Why did Microsoft weaken Bitlocker?

Hi experts.

With Windows 8, Microsoft made bitlocker more mainstream, by including it in the professional edition. This tells me, they understood that the need for encryption has grown and they can use it as a point of sale.

Back in the days when they invented Bitlocker, they were proud of a security component called "elephant diffuser" which made bitlocker a lot harder to break. In windows 8 however, they removed it, rendering bitlocker less secure than ever, it seems. Details emerge about reasons:
-the elephant diffuser is not FIPS compliant
-"It’s not supported by hardware acceleration, thereby impacting performance on low-powered devices.”
https://firstlook.org/theintercept/2015/06/04/microsoft-disk-encryption/ has some more details.

So I wonder, why woudn't they make the diffuser an optional component? If I don't need to be FIPS compliant and neither have to care for top speed, but long for top security, why wouldn't they leave me with the option to turn it on?
To me, this makes no sense at all.

Did anyone here hear more from Microsoft themselves?
LVL 60
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
The diffuser is "borned" due to strengthening AES-CBC to fight off attack model of the case as Microsoft research paper stated to withstand chosen plaintext and ciphertext attacks. In short, the attacker succeeds if he can modify a ciphertext such that the corresponding plaintext change has some non-random property. They advocate AES-CBC + diffuser ( or aka "Elephant Diffuser") as the way to withstand this in view of validation and performance.

As mentioned, the volte-face for the decision is really uncalled for just like MS recommends not to enable (in “Not Defined”) FIPS crypto as their past advice to disable ("Disable"), they turn the latter as advisory.
Government regulations may continue to mandate that FIPS mode be enabled on government computers running Windows. Our updated recommendations do not contradict or conflict with government guidance: we’re not telling customers to turn it off – our recommendation is that it’s each customer’s decision to make. Our updated guidance reflects our belief there is not a compelling reason for our customers that are not subject to government regulations to enable FIPS mode.

Sorry to side track, coming back...I do recommend this article and specifically to MS comments as
Microsoft says the diffuser was too slow and kept BitLocker from being activated by certain users, including government contractors and agencies that must comply with Federal Information Processing Standards, or FIPS. “[The Elephant diffuser is] not FIPS compliant, so certain companies and government clients can’t use it,” a spokesperson says. “It’s not supported by hardware acceleration, thereby impacting performance on low-powered devices.” The company did not provide answers when I asked if Microsoft has plans in the future to add another diffuser to replace the one they removed.
Removing the Elephant diffuser doesn’t entirely break BitLocker. If someone steals your laptop, they still won’t be able to unlock your disk and access your files. But they might be able to modify your encrypted disk and give it back to you in order to hack you the next time you boot up.

To be fair, disk encryption technology used in Linux, LUKS, used to be vulnerable to this same type of attack by default. This changed in early 2013 when LUKS switched from using AES in CBC mode (the same as BitLocker today) to AES in XTS mode, which prevents this attack.

They worry Microsoft will betray its users again. Microsoft says it will comply with lawful requests.
Recent EFF release on their 2015 "We have your back" fifth survey stated MS "failing" in areas of "Discloses policies on data retention" and "Discloses government content removal requests" while supporting "Follows industry-accepted best practices", "Tells users about government data demands" and "Pro-user public policy: opposes backdoors".

We can believe bitlocker is still secure and no backdoor to certain assurance that I will still turn that on as it is no worst off if we cannot even manage a secure soln centrally. Endpoint HIPS is still to be deployed too...at least in my context to create that multi-layer deterrence...
Rich RumbleSecurity SamuraiCommented:
Schneier says most of the same as btan: https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html
He also lists the intercept article. It's not about how weak it is now, it's about one threat vector being weaker in my opinion. We've all listed to other users here on EE why this and why that is good/bad about encryption... and the ultimate answer we give I think applies here, if there is a determined party after your data, they will get it.
I've not trusted BL even if Schneier has, and I certainly don't trust BestCrypt. I don't know why i trust TC, or anything after reading various Snowden revelations, I don't trust anything :) I have to go with what works for me, and TC and some hardware encryption are my go to's. I like the speed of SSD's but I don't own one. I'd like to trust BL, but EFS was so bad I could never put my data in M$'s crypto if I could avoid it. I'm no cryptographer so if the lack of an elephant diffuser doesn't bother those who are, I guess it doesn't bother me, but it only adds to my own paranoia.
btanExec ConsultantCommented:
Agree with richrumble, I also don't trust any 3rd party and even out source, I can be paranoid but I err on safe side. However, the reality is users are dependent on products and alternative since they don't come up with their own disk encryption - they have a choice and accepted that implicit risk. Will user be better with any of the disk encryption, I will only say it is better than be left "naked" without any of them. But so far, probably I will take it as protect the data and not just the disk per se since the goldmine is your data most of the time. File encryption will be the other one that user can top with other solution or their desired ones...

