"I asked Microsoft if the company would be able to comply with unlocking a BitLocker disk, given a legitimate legal request to do so. The spokesperson told me they could not answer that question." - https://firstlook.org/theintercept/2015/06/04/microsoft-disk...
It doesn't mean anything because it's a standard move to reduce legal risk. No comment is almost always the safest answer. This applies to individuals too:
Personally I don't believe there's a backdoor in the technology but think they can (and probably will) comply if you have a backup key stored in the cloud, which Windows 8 consumer versions do by default (https://onedrive.live.com/recoverykey). That would explain the evasive answer.
There were earlier stories from a developer building Bitlocker indicating the FBI did want a backdoor at the time but ultimately settled for this.
You can avoid sending the backup key to the cloud, but I'd advise to keep a backup of this key somewehere: I have had to use a backup key on several occasions after a bad reboot.
Bitlocker (well, "Device Encryption") does upload your harddisk keys to OneDrive by default, and OneDrive is onboarded to PRISM for government request.
So in the case that you end up provisioning a computer or device with Bitlocker, the key may very well end up in a database for query.
Outside of this it's not really so speculative to think that Bitlocker has backdoors for gov't access. It's unlikely that Microsoft Bitlocker survived the combined forces of state-of-the-art cryptanalysis, legal compulsion, and company infiltration (exposed by Snowden).
A backdoor for disk encryption need not directly attack the cryptography. It could be something as simple as a means to generate a bunch of predictable blocks on the harddrive - that's enough to break XTS. That is, even if there's no software backdoors or backdoors build into the TPM (Lenovo, for example, has 'key escrow' capabilities to extract Bitlocker keys out of TPMs) or crypto backdoors in HW PRNGs (e.g. Intel RDRAND), etc there are software bugs in other places that could reveal the contents of the hard disk.
So it's merely not a threat model you're ever going to find a solution for. In the very worst case, presuming there were some mystical level of harddisk encryption that was't trivial to backdoor or break by a sophisticated adversary - intelligence folks can use TEMPEST attacks, break into your computer when you turn it on, and/or get rubber hose access. An encrypted disk will not stop Mossad.
There is no disk encryption that will unilaterally prevent USG from accessing your files (you can only make it more expensive).
But as the USG is fond of repeating - you don't need your disk encryption to protect you from the government unless you have something to hide. You only need it to prevent attacks from criminals and for device theft.
He's currently recommending, for Windows users, either Bitlocker (256-bit AES) or BestCrypt (256-bit AES, RC6, Serpent, or Twofish). Not whatever link in the article you found those in. Unless I overlooked them in Bitlocker or BestCrypt's spec pages...
About those, though, CAST-128 isn't trustworthy (chosen-plaintext attack), GOST is probably there for Russian market, and Blowfish is fine given all the beatings it survived (good sign of security). I still use Blowfish and even IDEA in my polymorphic ciphers that semi-randomize a combination of strong ciphers along with counters.
VeraCrypt looks good, but incompatibility with TrueCrypt volumes makes me uncomfortable with switching. I've also looked at CipherShed and DiskCryptor, but the fragmentation gives me no assurance that I'll be able to access my encrypted volumes several years from now.
So I'm still stuck with TrueCrypt 7.1a. After all, it's the only disk encryption software for Windows that has been independently audited. None of the purported replacements and proprietary alternatives can lay claim to that distinction, no matter how much Bruce Schneier might personally trust the developers.
One problem I have with BitLocker is that it's only supported on Ultimate/Enterprise (on 7) and Professional and up (on 8)
I guess one could argue about not having those editions in a business setting, but the vast majority of pre-installed Windows in a market is Home Premium, and I can't think of enough justifications (especially in small businesses) for higher editions, and besides, many people, in home setting would want to have this extra protection for their computers. (After all, they do banking, tax, etc.) -- It seems like non-pro 8.1 does BitLocker for system drives, but then it also comes with a bit of "only if's" (InstantGo, SSD, non-removable RAMs, TPM, etc.)
As someone else mentioned here, it seems like choices are starting to become narrow as fairly limited solutions can support UEFI/GPT, too...
Windows 8.1 and above now have a type of "poor man's bitlocker" simply called drive encryption. It works on non-pro/non-enterprise systems.
