Does bitlocker work without a TPM module or USB Flash Drive?

Discussion in 'Windows Vista Security' started by piclistguy, Feb 17, 2008.

  1. piclistguy

    piclistguy Guest

    I am about to purchase a Dell M1330, which doesnt offer a TPM module.
    I also don't want to deal with plugging in a USB Flash drive every
    time I boot up (which could get stolen with a laptop).
    I have the following questions regarding Bitlocker

    #1 Can I still use the Bitlocker feature of Windows Vista with a TPM
    module or USB flash drive?
    #2 Are there any articles that document how secure Bitlocker is in
    keeping your data safe if your laptop is stolen?
    #3 If for some reason that operating system gets corrupt, is there a
    way to extract my data off of the hard drive if I have the encryption
    keys?

    Thanks
     
    piclistguy, Feb 17, 2008
    #1
    1. Advertisements

  2. piclistguy

    benedito78 Guest

    If you have no TPM you must use a USB key, the method of using the USB key
    only does not appear on the bitlocker control panel but it can be done. I
    haven't tried using bitlocker with a machine with no TPM yet so someone else
    may be better suited to answer with the procedure.

    http://technet2.microsoft.com/Windo...ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

    There is a link to details about bitlocker, bitlocker uses AES128 or AES256
    if you do the registry hack, AES has been around long enough that it is
    trusted as a good encryption method. Microsoft added an "elephant diffuser"
    with the idea that it would help combat a brute force attack. Bitlocker is
    well documented and Microsoft has no trouble explaining how it works and
    what pitfalls there may be so I for one trust it.

    If you don't want to use the USB key and don't have a TPM, you could go to
    www.truecrypt.org and try their encryption program, it is also well
    documented and has been around awhile.

    With either bitlocker or truecrypt, I'd say "lotsa luck" to anybody who got
    ahold of your encrypted data, except maybe the NSA...

    -Lou
     
    benedito78, Feb 17, 2008
    #2
    1. Advertisements

  3. piclistguy

    Gary Mount Guest

    You can use BitLocker on a computer without a TPM module and without needing
    to plug in a USB Flash drive.
    You will have to enter a series of numbers whenever you boot up your
    computer or come out of hibernation.
    For example a set of numbers like the following
    218207-465773-304260-135740-029018-277519-329681-038918
    will be required.
    You will be best to have a backup solution rather than hoping you can
    recover your data from a corrupted hardrive/system.
    After all, if your hard drive crashed, you would have a difficult time
    getting the data off anyway.
     
    Gary Mount, Feb 17, 2008
    #3
  4. How about trying TrueCrypt? :)

    --
    @[email protected] Might, Courage, Vision, SINCERITY.
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Xubuntu 7.04) Linux 2.6.24.2
    ^ ^ 17:10:02 up 5 days 7:10 0 users load average: 0.02 0.02 0.00
    ? ? (CSSA):
    http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
     
    Man-wai Chang ToDie, Feb 17, 2008
    #4
  5. piclistguy

    Kevin Young Guest

    1. If you have an SD Card slot you can use an SD Card rather than a USB
    Flash Drive with Bitlocker. When using a USB Drive or SD Drive you can
    pull the SD Card or USB drive out of the computer as soon as Bitlocker
    finds it at boot-up. In fact Bitlocker will prompt you to remove the
    UZB Drive or SD Card but will continue to boot if you leave it in.

    2. There's a white paper here that you can download on BitLocker:
    <http://whitepapers.silicon.com/0,39024759,60304355p-39000366q,00.htm>

    3. Get Acronis True Image Home and make an image of your drive for
    back-up purposes. The back-up will not be encrypted with Bitlocker so
    store your back-up device in a safe place. Acronis combined with a USB
    Hard Drive makes back-ups easy and quick.
     
    Kevin Young, Feb 18, 2008
    #5
  6. piclistguy

    glr Guest

    I love the idea to store the Bitlocker key on a SD card. My Dell XPS M1530 has Vista Ultimate and, accordingly Bitlocker. Bitlocker unfortunately does not recognize the SD card during setup

    Any tips

    Greg


    Post Originated from http://www.VistaForums.com Vista Support Forums
     
    glr, Dec 31, 2008
    #6
  7. piclistguy

    Thomas Allen Guest

    Well it has to be detected in bios as a usb device. IT is impossible to use
    bitlocker without a usb drive or TPM module, as it needs something to get the
    key to unlock the hard drive. Otherwise your hard drive could just get hacked
    because it has the key on it.
    Basically, if someone gets your hard drive it is all scrambled unless they
    find the key.
     
    Thomas Allen, Jan 5, 2009
    #7
  8. piclistguy

    Alun Jones Guest

    This is basically my argument against using USB + TPM.

    The USB stick is likely either to be plugged in to the laptop (hey, who's
    going to 'waste' a USB stick by storing a few dozen bytes on it, when they
    could also use it for storing files that they want to carry around), or in
    the laptop bag (in which case, the laptop is probably in there, so the thief
    has it as well).

    If you have the keying material, you can boot up the laptop, and then attack
    it through traditional means (network, Firewire, etc).

    I'd like to see USB + PIN supported, and I'd like to see people thinking
    about PIN + TPM as the right solution.

    Alun.
    ~~~~
     
    Alun Jones, Jan 6, 2009
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.