Solved

BitLocker - Purpose of creating Password and Recovery Key

Posted on 2013-11-19
10
764 Views
Last Modified: 2013-11-20
Hi,
 
 What is the purpose of creating both password and Recovery key during encryption process?
 After writing down the password and encrypting my USB flash drive, I took it off the computer and plugged the flash drive into another computer.
 It only asked for the password to access the contents of the flash drive, not both password and Recovery key,

 When I took the encrypted hard drive (that has OS) out of the computer and attached it to another PC, it asked for the recovery key and I entered it manually. Then the computer started loading OS on the hard drive(encrypted in another computer).

 Can someone explain why in one case it prompts for the password and another case it prompts for recovery key?
0
Comment
Question by:sglee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 3

Accepted Solution

by:
uniqueinfotech earned 200 total points
ID: 39661327
Bit locker uses the TPM chip on your computer to store the decryption key and they protect that with a password. In the event that you go to a new computer that doesn't store the keys in the TPM it will require the full keys to unlock and decrypt the contents
0
 

Author Comment

by:sglee
ID: 39661338
so the reason this computer only asked for the password (when I plugged encrypted flash drive) was because it has TPM installed? (In fact it has TPM.  I entered tpm.msc and it came up).
So if this computer did not have TPM installed, would it have prompted me to enter Recovery key?
0
 

Author Comment

by:sglee
ID: 39661375
I plugged this flash drive to three separate PCs with XP OS. They all displayed a popup window saying "Do you want to format the drive?".
So I bring it back to my Windows 7 PC (not the original PC where I encrypted the flash drive) and it asked for the password. When I clicked the link "I forgot the password", it asked for Recovery key.

Why XP PCs (they don't have TPM) reacts differently than my Win7 PC?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39661543
Because xp does not have bitlocker, nor bl-reader.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39661663
More info: bitlocker will request the recovery password for different reasons, mainly if it discovers that the drive is not at the pc it originally belonged to. See it this way: if I were to attack your drive in order to steal data, I might find the drive is encrypted. What now? I could hook the drive to my computer and try cracking tools from there - that is security relevant, so bitlocker reacts and enforces the use of the (compared to a normal password) stronger recovery key. If I were a mean attacker, I would exchange your computer for another model looking just the same, same mainboard, but modified at BIOS level (for example vnc server turned on at BIOS level - yes, that's possible with some boards!), I would be able to spy on you. Bitlocker would discover changes to the BIOS, too and ask for the recovery key just to make you aware "something odd is going on".

about the Bitlocker reader: you can download it for xp, see http://blogs.technet.com/b/keithcombs/archive/2009/11/17/bitlocker-to-go-reader-now-available-for-download.aspx
Win7 already features a built-in reader.
0
 
LVL 3

Assisted Solution

by:uniqueinfotech
uniqueinfotech earned 200 total points
ID: 39661736
The TPM functions among other things as a secure store for encryption keys. It allows software to securely store such information in a manner that prevents other software from accessing this information under any circumstances, ie, you can put information in but you can't ask it for the information back.

Bitlocker uses this technology to store the encryption keys. However since the TPM chip is a hardware device that is unique to each computer when you move to a new device you'll have to essentially teach the TPM chip of that computer the same information that you told the TPM chip of the first computer. Which is why your required to enter the longer version of the password aka recovery key.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 39662658
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39662925
@RichRumble
>...Which is why your required to enter the longer version of the password aka recovery key.
No. Even without a TPM present/in use the behavior is the same.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39662987
I didn't say that :p
-rich
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39663015
:p Sorry :)
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
A look at what happened in the Verizon cloud breach.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question