes)

www.elevenforum.com

Bitlocker Security Questions

Active member

My Computer

Active member

My Computer

Jack of all trades – master of none

My Computers

Active member

My Computer

Jack of all trades – master of none

My Computers

Active member

My Computer

Stock Market Wizard

My Computer

Well-known member

My Computers

I almost never bite.......

My Computers

Stock Market Wizard

My Computer

I almost never bite.......

My Computers

Jack of all trades – master of none

My Computers

I almost never bite.......

My Computers

Jack of all trades – master of none

My Computers

I almost never bite.......

My Computers

Active member

My Computer

Stock Market Wizard

My Computer

Active member

My Computer

I almost never bite.......

My Computers

Well-known member

My Computer

Similar threads