It requires a TPM, uEFI, and Microsoft Account. But once you meet the requirements it gives you a "basic" level of encryption which for a petty criminal is hard to break. Most Surface Pros 3 will have this enabled already.
Legit Bitlocker is superior in many ways (in particular not having to store a backup key in a Microsoft Account, and having more choices about how to decrypt). But for consumers it is a very welcome addition.
If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway.
That might be so, but proper encryption is still valuable. Say you have a disk full of sensitive information. Say your computer was turned off as the adversary gets hold of it. If you have a proper encryption program, no OS backdoor will be able to decrypt it retrospectively (that is, when it's activated after the bust). Broken encryption makes you vulnerable even when you're offline or the PC is turned off.
If you run Windows, Microsoft has complete control of your computer. Unless you never turn it on, MS can log all the keys you press, all the data on the disk, all the network traffic, or really anything else they want at will.
If you trust them not to do the above, why wouldn't you trust them to encrypt your disk too? (Unless you don't trust their competence. But then, you are trusting them to secure your computer while it's on, but not when it's off?)
Since he knows Niels Ferguson and understands cryptography, why doesn't Bruce get some proper analysis or statement regarding the damage of removing the diffuser? Seems like that's one obviously big elephant in the room here.
What analysis are you looking for? The purpose of the "diffuser" is well-understood, as are the security implications of losing it. This comes up on HN about once every other month, on threads you've been a part of. What part of the explanation you've gotten here seemed inconclusive?
"Removing the Elephant diffuser doesn’t entirely break BitLocker. If someone steals your laptop, they still won’t be able to unlock your disk and access your files. But they might be able to modify your encrypted disk and give it back to you in order to hack you the next time you boot up"
There are some motherboards that can store the encription key so that you don't need to type the pasword again when booting. BitLocker supports it. What a great technology. It saves your life!
> BitLocker is Microsoft's native file encryption program. Yes, it's from a big company. But it was designed by my colleague and friend Niels Ferguson, whom I trust.
There may not be any deliberate backdoor in BitLocker however I think it's safe to assume that NSA has access to the source code, probably found some angle to exploit.
I don't think Microsoft is ever going to risk putting a Backdoor™ in Windows after NSA_key or at the very least after the Snowden document leaks + OPM hack (which both prove the US government's incompetence in storing classified information securely, which means the company's backdoor could be exposed at any time).
But that doesn't mean Microsoft isn't going to make it easy for the NSA to bypass its security. We've seen several reports of that from the Snowden documents, and it affects OneDrive, Outlook, Skype and probably even Bitlocker.
All Microsoft needs to do is not fix a vulnerability it finds out about (not a third party that reports the vulnerability to the company, as they would have no choice but to fix that). And it doesn't even need to do that indefinitely. It could fix it when a new vulnerability appears, and it can rotate them every 6 months or so.
Then it can either directly give that vulnerability to the NSA through all the "cyber sharing programs" where Microsoft has been a "volunteer" for years (way before Apple), or it can let NSA "discover" it on its own, which can be as easily done as Microsoft's security researchers talking about a new vulnerability internally through channels that don't have strong end-to-end security.
_NSAKEY wasn't a backdoor. People need to let that go. Not a single line of code was ever discovered that indicated the NSA was utilising it as a backdoor into cryptography, so the entire basis for the conspiracy theory is that the variable which holds the "backup key" happened to have been named that (and that includes the NT4.0/2000 source code leaks).
Also Microsoft shares the Windows code with many institutions[0]. Yet none of them, nobody at Microsoft, and not even the Snowden leak indicated a backdoor in Windows.
Microsoft MIGHT have made it easier for the US Government to tap Skype calls (and I believe that they did based on available evidence). Aside from that for all the mudslinging almost none of it ever sticks.
If they rotate vulnerabilities in Bitlocker, that could be discovered via reverse engineering. And a big vulnerability (like incorrectly calculating the IV for a sector) would require rewriting the disk.
I'd also wonder what vulnerabilities would exist in such software. The encryption part is well described, and one would expect it'd be done right (and if it's wrong, that requires rewriting the disk to fix). Other than that, what are we talking about? Bugs in the TPM/BIOS PCR checking? Accidentally writing the keys somewhere? I'm probably being very unimaginative here.
