Windows 10: What does BitLocker encrypt?

Page 1 of 2 12 LastLast
  1.    29 Sep 2017 #1

    What does BitLocker encrypt?


    Does BitLocker just encrypt your hard-drive, or does it also encrypt network traffic like your inbound and outbound emails?
      My ComputerSystem Spec


  2. Posts : 9,021
    Windows 10 Pro x64 Build 1803
       29 Sep 2017 #2

    Hi Allegheny.

    Bitlocker does not encrypt network traffic.

    Email traffic to and from server should be encrypted through SSL. Of course that does not cover your mail from server to server across the net. Gmail to Yahoo, or Outlook to Verizon. If you are using browser base mail you should see HTTPS in address bar. Like you see in the TenForums address.

    I use a free program to encrypt email but the person I send them to has to have corresponding software to un-encrypt.


    Ken
      My ComputerSystem Spec

  3.    29 Sep 2017 #3

    Caledon Ken said: View Post
    Hi Allegheny.
    Bitlocker does not encrypt network traffic.
    Email traffic to and from server should be encrypted through SSL. Of course that does not cover your mail from server to server across the net. Gmail to Yahoo, or Outlook to Verizon. If you are using browser base mail you should see HTTPS in address bar. Like you see in the TenForums address.
    I use a free program to encrypt email but the person I send them to has to have corresponding software to un-encrypt.
    Ken
    I got an email at work saying they want to install BitLocker.

    Was curious if that will start encrypting my emails or any attachments?

    (I take a screenshot of my work hours every week and email them to myself at home. Was curious if BitLocker might screw that up moving forward?)
      My ComputerSystem Spec

  4.    29 Sep 2017 #4

    Bitlocker encrypts files on your hard drive. When you boot up, your hard drive is unlocked and your files are available to you. If you were to pull the hard drive and put into another computer, you would need to supply the key to unencrypt it.

    So, you will still be able to do what you are doing.
      My ComputerSystem Spec

  5.    29 Sep 2017 #5

    pparks1 said: View Post
    Bitlocker encrypts files on your hard drive. When you boot up, your hard drive is unlocked and your files are available to you. If you were to pull the hard drive and put into another computer, you would need to supply the key to unencrypt it.
    So, you will still be able to do what you are doing.
    Good to hear!!
      My ComputerSystem Spec

  6.    29 Sep 2017 #6

    pparks1 said: View Post
    Bitlocker encrypts files on your hard drive. When you boot up, your hard drive is unlocked and your files are available to you. If you were to pull the hard drive and put into another computer, you would need to supply the key to unencrypt it.
    So, you will still be able to do what you are doing.
    As a follow-up, what if I had a file stored on my work computer that was encrypted by BitLocker?

    Let's say I took screenshots for past months - which I need to do since I forgot to do this earlier in the year - and then I saved them in an MS Word doc. Now BitLocker would encrypt that Word document.

    So if I logged in to my computer at work, and attached said MS Word doc to an Outlook email, and then emailed it to myself at home, would I be able to open that MS Word document - which contains screenshots of Q1 timesheets - at home?
      My ComputerSystem Spec

  7.    29 Sep 2017 #7

    Yes, the file is encrypted on the hard drive. When the computer is turned off, its encrypted. When you turn it on, and the key is supplied the hard drive is unencypted. So you can open and see the contents of any file. You can send those files anywhere you want. They aren't encrypted when your system is running. They have been decrypted.

    So, if you turn on and log in, you are in a decrypted state. If you tried pulling the hard drive out and putting it into another system, it would be encrypted till you supplied the bit locker key.
      My ComputerSystem Spec


  8. Posts : 9,021
    Windows 10 Pro x64 Build 1803
       29 Sep 2017 #8

    Normally if you attach a file to an email that file is not encrypted. Same if you copy out to usb key.

