Windows 10: Microsoft may have your encryption key; here’s how to take it back


  1. Posts : 1,563
    Windows 10 Pro x64 RS 10586.586
       30 Dec 2015 #1

    Microsoft may have your encryption key; here’s how to take it back


    It doesn't require you to buy a new copy of Windows.

    As happens from time to time, somebody has spotted a feature in Windows 10 that isn't actually new and has largely denounced it as a great privacy violation.

    The Intercept has written that if you have bought a Windows PC recently then Microsoft probably has your encryption key. This is a reference to Windows' device encryption feature. We wrote about this feature when it was new, back when Microsoft introduced it in Windows 8.1 in 2013 (and before that, in Windows RT).

    Device encryption is a simplified version of the BitLocker drive encryption that made its debut in Windows Vista in 2006. The full BitLocker requires a Pro or Enterprise edition of Windows, and includes options such as integration with Active Directory, support for encrypting removable media, and the use of passwords or USB keys to unlock the encrypted disk. Device encryption is more restricted. It only supports internal system drives, and it requires the use of Secure Boot, Trusted Platform Module 2.0 (TPM), and Connected Standby-capable hardware. This is because Device encryption is designed to be automatic; it uses the TPM to store the password used to decrypt the disk, and it uses Secure Boot to ensure that nothing has tampered with the system to compromise that password.
    Read more: http://arstechnica.com/information-t...-take-it-back/
      My ComputerSystem Spec

  2.    30 Dec 2015 #2

    Honestly, so what? I'm not shooting the messenger of course but this privacy stuff is getting silly.

    For this to be an issue you have to both have someone steal your device and secondly hack into your MS account. Having your bitlocker key without your disk is as useless as the other way around.

    Of course you can do as the article suggests

    you'd be strongly advised to write it down
    and stick it on a post-it under your keyboard presumably. I couldn't remember 9 blocks of 6 characters certainly.

    Nonetheless an interesting article for non Pro users (who can't use bitlocker). If you want bitlocker you would buy Pro. If you don't device encryption is a good compromise as your data isn't just saved in the clear on your disk.
      My ComputerSystem Spec

  3.    30 Dec 2015 #3

    lx07 said: View Post
    Honestly, so what? I'm not shooting the messenger of course but this privacy stuff is getting silly.

    For this to be an issue you have to both have someone steal your device and secondly hack into your MS account. Having your bitlocker key without your disk is as useless as the other way around.

    Of course you can do as the article suggests

    and stick it on a post-it under your keyboard presumably. I couldn't remember 9 blocks of 6 characters certainly.

    Nonetheless an interesting article for non Pro users (who can't use bitlocker). If you want bitlocker you would buy Pro. If you don't device encryption is a good compromise as your data isn't just saved in the clear on your disk.
    I read that as a real non issue,, issue. Must be a slow news day??
      My ComputerSystem Spec

  4.    30 Dec 2015 #4

    I've just looked at OneDrive Recovery Keys and Windows 10 Mobile recovery keys aren't stored there despite 'Device Encryption' being switched on. Neither does it show as encrypted under 'Storage', which begs the question, is 'Device Encryption' even on and if it is, where are the recovery keys stored for Windows 10 Mobile Devices?

    Click image for larger version. 

Name:	Win-10-Mobile-Encryption.png 
Views:	4 
Size:	144.5 KB 
ID:	56118
      My ComputerSystem Spec

  5.    30 Dec 2015 #5

    What if you look here though?

    Click image for larger version. 

Name:	Capture.PNG 
Views:	5 
Size:	107.5 KB 
ID:	56123

    I blanked out the disks I'm still using (just in case).

    Are you saying phones aren't available? That could be a different problem I don't know about.
      My ComputerSystem Spec

  6.    30 Dec 2015 #6

    lx07 said: View Post
    Are you saying phones aren't available? That could be a different problem I don't know about.

    Nope, as you can see in the above screenshot, no recovery keys listed for Windows 10 Mobile and other than physically trying to access the data on a locked phone, there doesn't appear to be a way to tell if the device storage is actually encrypted or not other than the toggle switch to switch it on /off.
      My ComputerSystem Spec

  7.    30 Dec 2015 #7

    You may be right but I don't have a phone to test. In any case this thread was about PC (specifically Windows 10 home not Pro) device encryption which can be used by some devices with only 10 home (but with TPM, UEFI etc) that would not normally be eligible to use bitlocker.

    There are others with MS phones here - you could ask in another thread perhaps.
      My ComputerSystem Spec


  8. Posts : 1,546
    W7 32 bit, Linux Mint Xfce 18 64 bit
       30 Dec 2015 #8

    I read the article, how can it be done with Windows 10 home? It still wasn't clear enough for me. I didn't think Bitlocker could be enabled on windows 10 home.

    What I worry about encryption is Image backups, restores, partitioning and multi-boot systems, these make it harder to use Bitlocker or encryption program. Another things that would be an issue, I don't have a system reserve partition, so I would need to do a clean install of windows 10.
      My ComputerSystem Spec

  9.    30 Dec 2015 #9

    groze said: View Post
    I read the article, how can it be done with Windows 10 home? It still wasn't clear enough for me. I didn't think Bitlocker could be enabled on windows 10 home.
    There are 2 different things here.

    1. Bitlocker. You need 7 Enterprise or Ultimate or later. There are no hardware restrictions to speak of (only your MB must be able to recognize USB). You get better functionality if your system supports TPM. It is included in 8 Pro and 10 Pro (and Enterprise and Education).

    2. Secure Devices. This uses a cut down bitlocker for home users where the hardware requirements are somewhat higher. You need a device with fixed storage, TPM, UEFI and secure boot. At the end though it is the same system (although more limited) as normal bitlocker that doesn't have these requirements. Phones fall into this category but I don't know about that, sorry.

    groze said: View Post
    What I worry about encryption is Image backups, restores, partitioning and multi-boot systems, these make it harder to use Bitlocker or encryption program.
    Partitioning is irrelevant. I use bitlocker on my system C: drive, I have other partitions for other OS that are not encrypted or in the case of OSX encrypted with a different system (Firevault).

    Backups - You need to think about this. Macrium copes with bitlocker. Standard MS recovery doesn't (although you can make a PE image and add bitlocker support).

    groze said: View Post
    Another things that would be an issue, I don't have a system reserve partition, so I would need to do a clean install of windows 10.
    Easiest way, yes. Bitlocker does require an unencrypted partition. If you are booting legacy BIOS system with only one C: partition you would have to make another for boot files to be on.
      My ComputerSystem Spec

  10.    30 Dec 2015 #10

    lx07 said: View Post
    <Snip>In any case this thread was about PC (specifically Windows 10 home not Pro) device encryption
    It is about Device Encryption on Windows devices. That makes it relevant.

    Anyway, just for you...
    Does Device Encryption Work on Windows 10 Mobile
    Last edited by ARC1020; 30 Dec 2015 at 14:15.
      My ComputerSystem Spec


 

Related Threads
SHA 2 Encryption in AntiVirus, Firewalls and System Security
SHA 2 is due in a few months. Anyone hear any rumors. I think we will get the SHA 256bit Thanks
I wonder now with this new Windows 10 free offer how secure MS servers will be ? Since all computers that upgrade will have their hardware register with MS servers you know hackers are going to try to break in and disorder their system . Can you...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:04.
Find Us