Bitlocker podcast with Paul Cook

Today I listened to a recording of Paul Cooke posted at MyitForum, Director in the Windows Client division specializing in security, where he discusses BitLocker Drive Encryption, and how it has been extended in Windows Vista SP1.
Its been a while since I’d read anything on bitlocker. Since GuardianEdge did a number on my laptop I am interested to see if its worth continuing with GE if we ever upgrade to Vista.
SP1 enhancements:
– Can now require TPM, PIN and USB all together.
– Can now encrypt data volumes instead of only the OS/primary volume.
TPM 1.2 is required (if you use the TPM option). That sounds like quite a hassle, making sure the TPM chip is enabled on the computers that are coming in.
Recovery involves a 48 digit PIN. That sounds like a real joy to read off to the end user. What rights does the helpdesk need to access that number anyway? With our current product while you are reading off numbers to the user, there is a check digit returned to verify correct entry.

One Comment

  1. I use Bitlocker on my laptop, although it’s not managed by policy. My laptop is also TPM 1.1, so none of the TPM stuff works, so I just use a USB key.
    I haven’t tried GE, but one thing that surprised me about BL was that if you put the machine to sleep, you don’t need the key. It does need the key after hibernate. That made sense after I thought about it, I just didn’t expect it.
    I’m glad I installed it after SP1 was released, I didn’t realize it wasn’t able to encrypt all volumes before.

Comments are closed.