Windows 8 and 8.1 Forums


SSD hardware encryption, but no UEFI, TPM or HDD password?

  1. #11


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by KYHI View Post
    bitlocker uses a 48 digit key - you forget that key - you have a brick of data..
    As I explained in a recent thread to you, no.

    In Windows 8, you can create a password for the system drive. Windows 7 does not support passwords for system drives, so you will have to use a USB key. In both OSes, you create passwords for secondary drives. The 48-digit thing is the recovery key, sort of a last ditch password in case you lose all the other ways you can unlock a drive.

      My System SpecsSystem Spec

  2. #12


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by KYHI View Post
    keep your more sensitive files on a secondary HD and encrypt that drive - or external drive and folders
    Not using FDE on all drives exposes you to data leakage. If the system drive isn't encrypted, pagefiles and hibernation files contain unencrypted data, perhaps pieces of your encrypted files that you were using. The temp folder is also a risk. In general, when you have a mix of encrypted and unencrypted drives, you have to be very careful where you save and copy things. It's far more secure to go all-in and encrypt all drives.
      My System SpecsSystem Spec

  3. #13


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by plainfaceboy View Post
    Bitlocker is probably as good as any software encryption - so I've just got to decide if I want to take the performance hit - which may or may not be practically noticeable. I've also not found anything on whether s/w encryption affects drive lifespan.
    I can't imagine how encryption could affect lifespan.

    As drive will be in desktop and not going anywhere, I'm currently in two minds.....
    You say I could use bitlocker with a preboot password or USB key - is that the usual BIOS (supervisor?) password, or another one? That doesn't sound too painful.
    Are there any practical pros/cons betwen the two that aren't obvious?
    "auto-unlock on secondary drives" - is that part of bitlocker set up etc??
    It has nothing to do with the BIOS, and I don't know anything about using the BIOS with disk encryption. If you have specified a BitLocker password for the system drive, and your USB key isn't inserted, Windows 8 puts up a pre-boot password entry screen after the BIOS has finished initializing and launched the OS. You enter your password there, and booting into Windows continues as normal. The screen appears on cold boots and resuming from hibernation, but NOT resuming from sleep. The latter is very convenient for my desktop systems but a security concern when you can't physically secure the computer. You can choose Auto-unlock when you unlock a secondary drive and in the BitLocker control panel applet.
      My System SpecsSystem Spec

  4. #14


    Posts : 2,690
    Windows 3.1 > Windows 10


    As I explained in a recent thread to you, no.
    Since this is the only thread - forget the key and your hard drive is a brick...

    Please explain what you think you are talking about. I'm fascinated. PlainBoyFace asked an interesting question. You didn't read it.
    it's not like he is walking around with a desktop PC..
    So what is the purpose of bitlocker (security) Hiding porn from the wife and kids? Are they good hackers that read memory files

    Motherboards - M4A785TD-V EVO - ASUS
    Basically, is there anyway I could get hardware encryption working with a fresh install of Win 8.1
    Thanks
    Yes a bios password protected hard drive.. Forget the password and your hard drive is a brick..

    I'm out..
    Enjoy!!

    Bitlocker comes with windows 8 pro
    A windows password will protect your file (somewhat) from prying eyes.. Unless the drive is removed..
      My System SpecsSystem Spec

  5. #15


    I started down this route because I thought enabling *hardware* encryption would be dead easy, and therefore a no-brainer......better than nothing.

    Agree that as it's a desktop it won't be going anywhere, so I'm not desperate to encrypt. Therefore, overall I'm not keen on s/w encryption or on encrypting 'everything', mainly due to performance issues, especially on HDDs...
    I don't have hibernate or sleep enabled, and was planning on keeping all temp/pagefiles/folders etc off the SSD.....so maybe an option is to put all those temp files etc, with personal files etc on a separate HDD and just encrypt that whole drive...
    I assume if using bitlocker, I could do that 'later' ie at any stage and it would just add a 2ry drive passwrod etc?
    Thanks everyone - very uesful stuff!
      My System SpecsSystem Spec

  6. #16


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by KYHI View Post
    As I explained in a recent thread to you, no.

    In Windows 8, you can create a password for the system drive. Windows 7 does not support passwords for system drives, so you will have to use a USB key. In both OSes, you create passwords for secondary drives. The 48-digit thing is the recovery key, sort of a last ditch password in case you lose all the other ways you can unlock a drive.
    Since this is the only thread - forget the key and your hard drive is a brick...
    Sigh. That's twice I've explained it to you, and you still don't seem to get it, nor do you even remember the other thread from a couple days ago:

    https://www.eightforums.com/tablet-to...tml#post470864

    As for losing all means (not just the 48-digit recovery key, no matter how many times you repeat it) to unlock a piece of encrypted data turning that data into a brick: That's sort of the whole point of encryption, yet you keep repeating it as if it were some profound observation.

    I'm out..
    That can only improve the S/N ratio in future threads about BitLocker, so for that initiative.
      My System SpecsSystem Spec

  7. #17


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by plainfaceboy View Post
    Agree that as it's a desktop it won't be going anywhere, so I'm not desperate to encrypt. Therefore, overall I'm not keen on s/w encryption or on encrypting 'everything', mainly due to performance issues, especially on HDDs...
    The performance issues are negligible. And you don't know your desktop isn't going anywhere. It could be stolen. Your hard drive could die, and you might not be able to erase it. Knowing that it was encrypted will give you peace of mind before RMAing it. Myself, I like knowing all my drives are encrypted, so I never worry about copying things between drives. I also don't worry about backup drives I store off-site being lost or stolen.

