Windows 7 Pocket Guide
Get your free Windows 7 eBook
 

WooThemes - Made by Designers

Recommended Vista Desktops

 

Recommended Vista Laptops

 


Windows for Business


Windows 7 News and Updates

 

Windows 7

 

”Tweaking

 

Sign up for our RSS Feed

| Features of Windows Vista

Bitlocker Drive Encryption

What is Bitlocker? Here's what Microsoft says:

What is BitLocker Drive Encryption?

BitLocker Drive Encryption is a new hardware-based security feature in the Microsoft Windows Vistaâ„¢ operating system that provides better data protection for your computer. It uses a Trusted Platform Module (TPM) to protect user data and to ensure that a computer running Windows Vista is not tampered with when offline, lost, or stolen. A TPM is a microchip that is typically affixed to the motherboard of a computer. It stores keys, passwords, and digital certificates. Information stored on the TPM is more secure from external software attacks and physical theft.

How does BitLocker Drive Encryption work?

Your data is protected by encrypting the entire Windows volume. BitLocker Drive Encryption removes the encryption key from the hard drive and stores it on the TPM, allowing the entire Windows partition to be encrypted, including the SYSKEY. During the boot process, the key that unlocks the encrypted partition is released from the TPM. The key is only released after operating system integrity has been established. This assures that no offline system tampering or attempts to boot another operating system have taken place.

BitLocker Drive Encryption can also be used on computers without a compatible TPM. Using BitLocker Drive Encryption in this way provides a full volume encryption, but not the added security of storing keys and passwords on a TPM. When BitLocker Drive Encryption is used on a computer without a compatible TPM, the user is required to create a startup key and provide it every time the computer is restarted to unlock the volume.

What is a TPM?

A TPM is a microchip designed to provide basic security-related functions to the software utilizing it. The TPM chip is usually installed on the motherboard of a computer, and communicates with the rest of the system using a hardware bus.

Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called "wrapping" or "binding" a key, helps protect the key from disclosure. On TPMs, the master "wrapping" key is called the Storage Root Key (SRK), and this key is stored within the TPM itself. This ensures that the private portion of the key is never exposed.

Computers that incorporate a TPM also have the ability to create a key that has not only been wrapped, but also tied to certain platform measurements so that the key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called "sealing" the key to the TPM. Decrypting the key is called "unsealing."

Computers with a TPM are resistant to attack in the same way that all hardware components are more resistant to attack than software. This is especially true in the realm of cryptographic key management. Private portions of key pairs are kept segregated from the memory that is controlled by the operating system. Keys can be sealed to the TPM, so certain assurances about the state of a system (its trustworthiness) can be made before the keys are unsealed and released for use. Also, since the TPM uses its own internal firmware and logical circuits for processing instructions, it does not rely upon the operating system and is not subject to external software vulnerabilities.

Bitlocker is located in the control panel..

 .

 

This new interface basically shows you that by default Bitlocker is off and you have the option to turn it on for some or all drives on your PC. We will bring you more on Bitlocker as we hear more about it...