    There are encryption routines that will place encrypted files on targets but I don't believe you can set Bitlocker up in this manner. Of course I could be wrong.
      My ComputerSystem Spec

  9.    29 Sep 2017 #9

    Usually when you use Bitlocker you have TPM (Trusted Platform Module) enabled in your BIOS. In effect, the TPM provides Bitlocker with the encryption key (as long as TPM detects that nothing in the bootloader or hardware has changed). So, when you turn on your PC, the TPM module will provide the bitlocker encryption key, which will then be used to decrypt your hard drive.

    Here is an example.
    • You go to lunch at Taco Bell, and you leave your computer sitting at the table and walk out.
    • Somebody else walks in, sees the laptop sitting there, and turn's it on.
    • The computer boots, sees nothing nefarious has happened with the bootloader and it will decrypt the hard drive.
    • The person manages to guess your windows password and they are logged in and can see all of your data.
    • Encryption here got you ABSOLUTELY NOTHING, as your Windows password was weak.


    Example #2

    • You go to lunch at Taco Bell, and you leave your computer sitting at the table and walk out.
    • Somebody else walks in, sees the laptop sitting there, and turn's it on.
    • The computer boots, sees nothing nefarious has happened with the bootloader and it will decrypt the hard drive.
    • Your Windows passsword is too hard and the end user gives up guessing it
    • The person takes your laptop home, takes it apart, takes out your hard drive and then connects it with a cable to their home coputer
    • The hard drive is encrypted, and Windows can do nothing with it, unless you can provide the 48bit bitlocker recovery key. Without that key, the drive stays encrypted and your files are safe.
    • Bitlocker here prevented your drive from being used in another computer to gain access.


    So, I'm sitting here at work and my laptop has Bitlocker enabled. I am booted up, and I am logged in. If I get up, and walk away from my PC, anybody can walk up and see any of my files, copy them anywhere, and bitlocker does absolutely nothing to stop them because it "unlocked the drive" when the computer turned on. It's now in a decrypted state.

    Lo
      My ComputerSystem Spec

  10.    29 Sep 2017 #10

    Caledon Ken said: View Post
    Normally if you attach a file to an email that file is not encrypted. Same if you copy out to usb key.
    There are encryption routines that will place encrypted files on targets but I don't believe you can set Bitlocker up in this manner. Of course I could be wrong.
    I thought the way encryption worked is that when I log into my work computer, files are decrypted, and thus accessibel to me.

    And when I attach an encrypted file to and email and send it to myself, say at home, that when I tried to open the file it would have been encrypted again somewhere along the line.

    Or I also thought that there would be some kind of an intelligent link saying, "Hey this person is trying to open an encrypted file that is not on the original host system, so therefore do not decrypt the file. (Similar to how if you swapped out an encrypted drive and tried to boot from it it wouldn't let you.)

    I was sure I once worked someone that had "intelligent encryption" like that...
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Solved Bitlocker forced to auto-encrypt on Creators Update? in AntiVirus, Firewalls and System Security
I've just got a new Dell XPS 9360. Obviously the system installed by default was full of crapware, so I traditionally re-partitioned the drive and installed Windows 10 Creators Update manually. Surprisingly I noticed that both my partitions were...
Need help trying to encrypt a folder in AntiVirus, Firewalls and System Security
I'm using the built in encryption method. I set up an encryption key, set the security level to high, and chose my password. On my folder I went to advanced settings and selected the 'encrypt contents to secure data' option. It then asks for...
Hi, from my understanding, one can use BitLocker ONLY to encrypt entire drives. Not specific folders. I noticed this option while right-clicking a folder: 78167 I think this would be useful to encrypt only those folders on the drive that may...
encrypt win 10 in Software and Apps
Hello I have heard so much about privacy or the lack of it, like Windows being able to see my private folders in the EULA. Is there a third party encryption program I can protect my machine with? I say 3rd party for the obvious as I do not want a...
Solved Encrypt My All Files in General Support
Hi All i encrypt some files (Properties ->General ->advanced ) but from that time any file i created it , it become encrypt defalutly , how fix it?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:38.
Find Us