What does BitLocker encrypt?

Does BitLocker just encrypt your hard-drive, or does it also encrypt network traffic like your inbound and outbound emails?

Caledon Ken said:

Hi Allegheny.
Bitlocker does not encrypt network traffic.
Email traffic to and from server should be encrypted through SSL. Of course that does not cover your mail from server to server across the net. Gmail to Yahoo, or Outlook to Verizon. If you are using browser base mail you should see HTTPS in address bar. Like you see in the TenForums address.
I use a free program to encrypt email but the person I send them to has to have corresponding software to un-encrypt.
Ken

I got an email at work saying they want to install BitLocker.

Was curious if that will start encrypting my emails or any attachments?

(I take a screenshot of my work hours every week and email them to myself at home. Was curious if BitLocker might screw that up moving forward?)

Bitlocker encrypts files on your hard drive. When you boot up, your hard drive is unlocked and your files are available to you. If you were to pull the hard drive and put into another computer, you would need to supply the key to unencrypt it.

So, you will still be able to do what you are doing.

pparks1 said:

Bitlocker encrypts files on your hard drive. When you boot up, your hard drive is unlocked and your files are available to you. If you were to pull the hard drive and put into another computer, you would need to supply the key to unencrypt it.
So, you will still be able to do what you are doing.

Good to hear!!

pparks1 said:

Bitlocker encrypts files on your hard drive. When you boot up, your hard drive is unlocked and your files are available to you. If you were to pull the hard drive and put into another computer, you would need to supply the key to unencrypt it.
So, you will still be able to do what you are doing.

As a follow-up, what if I had a file stored on my work computer that was encrypted by BitLocker?

Let's say I took screenshots for past months - which I need to do since I forgot to do this earlier in the year - and then I saved them in an MS Word doc. Now BitLocker would encrypt that Word document.

So if I logged in to my computer at work, and attached said MS Word doc to an Outlook email, and then emailed it to myself at home, would I be able to open that MS Word document - which contains screenshots of Q1 timesheets - at home?

Yes, the file is encrypted on the hard drive. When the computer is turned off, its encrypted. When you turn it on, and the key is supplied the hard drive is unencypted. So you can open and see the contents of any file. You can send those files anywhere you want. They aren't encrypted when your system is running. They have been decrypted.

So, if you turn on and log in, you are in a decrypted state. If you tried pulling the hard drive out and putting it into another system, it would be encrypted till you supplied the bit locker key.

Usually when you use Bitlocker you have TPM (Trusted Platform Module) enabled in your BIOS. In effect, the TPM provides Bitlocker with the encryption key (as long as TPM detects that nothing in the bootloader or hardware has changed). So, when you turn on your PC, the TPM module will provide the bitlocker encryption key, which will then be used to decrypt your hard drive.

Here is an example.

• You go to lunch at Taco Bell, and you leave your computer sitting at the table and walk out.
• Somebody else walks in, sees the laptop sitting there, and turn's it on.
• The computer boots, sees nothing nefarious has happened with the bootloader and it will decrypt the hard drive.
• The person manages to guess your windows password and they are logged in and can see all of your data.
• Encryption here got you ABSOLUTELY NOTHING, as your Windows password was weak.

Example #2

• You go to lunch at Taco Bell, and you leave your computer sitting at the table and walk out.
• Somebody else walks in, sees the laptop sitting there, and turn's it on.
• The computer boots, sees nothing nefarious has happened with the bootloader and it will decrypt the hard drive.
• Your Windows passsword is too hard and the end user gives up guessing it
• The person takes your laptop home, takes it apart, takes out your hard drive and then connects it with a cable to their home coputer
• The hard drive is encrypted, and Windows can do nothing with it, unless you can provide the 48bit bitlocker recovery key. Without that key, the drive stays encrypted and your files are safe.
• Bitlocker here prevented your drive from being used in another computer to gain access.

So, I'm sitting here at work and my laptop has Bitlocker enabled. I am booted up, and I am logged in. If I get up, and walk away from my PC, anybody can walk up and see any of my files, copy them anywhere, and bitlocker does absolutely nothing to stop them because it "unlocked the drive" when the computer turned on. It's now in a decrypted state.

Lo

Caledon Ken said:

Normally if you attach a file to an email that file is not encrypted. Same if you copy out to usb key.
There are encryption routines that will place encrypted files on targets but I don't believe you can set Bitlocker up in this manner. Of course I could be wrong.

I thought the way encryption worked is that when I log into my work computer, files are decrypted, and thus accessibel to me.

And when I attach an encrypted file to and email and send it to myself, say at home, that when I tried to open the file it would have been encrypted again somewhere along the line.

Or I also thought that there would be some kind of an intelligent link saying, "Hey this person is trying to open an encrypted file that is not on the original host system, so therefore do not decrypt the file. (Similar to how if you swapped out an encrypted drive and tried to boot from it it wouldn't let you.)

I was sure I once worked someone that had "intelligent encryption" like that...