Edit: Let me say I'm assuming you have a password in addition to the TPM. Obviously if you can boot the machine up and have Bitlocker decrypt, and you have access to the machine, you can somehow extract the key if you have the resources.
[+] [-] jron|10 years ago|reply
"I asked Microsoft if the company would be able to comply with unlocking a BitLocker disk, given a legitimate legal request to do so. The spokesperson told me they could not answer that question." - https://firstlook.org/theintercept/2015/06/04/microsoft-disk...
[+] [-] nickpsecurity|10 years ago|reply
https://www.youtube.com/watch?v=6wXkI4t7nuc
[+] [-] Maarten88|10 years ago|reply
There were earlier stories from a developer building Bitlocker indicating the FBI did want a backdoor at the time but ultimately settled for this.
You can avoid sending the backup key to the cloud, but I'd advise to keep a backup of this key somewehere: I have had to use a backup key on several occasions after a bad reboot.
[+] [-] themeek|10 years ago|reply
So in the case that you end up provisioning a computer or device with Bitlocker, the key may very well end up in a database for query.
Outside of this it's not really so speculative to think that Bitlocker has backdoors for gov't access. It's unlikely that Microsoft Bitlocker survived the combined forces of state-of-the-art cryptanalysis, legal compulsion, and company infiltration (exposed by Snowden).
A backdoor for disk encryption need not directly attack the cryptography. It could be something as simple as a means to generate a bunch of predictable blocks on the harddrive - that's enough to break XTS. That is, even if there's no software backdoors or backdoors build into the TPM (Lenovo, for example, has 'key escrow' capabilities to extract Bitlocker keys out of TPMs) or crypto backdoors in HW PRNGs (e.g. Intel RDRAND), etc there are software bugs in other places that could reveal the contents of the hard disk.
So it's merely not a threat model you're ever going to find a solution for. In the very worst case, presuming there were some mystical level of harddisk encryption that was't trivial to backdoor or break by a sophisticated adversary - intelligence folks can use TEMPEST attacks, break into your computer when you turn it on, and/or get rubber hose access. An encrypted disk will not stop Mossad.
There is no disk encryption that will unilaterally prevent USG from accessing your files (you can only make it more expensive).
But as the USG is fond of repeating - you don't need your disk encryption to protect you from the government unless you have something to hide. You only need it to prevent attacks from criminals and for device theft.
[+] [-] tptacek|10 years ago|reply
The Device Encryption recovery key feature was discussed at length here: https://news.ycombinator.com/item?id=8546524
Certainly, people who are concerned about security should disable/avoid it.
[+] [-] tptacek|10 years ago|reply
[+] [-] nickpsecurity|10 years ago|reply
About those, though, CAST-128 isn't trustworthy (chosen-plaintext attack), GOST is probably there for Russian market, and Blowfish is fine given all the beatings it survived (good sign of security). I still use Blowfish and even IDEA in my polymorphic ciphers that semi-randomize a combination of strong ciphers along with counters.
[+] [-] sarciszewski|10 years ago|reply
What do you recommend for Windows users?
[+] [-] skrowl|10 years ago|reply
It's cross-platform FOSS instead of the "Hey, buy now!" BestCrypt that this article is pushing.
[+] [-] kijin|10 years ago|reply
So I'm still stuck with TrueCrypt 7.1a. After all, it's the only disk encryption software for Windows that has been independently audited. None of the purported replacements and proprietary alternatives can lay claim to that distinction, no matter how much Bruce Schneier might personally trust the developers.
[+] [-] sliverstorm|10 years ago|reply
[+] [-] unsignedint|10 years ago|reply
I guess one could argue about not having those editions in a business setting, but the vast majority of pre-installed Windows in a market is Home Premium, and I can't think of enough justifications (especially in small businesses) for higher editions, and besides, many people, in home setting would want to have this extra protection for their computers. (After all, they do banking, tax, etc.) -- It seems like non-pro 8.1 does BitLocker for system drives, but then it also comes with a bit of "only if's" (InstantGo, SSD, non-removable RAMs, TPM, etc.)
As someone else mentioned here, it seems like choices are starting to become narrow as fairly limited solutions can support UEFI/GPT, too...
