BitLocker is a security feature from Microsoft that is integrated into certain versions of the Windows operating system. The feature provides encryption of system drives, hard disks, or removable media. The stored data is protected against theft and unauthorized reading.
What is Bitlocker Used For?
With BitLocker, Microsoft offers a solution integrated into the Windows operating system that can be used to securely encrypt hard disks, system drives, or removable media. This keeps data protected in the event of theft or when a hard drive is physically removed from a computer. Without the key, the data cannot be read.
In addition, the system can be configured so that the computer can only be started if the correct PIN is entered or a key file is provided on a removable disk.
128- or 256-bit long AES keys are used for encryption and decryption. The encryption feature offers maximum protection in combination with the so-called Trusted Platform Module (TPM). TPM is an additional hardware component in the computer that ensures that the computer cannot be manipulated when offline.
BitLocker can also be used without the Trusted Platform Module. Supported file systems are FAT16, FAT32, NTFS, and exFAT.
Which Windows versions support BitLocker encryption?
Only certain Windows versions support BitLocker encryption. The feature was first found in Windows Vista. The following Windows versions include the encryption feature:
- The Ultimate and Enterprise versions of Windows Vista
- The Ultimate and Enterprise versions of Windows 7
- The Pro and Enterprise versions of Windows 8 and Windows 8.1
- The Pro and Enterprise versions of Windows 10
- The Windows Server versions starting from Windows Server 2008
In Windows 10 Home, encryption support is basically available but not usable.
How the encryption works
BitLocker encryption requires its own system partition. This contains the data necessary to boot the computer and load the encrypted data from the operating system partition.
If encryption is enabled, Windows creates the necessary partition on its own. The system partition tries to access the Trusted Platform Module before starting the operating system. If it is present, it can be checked whether changes or manipulations of the hardware have taken place.
The encryption can be configured to force the entry of a PIN to start the computer. As an alternative to the PIN, it may be necessary to provide a key file on a removable storage medium (USB stick). Without a PIN or key file being configured, a computer encrypted with BitLocker starts up for the user in the same way as an unencrypted Windows computer. The Advanced Encryption Standard (AES) is used for encryption. The keys have a length of 128 or 256 bits. The default length is 256 bits.
Advantages of BitLocker encryption
Hard disk encryption offers numerous advantages. It prevents hard disks from being removed from one computer and read on another. If a computer is stolen, the data is protected and cannot be read by unauthorized persons without knowledge of the key, PIN, or possession of the key file.
In addition, unauthorized booting of the Windows computer can be prevented. The feature is fully integrated into the Windows operating system and is easy to use. If encryption is used for the first time, the software assists in the automatic creation of a recovery key.
Administrators of Windows domains have the option of storing keys in Active Directory and managing them there.
BitLocker for removable media
BitLocker To Go exists for removable media. The feature allows the encryption of USB sticks, external hard drives, or memory cards. The file systems NTFS, FAT16, FAT32 and exFAT are supported.
Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.