Lipani Security LLC

A Security & Privacy Company

Tag: Bitlocker

Microsoft BitLocker Is Not A Great Solution

Posted on by admin

Microsoft confirmed they receive around 20 requests for BitLocker keys a year and will provide them to governments in response to valid court orders. My issue is not only is Microsoft able to access the key because of the way they store it but if someone would get access to your Microsoft account they could get the key.

Microsoft BitLocker, is supposed to protect your data by encrypting it automatically. On most modern Windows 11 computers this feature is enabled by default to safeguard all the data on the computer’s hard drive. BitLocker encrypts the data so that only those with a key can decode it and read it.

You can store BitLocker keys digitally or on paper which you should for backup in the event your computer crashes and you want the data off your computer. Here where the issue comes in Microsoft during the BitLocker setup recommends users store their keys to your Microsoft account for convenience and ease of use. The issue becomes if you login to your Microsoft account you can get those keys and access the data since they are stored in clear text.

While Apple does offer you the ability to get the key and write it down if you store your password in iCloud Apple can’t see it and neither can you if you login. In iCloud, the recovery key isn’t in plain text anywhere. Instead, the key is tied into behind-the-scenes account information that Apple maintains. It’s fully encrypted so that even Apple doesn’t have access to the unencrypted recovery key. Apple instead can deliver the encrypted recovery key to your Mac if you need to reset your password. The user never sees the recovery key nor have to enter it in this configuration.

Google uses eCryptfs disk encryption on ChromeOS. Keys are stored on disk in an encrypted format within the user’s home directory and are decrypted at login using the user’s login passphrase. The actual working keys are held in the Linux kernel’s memory (keyring) only while the filesystem is mounted. Google does not store these keys on its servers you must provide the key every time you need to access the data. Losing this key means Google cannot recover your data.

The Linux operating system uses a system very similar to a Chromebook using Linux Unified Key Setup (LUKS) as the standard for Linux hard disk encryption, providing a secure, user-friendly way to protect data at rest on partitions, disks, or removable media. It operates at the block level using dm-crypt, creating an encrypted container that requires a password to unlock and access data. If the key is lost the data is as well.

There have been reports of Microsoft engineers even claiming that the U.S. government approached them in 2013 to install a backdoor in the BitLocker encryption system. I would recommend on any operating system if you have data, you want secured that no one else can access use Veracrypt or Cryptomator to secure the files so only you can access them on your device or online. I can’t stress enough true encryption means only you can access the data.

Mac And PC Hard Drive Encryption

Posted on by admin

The one thing you could do to protect your computer in the case of theft is drive encryption. Many people say to me if they steal my laptop who cares its password protected but I always ask if the hard drive is encrypted. Just because it has a password does not mean a skilled hacker cannot hook your device to a computer and get the data this is where drive encryption comes into play.

Let me explain what exactly disk encryption is first. Drive encryption is a technology that protects information by converting it into an unreadable code that cannot be deciphered easily by unauthorized people. Drive encryption uses encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

Now I know this seems very overwhelming but it’s not. Both Windows and Mac have disk encryption as built-in options in this modern era of computing. If you are using a Chromebook, you are lucky you don’t have to do anything the disk is always encrypted. Only the signed-in user can access their profile data. there is no administrator account that can access everything. So, your data on the Chromebook is always the safest.

Microsoft Windows has its own version of encryption called BitLocker.

To Enable Bitlocker just go to Control Panel – All Control Panel Items – BitLocker Drive Encryption. Just click Turn on BitLocker.

Follow the onscreen instructions they are easy.

On a Mac, it’s easy as well and with the integration of Apple iCloud its easier than ever to turn on the Apple version of drive encryption called FileVault.

Just click on System Preferences – Security and Privacy – Click on the FileVault Tab – Click Turn On File Vault

You will then be asked for your iCloud account info and that’s about it

Personally, I like to use a third-party tool called Symantec PGP Full Disk Encryption as it’s a third-party tool and the inventor of PGP Encryption Phil Zimmermann works for Symantec. Zimmermann is the creator of Pretty Good Privacy (PGP), the most widely used encryption protocol in the world. Symantec PGP Full Disk Encryption will be overkill for most, but you do get much more options than you do with Microsoft or Apple. But for just the average user the built options in Windows and Mac are more than secure enough.  Anyone dealing with sensitive data should use drive encryption.

Any questions about drive encryption contact us.