Solved

BitLocker - Purpose of creating Password and Recovery Key

Posted on 2013-11-19
10
741 Views
Last Modified: 2013-11-20
Hi,
 
 What is the purpose of creating both password and Recovery key during encryption process?
 After writing down the password and encrypting my USB flash drive, I took it off the computer and plugged the flash drive into another computer.
 It only asked for the password to access the contents of the flash drive, not both password and Recovery key,

 When I took the encrypted hard drive (that has OS) out of the computer and attached it to another PC, it asked for the recovery key and I entered it manually. Then the computer started loading OS on the hard drive(encrypted in another computer).

 Can someone explain why in one case it prompts for the password and another case it prompts for recovery key?
0
Comment
Question by:sglee
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 3

Accepted Solution

by:
uniqueinfotech earned 200 total points
ID: 39661327
Bit locker uses the TPM chip on your computer to store the decryption key and they protect that with a password. In the event that you go to a new computer that doesn't store the keys in the TPM it will require the full keys to unlock and decrypt the contents
0
 

Author Comment

by:sglee
ID: 39661338
so the reason this computer only asked for the password (when I plugged encrypted flash drive) was because it has TPM installed? (In fact it has TPM.  I entered tpm.msc and it came up).
So if this computer did not have TPM installed, would it have prompted me to enter Recovery key?
0
 

Author Comment

by:sglee
ID: 39661375
I plugged this flash drive to three separate PCs with XP OS. They all displayed a popup window saying "Do you want to format the drive?".
So I bring it back to my Windows 7 PC (not the original PC where I encrypted the flash drive) and it asked for the password. When I clicked the link "I forgot the password", it asked for Recovery key.

Why XP PCs (they don't have TPM) reacts differently than my Win7 PC?
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39661543
Because xp does not have bitlocker, nor bl-reader.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39661663
More info: bitlocker will request the recovery password for different reasons, mainly if it discovers that the drive is not at the pc it originally belonged to. See it this way: if I were to attack your drive in order to steal data, I might find the drive is encrypted. What now? I could hook the drive to my computer and try cracking tools from there - that is security relevant, so bitlocker reacts and enforces the use of the (compared to a normal password) stronger recovery key. If I were a mean attacker, I would exchange your computer for another model looking just the same, same mainboard, but modified at BIOS level (for example vnc server turned on at BIOS level - yes, that's possible with some boards!), I would be able to spy on you. Bitlocker would discover changes to the BIOS, too and ask for the recovery key just to make you aware "something odd is going on".

about the Bitlocker reader: you can download it for xp, see http://blogs.technet.com/b/keithcombs/archive/2009/11/17/bitlocker-to-go-reader-now-available-for-download.aspx
Win7 already features a built-in reader.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 3

Assisted Solution

by:uniqueinfotech
uniqueinfotech earned 200 total points
ID: 39661736
The TPM functions among other things as a secure store for encryption keys. It allows software to securely store such information in a manner that prevents other software from accessing this information under any circumstances, ie, you can put information in but you can't ask it for the information back.

Bitlocker uses this technology to store the encryption keys. However since the TPM chip is a hardware device that is unique to each computer when you move to a new device you'll have to essentially teach the TPM chip of that computer the same information that you told the TPM chip of the first computer. Which is why your required to enter the longer version of the password aka recovery key.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 39662658
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39662925
@RichRumble
>...Which is why your required to enter the longer version of the password aka recovery key.
No. Even without a TPM present/in use the behavior is the same.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39662987
I didn't say that :p
-rich
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39663015
:p Sorry :)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now