    I don't have hibernate or sleep enabled, and was planning on keeping all temp/pagefiles/folders etc off the SSD.....so maybe an option is to put all those temp files etc, with personal files etc on a separate HDD and just encrypt that whole drive...
    I assume if using bitlocker, I could do that 'later' ie at any stage and it would just add a 2ry drive passwrod etc?
    Thanks everyone - very uesful stuff!
    Moving things like pagefile and temp folder off the SSD is very outdated advice. Move folders like Downloads, Music, etc if necessary to save space on a small SSD, but otherwise, use the damn thing! As for not using FDE for all drives, all I can say is read what I wrote about data leakage again.
      My System SpecsSystem Spec

  8. #18


    Quote Originally Posted by crawfish View Post
    . And you don't know your desktop isn't going anywhere.
    True enough, which is why I *am* considering this!

    Quote Originally Posted by crawfish View Post
    .Moving things like pagefile and temp folder off the SSD is very outdated advice. Move folders like Downloads, Music, etc if necessary to save space on a small SSD, but otherwise, use the damn thing! As for not using FDE for all drives, all I can say is read what I wrote about data leakage again.
    I thought I could see some logic in moving pagefile/temp files off the SSD, to minimise writes etc - so if this is outdated, why is that? Are SSDs now so reliable we don't need to worry about it any more?

    This is possibly straying into a different question, but if I do encrypt any data disks (ie not system disk), I'm backing that up to a NAS box which I currently also access from a linux box and other laptops. Would they then not be able to read/access any encrypted data?
      My System SpecsSystem Spec

  9. #19


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by plainfaceboy View Post
    I thought I could see some logic in moving pagefile/temp files off the SSD, to minimise writes etc - so if this is outdated, why is that? Are SSDs now so reliable we don't need to worry about it any more?
    Google /SSD endurance/ and read some articles by people who've been torture testing SSDs to determine how many writes they can really take.

    This is possibly straying into a different question, but if I do encrypt any data disks (ie not system disk), I'm backing that up to a NAS box which I currently also access from a linux box and other laptops. Would they then not be able to read/access any encrypted data?
    BitLocker is proprietary to Microsoft and not supported by all Windows SKUs. This lack of portability was one of the disadvantages compared to TrueCrypt I listed in the message I linked to in my first post in this thread. If the host computer has unlocked a BitLocker drive, other computers will be able to access it like any other network drive. If you're storing your backups on an unencrypted drive, you'll need to enable encryption in your backup program, and it needs to be as secure as BitLocker, or what's the point? It's much easier if you are able to BitLocker everything, which I also do for my gaming machine/file server, which is the networked backup target for system images I make with Image for Windows. I don't have IFW encrypt, because the target machine will encrypt it.
      My System SpecsSystem Spec

  10. #20


    Posts : 2,690
    Windows 3.1 > Windows 10


    He could,
    one could Admin password the bios - to pervert changes to bios setting..
    one could user password the bios and lock the HD
    one could password windows
    one could encrypt the disk.

    And if it walks away - the whole thing is a paperweight..

    I know what bitlocker is - I removed it.. You can find out more about me by doing a google search, then you can on my PC..
    Your whole life is in the cloud, and with a MS account, facebook or any App that tracks you or that you have allowed to run or your PC..
    Leaves you more open A** then a stolen PC.. In fact the thief would care less about the info.. They want the cash... And at least you know a few people may have access to your PC, but the way things are with cloud based storage, apps, and whatever else you choose to allow to run on your PC

    You have no clue who has what data - you have no clue what it is they have - you have no clue where it is - nor do you know that a billion people are not reading it right now..

    Nothing is private or safe anymore.. Welcome to the real would..
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
SSD hardware encryption, but no UEFI, TPM or HDD password?
Related Threads
I need to change some setting in my UEFI/BIOS but it is stuck in ready only mode. All options are blanked out except for "exit". How can I get it to let me edit the settings again?
Hello to the forum. Thanks for the welcome. And thanks for pointing me in this subforum. I have a notebook toshiba satellite L850-1HU with UEFI Default is win 8 os, recently upgraded to 8.1. Now I need to win 7. I have a professional license N sp1 x64 and then supports UEFI
Hello, i have HP Pavilion g6 1360su with Insyde H2O F.6A. I have downloaded and installed the HP UEFI Support Environment from here: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-119351-1&cc=bg&dlc=bg&lc=en...=. Is my PC compatible with Windows 8 UEFI? :think:
Dear Friends, Long time reader of this forum but a first time poster, so please forgive me if this question has already been asked and answered. Laptop: ASUS UX31A-DB71, latest BIOS: 218 Originally my laptop came with Windows 7 and when i looked at disk management my disks were formatted...
Windows 8 Encryption in System Security
I have become increasingly leery of games and the malware…I mean DRM/anti-cheating applications they like to install. I have read that software such as GameGuard installs itself like a rootkit and is essentially a keylogger on your machine. This may or may not be true, but I still do not trust...
Hi everyone Some people might like to test the possibilities of UEFI systems even though their current machines aren't equipped with it. It IS possible to do this in a Virtual machine even if the HOST system is a non UEFI machine. Edit Manually the VM configuration for the VM you want to...
Good morning/afternoon/evening gentleman, wherever you are around the globe. Today, after startup, Windows suggested to me, that I should export my encryption case to some external storage, just in case some bad things happen. I was surprised, as I haven't enabled any encryption on my laptop....
Eight Forums Android App Eight Forums IOS App Follow us on Facebook