Bitlocker opinions wanted
I am looking for perhaps 5 opinions from different experts regarding security of bitlocker in win 10.
How would you rate the security of a portable drive with a password of 25 places?
1. Extremely difficult to break
2. Reasonably difficult to break
3. Just so-so for difficulty
4. Rather easy to hack into
5. Worthless for most applications
The data I wish to protect is not vital data, but data that I simply want to keep away from prying eyes in case someone is too curious.
My goal is to write data one time to dvd media and in order to view the data be required to enter the long password. One person suggested that bitlocker, for some reason, will not work on dvd or cd media.
I have also been advised to investigate "BitLocker to go". I have no idea what that is or how to find it.
How would you rate the security of a portable drive with a password of 25 places?
1. Extremely difficult to break
2. Reasonably difficult to break
3. Just so-so for difficulty
4. Rather easy to hack into
5. Worthless for most applications
The data I wish to protect is not vital data, but data that I simply want to keep away from prying eyes in case someone is too curious.
My goal is to write data one time to dvd media and in order to view the data be required to enter the long password. One person suggested that bitlocker, for some reason, will not work on dvd or cd media.
I have also been advised to investigate "BitLocker to go". I have no idea what that is or how to find it.
John
A password with at least 10 characters totals with a couple of special characters (like $), upper and lower case, and a couple of numbers will prove extremely difficult to break. This is true for nearly any system, not just bitlocker.
Bitlocker with TPM-Only protection is vulnerable to Cold Boot, Firewire and BIOS Keyboard Buffer attacks.
In other words, it relies on physical security. Since you are mentioning 25 character password I think you mean non-TPM thus the above does not apply
I would say 1, but it is not uncrackable. I will still enforce 256 AES encryption just for kicks
In other words, it relies on physical security. Since you are mentioning 25 character password I think you mean non-TPM thus the above does not apply
I would say 1, but it is not uncrackable. I will still enforce 256 AES encryption just for kicks
ASKER
Hi John,
Is the following statement true?
If I have a bitlocker protected hard drive that there is NO WAY that anybody is going to access the data without the password?
Naturally knowing the password would be the easiest method to access it, but are there OTHER ways a person can steal the data without the password?
If there is no other way then I naturally can come up with a very long password with many special characters.
Is the following statement true?
If I have a bitlocker protected hard drive that there is NO WAY that anybody is going to access the data without the password?
Naturally knowing the password would be the easiest method to access it, but are there OTHER ways a person can steal the data without the password?
If there is no other way then I naturally can come up with a very long password with many special characters.
I use a Hard Drive password, but if that is not available, then the protected data is still safe. Use a strong Windows password as well.
For your comparison:
I have a ThinkPad X1 with OPAL2 drive (already encrypted, BIOS password, SSD password and strong Windows password). Nobody gets into my machine and the drive is useless without me.
For your comparison:
I have a ThinkPad X1 with OPAL2 drive (already encrypted, BIOS password, SSD password and strong Windows password). Nobody gets into my machine and the drive is useless without me.
ASKER
Shaun, I do not know what TPM is. I am very new to any type of security measures. If AES is something easy to implement then I would utilize it. The data I wish to protect is only something that the "honest thief" would want to see. What I am protecting would never be of such interest that anyone would pay to have it hacked into. It would not be a disaster if it were hacked into, just very inconvenient.
TPM Is a security chip enabled in BIOS. You need to look in BIOS to determine if you have TPM. If you do, it is likely enabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do I understand correctly that if ANY of the computers that I need to access the data with has TPM that all computers needing access also need to have TPM?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do I understand correctly that if ANY of the computers that I need to access the data with has TPM that all computers needing access also need to have TPM?No. If you copy data to USB or send mail etc. the files are not encrypted
ASKER
EXPERTS = THE BEST!
Thank you and I was happy to help. Best wishes for a happy New Year