[+] [-] Someone1234|10 years ago|reply
It requires a TPM, uEFI, and Microsoft Account. But once you meet the requirements it gives you a "basic" level of encryption which for a petty criminal is hard to break. Most Surface Pros 3 will have this enabled already.
http://www.howtogeek.com/173592/windows-8.1-will-start-encry...
Legit Bitlocker is superior in many ways (in particular not having to store a backup key in a Microsoft Account, and having more choices about how to decrypt). But for consumers it is a very welcome addition.
[+] [-] Kenji|10 years ago|reply
That might be so, but proper encryption is still valuable. Say you have a disk full of sensitive information. Say your computer was turned off as the adversary gets hold of it. If you have a proper encryption program, no OS backdoor will be able to decrypt it retrospectively (that is, when it's activated after the bust). Broken encryption makes you vulnerable even when you're offline or the PC is turned off.
[+] [-] marcosdumay|10 years ago|reply
If you run Windows, Microsoft has complete control of your computer. Unless you never turn it on, MS can log all the keys you press, all the data on the disk, all the network traffic, or really anything else they want at will.
If you trust them not to do the above, why wouldn't you trust them to encrypt your disk too? (Unless you don't trust their competence. But then, you are trusting them to secure your computer while it's on, but not when it's off?)
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] MichaelGG|10 years ago|reply
[+] [-] tptacek|10 years ago|reply
[+] [-] bradford|10 years ago|reply
I think it's best summarized as:
"Removing the Elephant diffuser doesn’t entirely break BitLocker. If someone steals your laptop, they still won’t be able to unlock your disk and access your files. But they might be able to modify your encrypted disk and give it back to you in order to hack you the next time you boot up"
[+] [-] darkhorn|10 years ago|reply
[+] [-] wfunction|10 years ago|reply
[+] [-] theandrewbailey|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] spacehome|10 years ago|reply
Nullius in verba
[+] [-] adrianscott|10 years ago|reply
[+] [-] revanx_|10 years ago|reply
[+] [-] tptacek|10 years ago|reply
[+] [-] venomsnake|10 years ago|reply
[+] [-] ikeboy|10 years ago|reply
Um, no.
[+] [-] higherpurpose|10 years ago|reply
But that doesn't mean Microsoft isn't going to make it easy for the NSA to bypass its security. We've seen several reports of that from the Snowden documents, and it affects OneDrive, Outlook, Skype and probably even Bitlocker.
All Microsoft needs to do is not fix a vulnerability it finds out about (not a third party that reports the vulnerability to the company, as they would have no choice but to fix that). And it doesn't even need to do that indefinitely. It could fix it when a new vulnerability appears, and it can rotate them every 6 months or so.
Then it can either directly give that vulnerability to the NSA through all the "cyber sharing programs" where Microsoft has been a "volunteer" for years (way before Apple), or it can let NSA "discover" it on its own, which can be as easily done as Microsoft's security researchers talking about a new vulnerability internally through channels that don't have strong end-to-end security.
[+] [-] Someone1234|10 years ago|reply
_NSAKEY wasn't a backdoor. People need to let that go. Not a single line of code was ever discovered that indicated the NSA was utilising it as a backdoor into cryptography, so the entire basis for the conspiracy theory is that the variable which holds the "backup key" happened to have been named that (and that includes the NT4.0/2000 source code leaks).
https://en.wikipedia.org/wiki/NSAKEY
Also Microsoft shares the Windows code with many institutions[0]. Yet none of them, nobody at Microsoft, and not even the Snowden leak indicated a backdoor in Windows.
Microsoft MIGHT have made it easier for the US Government to tap Skype calls (and I believe that they did based on available evidence). Aside from that for all the mudslinging almost none of it ever sticks.
[0] https://www.microsoft.com/en-us/sharedsource/
[+] [-] tptacek|10 years ago|reply
[+] [-] MichaelGG|10 years ago|reply
I'd also wonder what vulnerabilities would exist in such software. The encryption part is well described, and one would expect it'd be done right (and if it's wrong, that requires rewriting the disk to fix). Other than that, what are we talking about? Bugs in the TPM/BIOS PCR checking? Accidentally writing the keys somewhere? I'm probably being very unimaginative here.
Edit: Let me say I'm assuming you have a password in addition to the TPM. Obviously if you can boot the machine up and have Bitlocker decrypt, and you have access to the machine, you can somehow extract the key if you have the resources.