Recently, I wrote a guide explaining how to encrypt your laptop’s hard drive and why you should do so. For the benefit of Windows users, I gave instructions for turning on BitLocker, Microsoft’s disk encryption technology.
This advice generated an immediate backlash in the comments section underneath the post, where readers correctly pointed out that BitLocker has been criticized by security experts for a number of real and potential shortcomings. For example, BitLocker’s source code is not available for inspection, which makes it particularly vulnerable to “backdoors,” security holes intentionally placed to provide access to the government or others. In addition, BitLocker’s host operating system, Microsoft Windows, provides an algorithm for generating random numbers, including encryption keys, that is known to have been backdoored by government spies, and which the company’s own engineers flagged as potentially compromised nearly eight years ago. BitLocker also lost a key component for hardening its encryption, known as the “Elephant diffuser,” in the latest major version of Windows. And Microsoft has reportedly worked hand-in-glove with the government to provide early access to bugs in Windows and to customer data in its Skype and Outlook.com products.
Even having known about these issues, I still believed BitLocker was the best of several bad options for Windows users; I’ll explain my reasoning on this later.
But in the meantime, something interesting has happened: Microsoft, after considerable prodding, provided me with answers to some longstanding questions about BitLocker’s security. The company told me which random number generator BitLocker uses to generate encryption keys, alleviating concerns about a government backdoor in that subsystem; it explained why it removed the Elephant diffuser, citing worries over performance and compatibility that will appease some, but certainly not all, concerned parties; and it said that the government-compromised algorithm it bundles with Windows to generate encryption keys is, by default, not used at all.
Significant questions remain about BitLocker, to be sure, and because the source code for it is not available, those questions will likely remain unanswered. As prominent cryptographer Bruce Schneier has written, “In the cryptography world, we consider open source necessary for good security; we have for decades.” Despite all of this, BitLocker still might be the best option for Windows users who want to encrypt their disks.
Today I’m going to dive deep into the concerns about BitLocker and into Microsoft’s new responses. I’m also going to explain why more open alternatives like TrueCrypt don’t resolve these concerns, and take a brief look at proprietary products like BestCrypt, which Schneier recommends.
This is going to be a fairly technical post. But it’s important to explore the current state of BitLocker because Windows remains the most popular operating system for personal computers and because interest in BitLocker has only grown in the wake of documents from NSA whistleblower Edward Snowden showing widespread U.S. government surveillance. At the same time, fears about BitLocker have also been stoked by the Snowden cache, which exposed a carefully orchestrated and apparently successful attemptby the National Security Agency to compromise international encryption-related standards, including one that’s part of Windows to this day.
Why people worry about BitLocker
If you can trust Microsoft, BitLocker has always been awesome. For example, Microsoft is well ahead of competitors like Apple in making BitLocker verify that an attacker hasn’t modified the software used to boot the computer. Without such protection, hackers can rewrite the boot-up code, impersonate the operating system, and trick people into unlocking the disk so malware can be installed, a technique known as an “evil maid” attack. Mac OS X and Linux’s disk encryption systems are entirely vulnerable to this attack, but Windows, when running BitLocker, is not.
Of course, a great many people, particularly in information security circles, do not trust Microsoft; these people worry that BitLocker’s advanced technology is meant to distract people from the company’s cozy relationship with the government, and that any data “secured” using BitLocker could be handed over to spy agencies or law enforcement.
Here are three more specific concerns those people have about BitLocker — concerns I have shared. With each, I’ve included Microsoft’s response. It should be noted that the company was not initially forthcoming with this information; a spokesperson responded to a set of questions based on these worries by saying the company had no comment. To Microsoft’s credit, the company later reversed this position. . .