- Great Painters
- Accounting
- Fundamentals of Law
- Marketing
- Shorthand
- Concept Cars
- Videogames
- The World of Sports

- Blogs
- Free Software
- Google
- My Computer

- PHP Language and Applications
- Wikipedia
- Windows Vista

- Education
- Masterpieces of English Literature
- American English

- English Dictionaries
- The English Language

- Medical Emergencies
- The Theory of Memory
- The Beatles
- Dances
- Microphones
- Musical Notation
- Music Instruments
- Batteries
- Nanotechnology
- Cosmetics
- Diets
- Vegetarianism and Veganism
- Christmas Traditions
- Animals

- Fruits And Vegetables


  1. Architecture of Windows NT
  2. AutoPlay
  3. Bill Gates
  4. BitLocker Drive Encryption
  5. Calibri
  6. Cambria
  7. Candara
  8. Chess Titans
  9. ClearType
  10. Consolas
  11. Constantia
  12. Control Panel
  13. Corbel
  14. Criticism of Windows Vista
  15. Dashboard
  16. Desktop Window Manager
  17. Development of Windows Vista
  18. Digital locker
  19. Digital rights management
  20. Extensible Application Markup Language
  21. Features new to Windows Vista
  22. Graphical user interface
  23. Group Shot
  24. ImageX
  25. INI file
  26. Internet Explorer
  27. Internet Information Services
  28. Kernel Transaction Manager
  29. List of Microsoft software codenames
  30. List of Microsoft Windows components
  31. List of WPF applications
  32. Luna
  33. Mahjong Titans
  34. Meiryo
  35. Microsoft Assistance Markup Language
  36. Microsoft Expression Blend
  37. Microsoft Expression Design
  38. Microsoft Gadgets
  39. Microsoft Software Assurance
  40. Microsoft Virtual PC
  41. Microsoft Visual Studio
  42. Microsoft Windows
  43. Microsoft Windows Services for UNIX
  44. MS-DOS
  45. MSN
  46. MUI
  47. Object manager
  48. Operating system
  49. Original Equipment Manufacturer
  50. Outlook Express
  51. Peer Name Resolution Protocol
  52. Protected Video Path
  53. Purble Place
  54. ReadyBoost
  55. Recovery Console
  56. Remote Desktop Protocol
  57. Security and safety features of Windows Vista
  58. Segoe UI
  59. User Account Control
  60. WIM image format
  61. Windows Aero
  62. Windows Anytime Upgrade
  63. Windows Calendar
  64. Windows CE
  65. Windows Communication Foundation
  66. Windows Disk Defragmenter
  67. Windows DreamScene
  68. Windows DVD Maker
  69. Windows Explorer
  70. Windows Fax and Scan
  71. Windows Forms
  72. Windows Fundamentals for Legacy PCs
  73. Windows Hardware Engineering Conference
  74. Windows Live
  75. Windows Live Gallery
  76. Windows Live Mail Desktop
  77. Windows Mail
  78. Windows Media Center
  79. Windows Media Player
  80. Windows Meeting Space
  81. Windows Mobile
  82. Windows Movie Maker
  83. Windows Photo Gallery
  84. Windows Presentation Foundation
  85. Windows Registry
  86. Windows Rights Management Services
  87. Windows Security Center
  88. Windows Server Longhorn
  89. Windows Server System
  90. Windows SharePoint Services
  91. Windows Shell
  92. Windows Sidebar
  93. Windows SideShow
  94. Windows System Assessment Tool
  95. Windows System Recovery
  96. Windows Update
  97. Windows Vienna
  98. Windows Vista
  99. Windows Vista editions and pricing
  100. Windows Vista Startup Process
  101. Windows Workflow Foundation
  102. Windows XP
  103. Windows XP Media Center Edition
  104. XML Paper Specification
  105. Yahoo Widget Engine

This article is from:

All text is available under the terms of the GNU Free Documentation License: 

BitLocker Drive Encryption

From Wikipedia, the free encyclopedia


BitLocker Drive Encryption is a data protection feature integrated into Microsoft's Windows Vista operating system that provides encryption for the entire OS volume. BitLocker is included in the Enterprise and Ultimate editions of Vista.[1] By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional security.


BitLocker provides three modes of operation.[2] The first two modes require a cryptographic hardware chip called a Trusted Platform Module (version 1.2 or later) and a compatible BIOS:

  • Transparent operation mode: This mode leverages the capabilities of the TPM 1.2 hardware to provide for a transparent user experience the user logs onto Windows Vista as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement a methodology specified by the Trusted Computing Group.
  • User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported a pre-boot PIN entered by the user or a USB device inserted that contains the required startup key.

The final mode does not require a TPM chip:

  • USB Key: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-OS environment.

In order for BitLocker to operate, the hard disk requires at least two NTFS-formatted volumes: a "system volume" with a minimum size of 1.5GB, and the "boot volume" which contains Windows Vista. Note: The system volume BitLocker is installed on is not encrypted, so it should not be used to store confidential information. Unlike previous versions of Windows, Vista's diskpart command-line tool includes the ability to shrink the size of an NTFS volume so that the system volume for BitLocker can be created.

On client versions of Vista, only the operating system volume can be encrypted with BitLocker. Encrypting File System continues to be the recommended solution for real-time encryption of data on an NTFS partition. Encrypting File System support is also highly recommended in addition to BitLocker since BitLocker protection effectively ends once the OS kernel has been loaded. Both can be seen as protections against different classes of attacks.

At WinHEC 2006, Microsoft demonstrated "Longhorn" Server which contained support for BitLocker protected data volumes in addition to the operating system volume protection.

In domain environments, BitLocker supports key escrow to Active Directory, as well as a WMI interface for remote administration of the feature. An example of how to use the WMI interface is the script manage-bde.wsf (installed in Vista by default in \%Windir\System32), that can be used to setup and manage BitLocker from the command line.

According to Microsoft sources, [3] BitLocker does not contain a backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the users drives. This has been one of the main concerns among power-users since the announcement of built-in encryption in Vista.

It should be noted that contrary to the official name, BitLocker Drive Encryption is logical volume encryption. A volume may or may not be an entire drive, or can be one or more drives. Using built-in command-line tools, BitLocker can be used to encrypt more than just the boot volume, but additional volumes cannot be encrypted using the GUI. Future Windows versions (e.g. Longhorn server) are expected to support additional volume encryption using the GUI. Also, when enabled TPM/Bitlocker also ensures the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent offline physical attacks, boot sector malware, etc.

See also

  • Disk encryption
  • Full disk encryption
  • Disk encryption software
  • Features new to Windows Vista
  • List of Microsoft Windows components
  • Vista IO technologies


  1. ^ BitLocker Drive Encryption: Executive Overview. Microsoft (2006-04-05). Retrieved on 2006-07-01.
  2. ^ Windows Vista Beta 2 BitLocker Drive Encryption Step-by-Step Guide. Microsoft TechNet. Microsoft. Retrieved on 2006-04-29.
  3. ^ Back-door nonsense. System Integrity Team Blog. Microsoft. Retrieved on 2006-06-19.

External links

  • AES-CBC + Elephant diffuser   Specifications of the encryption algorithm used in BitLocker Drive Encryption
Retrieved from ""