Windows 10: [BitLocker] Encrypting without generating recovery key?

Page 2 of 2 FirstFirst 12
  1.    03 Jan 2018 #11

    The recovery key is actually a random number: BitLocker recovery password details System Integrity Team Blog

    You are correct in that you still need the recovery key in case of some BIOS/TPM change. I'll strike out that part from my earlier post to remove confusion.

    Veracrypt does not use the TPM. Therefore its keys are stored on the drive itself. I am not too familiar with how Linux encryption is done but it looks like dm-crypt/LUKS don't use the TPM either.

    Bitlocker does store the keys in the TPM. And if the PCRs change (due to a BIOS/HW/bootloader change) then the TPM won't unseal the encryption key. That's why you need the recovery key.
      My ComputerSystem Spec

  2.    03 Jan 2018 #12

    PolarNettles said: View Post
    Bitlocker does store the keys in the TPM. And if the PCRs change (due to a BIOS/HW/bootloader change) then the TPM won't unseal the encryption key. That's why you need the recovery key.

    Sorry, but wrong again .

    BitLocker can also be used without having a TPM and that is actually what I want to do .

    So, why do I need to make use of BitLocker's recovery mechanism even if I do not have a TPM and use a PIN instead ?
      My ComputerSystem Spec

  3.    04 Jan 2018 #13

    With a bit of know-how (that particular group policy really isn't intuitive), perhaps it would be possible to prevent the recovery events with the following group policy:

    Click image for larger version. 

Name:	BitLocker_enhanced_BCD.png 
Views:	23 
Size:	34.5 KB 
ID:	170891

    But there would probably still be a recovery event in case the PIN gets typed wrong too many times.
      My ComputerSystem Spec

  4.    06 Jan 2018 #14

    I just wish that future PCs/laptops will have the capability to encrypt data just like the way it is done on modern smartphones these days.
    For example, on the iPhone or even Android devices encryption is done by creating a PIN or a Passcode without the need to create or generate a recovery key. Because the Passcode or a PIN is the actual recovery key to decrypt data on the phone.

    This would be more easier on PCs if they would implement the same technology as they do on smartphones.
    That way, users don't have to worry about where and how to store the actual recover keys.

    So basically, I wish PCs would do the same technology the same way as they do on these phones where all you need is a PIN to decrypt the device.

    For example, a Username and Password would be the recovery key without the need to generate one separately.
    I think that would be a good idea for the next versions of Windows in the future. But that would also imply to PC manufacturers as well.
      My ComputerSystem Spec

  5.    21 Jan 2018 #15

    win10freak said: View Post
    I just wish that future PCs/laptops will have the capability to encrypt data just like the way it is done on modern smartphones these days.
    For example, on the iPhone or even Android devices encryption is done by creating a PIN or a Passcode without the need to create or generate a recovery key. Because the Passcode or a PIN is the actual recovery key to decrypt data on the phone.
    Actually it does not have anything to do with PC vs. smartphone.

    PCs running Linux (i.e. Ubuntu etc.) are doing it the same way it is being done on Android phones. The PIN/Password is the actual recovery key to decrypt data on the PC with Ubuntu and other Linux distros.

    It's just that MS Windows is requiring an additional recovery key (maybe macOS as well).
      My ComputerSystem Spec


 
Page 2 of 2 FirstFirst 12

Related Threads
Solved Bitlocker not encrypting document partition (Windows 10 Pro) in AntiVirus, Firewalls and System Security
I've turned on Bitlocker on my laptop. It doesn't seem to have encrypted all of my logical drives, and for a couple of them it doesn't give me the option. I have a 1 TB hybrid drive which currently has 4 partitions: C, E, F, and a recovery...
Is encrypting all my drives with Bitlocker necessary? in AntiVirus, Firewalls and System Security
Is encrypting each and every one of my drives with BitLocker necessary? I highly doubt my PC will ever be swapped or anything. I wonder how many people even use the feature.
BitLocker encrypting Used or Entire space? in AntiVirus, Firewalls and System Security
I usually been reinstalling Win10 to get rid of the so called "clutter" on my system to make it more fresh and such. Regarding BitLocker, I always select to encrypt the entire drive as opposed to encrypting used spaced only. The entire drive...
Solved ugh i forgot i was encrypting my drive with bitlocker??? in AntiVirus, Firewalls and System Security
So oh hum i forgot i was encrypting my drive today with bitlocker and i updated my realtek audio drivers,and its asking me to reboot, can I reboot when bitlocker is encrypting or should i just wait till its finished and then reboot its been running...
Solved Can I shut down my PC while BitLocker is encrypting? in AntiVirus, Firewalls and System Security
What would happen if my computer shuts down while BitLocker is encrypting my data partition drive? It takes ages! I am running Windows 10 Pro Thank you very much in advance
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:28.
Find Us