This sharing from Dan Rosendorf (as most has quoted), that this may seems like shortcoming but Microsoft has never claimed that BitLocker should protect data from a targeted attack, rather its use should be to protect data from an opportunistic attack. The conclusion from him is "With a properly configured BitLocker installation this protection is still intact." - This should applies to all security product and there is no 100% safeguard
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Rich RumbleSecurity SamuraiCommented:
Right. And I'm sure McKnife is on the same page as "NSA want's my data, they gonna get it", but if it's just about anyone else, 7zip, Rar, TC or even BL will certainly do, even without ED. M$ claims it's excluded because of performance impacts, probably due to gov't pressure for faster I/O (I don't buy it). I just want to be right, not using it. I've recommended it, but I felt icky doing so :)
btanExec ConsultantCommented:
It just seems to be telling those folks that wanted such features and Bitlocker to stay with non-Windows 8 and non-Windows 2012, since the those platform already deprecated this diffuser options.
The "Configure TPM validation profile" Group Policy setting is deprecated in Windows 8 and Windows Server 2012. It has been replaced with system specific policies for BIOS-based and UEFI-based computers.

The –tpm option is no longer supported by manage-bde.
The stance of crypto-acceleration hardware doesn’t support it is not warrant for such diffuser removal and likewise for FIPS 140 compliant. I believe we can only go for what we really need (not want) that make security sense since we own and use the asset. Thanks for the discussion and sharing from both.
McKnifeAuthor Commented:
The question still stands after the discussion: has anyone heard a statement why MS would not leave the option to use it.
If we would like to be FIPS compliant, so be it, we can by default. If we would like to use hardware acceleration, ok, but the option to use the diffuser should remain.
The above discussion hasn't led me anywhere. But: the Schneier link has this statement: "It's been reported elsewhere that the Elephant Diffuser has been reintroduced to Bitlocker as a selectable option in the production version of Windows 10" - now that's interesting. In my preview (no, not the current one but the 10130) it's not selectable, so update and finger crossed, let's see.
btanExec ConsultantCommented:
Those that is official from Microsoft is already shared including the GPO setting removal as shared prev in their MS official website. Other than that no other MS news or publication or spokeman than we have discussed. I doubt we can get it in public or in release via EE contribution as it may be binding to confidentiality esp if it is MS internal. But I do see as a whole for this removal may have internal mandate pushing from the NSA "side" - with release such as BL recovery key is uploaded into OneDrive which NSA PRISM has an sight over too (http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm).

Regardless, Windows 10 having that option is not firmed up and unless anyone in the WIndows insider program can see the near build- otherwise we can see it only as of available on July 29th...

Pardon for not able to real get those official info ...

(if of interest) Side note on the Recovery key upload as per Enable device encryption by default
Before Windows 8.1 automatically enables Device Encryption, the following must be true:
•The Windows device “must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems.”  (Source) Older Windows PCs won’t support this feature, while new Windows 8.1 devices you pick up will have this feature enabled by default.
•When Windows 8.1 installs cleanly and the computer is prepared, device encryption is “initialized” on the system drive and other internal drives. Windows uses a clear key at this point, which is removed later when the recovery key is successfully backed up.
•The PC’s user must log in with a Microsoft account with administrator privileges or join the PC to a domain. If a Microsoft account is used, a recovery key will be backed up to Microsoft’s servers and encryption will be enabled. If a domain account is used, a recovery key will be backed up to Active Directory Domain Services and encryption will be enabled.

If you have an older Windows computer that you’ve upgraded to Windows 8.1, it may not support Device Encryption. If you log in with a local user account, Device Encryption won’t be enabled. If you upgrade your Windows 8 device to Windows 8.1, you’ll need to enable device encryption, as it’s off by default when upgrading.
McKnifeAuthor Commented:
Hoped to find more info then what has been quoted which were links that I had seen before. If no one has more than I'll close it. By the way, I did run the latest win10 preview, (I was just seeing there's another build, but that's not a public one) and it's not back yet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeAuthor Commented:
see last comment
McKnifeAuthor Commented:
For those interested: the final win10 build 10240 is out. No return of the diffuser, unfortunately.
btanExec ConsultantCommented:
thanks for sharing - no surprises - Sigh
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.