Windows 8 and 8.1 Forums


Explaining Bitlocker and TPM

  1. #1


    Posts : 106
    Windows 8 Pro

    Explaining Bitlocker and TPM


    I do not understand TPM storing encyrption key on motherboard.

    What exactly does that protect against? Someone taking your hard drive and trying to mount it in a different computer?

    Not very likely. The more likely scenario is they take your whole computer.

    What am I missing?

      My System SpecsSystem Spec

  2. #2


    Posts : 454
    Windows 8.1 Pro with Media Center


    It protects against the evil maid attack, but once you give up physical security day to day while you continue to use your computer, all bets are off. I'd recommend forgetting about Bitlocker and just using Truecrypt, which I discussed a little in your other thread.
      My System SpecsSystem Spec

  3. #3


    Posts : 106
    Windows 8 Pro


    Thanks Crawfish.
      My System SpecsSystem Spec

  4. #4


    Posts : 106
    Windows 8 Pro


    Quote Originally Posted by crawfish View Post
    It protects against the evil maid attack, but once you give up physical security day to day while you continue to use your computer, all bets are off. I'd recommend forgetting about Bitlocker and just using Truecrypt, which I discussed a little in your other thread.

    Crawfish--you seem to know a lot about Truecrypt. Do you think it would be safe to encrypt a 3 TB external (eSATA/USB2) drive in place? Or should I install it inside the computer to minimize the potential for errors?
      My System SpecsSystem Spec

  5. #5


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by Cly View Post
    Crawfish--you seem to know a lot about Truecrypt. Do you think it would be safe to encrypt a 3 TB external (eSATA/USB2) drive in place? Or should I install it inside the computer to minimize the potential for errors?
    I've Truecrypted several drives up to 2 TB in size in USB enclosures and eSATA docks. I've had no problems at all. OTOH, I've had a SATA motherboard port go bad on me. So I don't personally consider internal vs. external as more or less reliable than the other. That said, validate everything until you're satisfied it's reliable by doing binary file comparisons. I do this after putting a new drive in service and copying a lot of data to it, and also periodically for my backup drives. I've never found an error in several TBs of these comparisons between my internal drives and USB enclosures and drives standing up in my eSATA dock; the eSATA dock is the main thing I use these days, because it's so convenient and fast.
      My System SpecsSystem Spec

  6. #6


    Posts : 106
    Windows 8 Pro


    What do you use for comparing data between two drives? I've used Syncback.
      My System SpecsSystem Spec

  7. #7


    Posts : 454
    Windows 8.1 Pro with Media Center


    I use Syncback SE for all my mass file copying and backups. To validate, I turn on a profile's file-by-file binary comparison option and run the profile a second time, checking the logs afterwards. I've also used WinMerge in binary mode, but it's prone to crashing with large files and probably slower.
      My System SpecsSystem Spec

  8. #8


    Posts : 1
    Windows 8 x64


    Quote Originally Posted by Cly View Post
    I do not understand TPM storing encyrption key on motherboard.

    What exactly does that protect against? Someone taking your hard drive and trying to mount it in a different computer?

    Not very likely. The more likely scenario is they take your whole computer.

    What am I missing?
    Windows and third-party apps like TrueCrypt are good at encrypting content, but there is one weak link in the chain, and that is your password. If you had a weak password and no TPM or smart card, a brute-force attack would be able to easily crack open your EFS or BitLocker or similar protection.

    A TPM chip, like a smart card, adds a hardware layer that amplifies that weak link, making it strong. What goes in may be a short password, but what comes out may be a longer 4096-bit key. Also, brute-force attacks become nearly impossible, because after a certain number of attempts the hardware will take some action (like introducing delays, locking until unlocked with a different "master key", or similar).

    So, you are not only better protected if the hard disk is stolen, but also if the entire computer is stolen, because the brute force attack scenario is minimized.
    Last edited by MikeL; 26 Jul 2013 at 22:29.
      My System SpecsSystem Spec

Explaining Bitlocker and TPM
Related Threads
Please, anyone know how to fix it. I would appreciate your help! 52675
I turned on Bitlocker on three new Windows 8.1 laptops and saved the 48-digit recovery keys and associated identifiers, but I forgot to indicate which laptops they are associated with. Is there any way to find the identifiers/recovery keys on my laptops so I can document this? Or do I have to...
bitlocker HELP in System Security
i had 2 partitions of my 1TB External HDD encrypted with bitlocker, took backup of my laptop on it (including recovery keys backup files). formated my laptop reinstalled windows and now password works fine on one of the external HDD partition but on the other partition it is not accepting it and...
26376 https://twitter.com/kataoka_k/status/367478342573768704 Explaining Microsoft Windows' Evolution Is Simple
Bitlocker in System Security
Hey! I activated Bitlocker for my Operating system drive on a Windows 8 machine. But when starting the process I only can back up the recovery key. I have no dialog to choose how to unlock the drive. Thus even though Bitlocker is running, the PC can be turned and windows can be accessed by common...
Solved Bitlocker issue in System Security
Hi, I have a Win8 Pro laptop with a single SSD. I just encrypted the entire drive using Bitlocker. The process prompted me to save the recovery key, which I did to an external drive. The encryption was successful but nowhere during the process was I prompted to choose a password. So I have the...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook