Page 2 of 2 FirstFirst 12
  1.    2 Weeks Ago #11
    Join Date : Oct 2017
    Posts : 183
    Win10

    The recovery key is actually a random number: BitLocker recovery password details System Integrity Team Blog

    You are correct in that you still need the recovery key in case of some BIOS/TPM change. I'll strike out that part from my earlier post to remove confusion.

    Veracrypt does not use the TPM. Therefore its keys are stored on the drive itself. I am not too familiar with how Linux encryption is done but it looks like dm-crypt/LUKS don't use the TPM either.

    Bitlocker does store the keys in the TPM. And if the PCRs change (due to a BIOS/HW/bootloader change) then the TPM won't unseal the encryption key. That's why you need the recovery key.
      My ComputerSystem Spec
  2.    2 Weeks Ago #12
    Join Date : Jan 2018
    Posts : 7
    OS
    Thread Starter

    Quote Originally Posted by PolarNettles View Post
    Bitlocker does store the keys in the TPM. And if the PCRs change (due to a BIOS/HW/bootloader change) then the TPM won't unseal the encryption key. That's why you need the recovery key.

    Sorry, but wrong again .

    BitLocker can also be used without having a TPM and that is actually what I want to do .

    So, why do I need to make use of BitLocker's recovery mechanism even if I do not have a TPM and use a PIN instead ?
      My ComputerSystem Spec
  3.    2 Weeks Ago #13
    Join Date : Jan 2018
    Posts : 7
    OS
    Thread Starter

    With a bit of know-how (that particular group policy really isn't intuitive), perhaps it would be possible to prevent the recovery events with the following group policy:

    Click image for larger version. 

Name:	BitLocker_enhanced_BCD.png 
Views:	13 
Size:	34.5 KB 
ID:	170891

    But there would probably still be a recovery event in case the PIN gets typed wrong too many times.
      My ComputerSystem Spec
  4.    1 Week Ago #14
    Join Date : Nov 2015
    Posts : 217
    Win10

    I just wish that future PCs/laptops will have the capability to encrypt data just like the way it is done on modern smartphones these days.
    For example, on the iPhone or even Android devices encryption is done by creating a PIN or a Passcode without the need to create or generate a recovery key. Because the Passcode or a PIN is the actual recovery key to decrypt data on the phone.

    This would be more easier on PCs if they would implement the same technology as they do on smartphones.
    That way, users don't have to worry about where and how to store the actual recover keys.

    So basically, I wish PCs would do the same technology the same way as they do on these phones where all you need is a PIN to decrypt the device.

    For example, a Username and Password would be the recovery key without the need to generate one separately.
    I think that would be a good idea for the next versions of Windows in the future. But that would also imply to PC manufacturers as well.
      My ComputerSystem Spec

 
Page 2 of 2 FirstFirst 12


Similar Threads
Thread Forum
Solved Bitlocker not encrypting document partition (Windows 10 Pro)
I've turned on Bitlocker on my laptop. It doesn't seem to have encrypted all of my logical drives, and for a couple of them it doesn't give me the option. I have a 1 TB hybrid drive which currently has 4 partitions: C, E, F, and a recovery...
AntiVirus, Firewalls and System Security
Is encrypting all my drives with Bitlocker necessary?
Is encrypting each and every one of my drives with BitLocker necessary? I highly doubt my PC will ever be swapped or anything. I wonder how many people even use the feature.
AntiVirus, Firewalls and System Security
BitLocker encrypting Used or Entire space?
I usually been reinstalling Win10 to get rid of the so called "clutter" on my system to make it more fresh and such. Regarding BitLocker, I always select to encrypt the entire drive as opposed to encrypting used spaced only. The entire drive...
AntiVirus, Firewalls and System Security
Solved ugh i forgot i was encrypting my drive with bitlocker???
So oh hum i forgot i was encrypting my drive today with bitlocker and i updated my realtek audio drivers,and its asking me to reboot, can I reboot when bitlocker is encrypting or should i just wait till its finished and then reboot its been running...
AntiVirus, Firewalls and System Security
Solved Can I shut down my PC while BitLocker is encrypting?
What would happen if my computer shuts down while BitLocker is encrypting my data partition drive? It takes ages! I am running Windows 10 Pro Thank you very much in advance
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 10:31.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums