Question Bitlocker Questions

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
Have a dell laptop is windows ten pro. Had turned on bitlocker on a while back again as i like it because everytime i turn on laptop, i need to enter the bitlocker pin and then the windows ten password in order to get access to my computer. Recall i choose the TPM with options which i made changes where i allow enhanced pin which allow me to use numbers and characters for the bitlocker pin.


Now when i enter my bitlocker pin and then it gets to the screen of me having to type my windows ten password in order to get to the desktop screen... could someone get into my desktop by bypassing this? Heard back then how anyone who forgot their windows ten password to sign in... anyone can bypass that screen easily. But because i have bitlocker turned on, does that mean someone cannot get access to the desktop without knowing the password?


So for example, say i want to go outside real quick and come back and i don't want to turn off my computer. Now when i lock my computer, is my pc protected if someone has access to the laptop? Of course if it is turned off, then it is because that person would need to know what is the bitlocker pin in the first place. But what about the locked screen? it's the same exact screen as how my laptop is when i turn on my laptop and after i enter the bitlocker screen correct? Are both are considered locked in each of these two situations? Because many times when i go out for a short bit, i would just turn off my laptop each time. But if it is protected, i would just leave it locked so i don't need to power it on again and have to open all the programs again etc. i assume its protected but now the difference is that person would just need to guess your windows ten password instead of the bitlocker pin as well? But if your windows ten password is very simple, can they brute force it? But if they try to brute force, they can't do that in your apartment right unless they have their computer equipment or whatever is needed for it?


Now assuming that person cannot access my laptop because they don't know my windows password to get access to my desktop, could they somehow brute force the password? Know you can brute force password for email accounts but could they do it with my laptop if they have access to it but its on the lock screen? But they would need to connect something physically to my laptop to brute force it? What if its on the bitlocker pin screen? Can they brute force the laptop if they have physical possession of the laptop for a long time?


Now... could that person plug in a usb with malware device into my laptop while its locked and i get malware or keylogger or virus that way? i know that if you leave your laptop unattended in say a coffeeshop for just a minute, someone could literally go to your laptop and connect a usb with malware on it and after a minute or so, unplug the usb and then you are infected... saw that on an old youtube video. That is true right? But can someone do this to your laptop if its on the lock screen? i assume this is not possible if they can't get past the bitlocker pin screen? But did hear about bios malware as well but does bitlocker protect that or not?
 

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
i took a look at that but still confused. So can someone bypass the lock screen if you have bitlocker enabled? Such as you turn your laptop and enter bitlocker pin but then at the locked screen and don't type your windows ten password? What about using it for a bit and then lock it and then you go somewhere for a bit. Same scenario in both right since they are both in the lock screen? Can someone bypass it? Can someone put malware into your pc with usb flash drive if they want to? Could they brute force you windows ten password with bitlocker enabled?
 

USAFRet

Titan
Moderator
Mar 16, 2013
154,860
11,310
176,090
24,158
i took a look at that but still confused. So can someone bypass the lock screen if you have bitlocker enabled? Such as you turn your laptop and enter bitlocker pin but then at the locked screen and don't type your windows ten password? What about using it for a bit and then lock it and then you go somewhere for a bit. Same scenario in both right since they are both in the lock screen? Can someone bypass it? Can someone put malware into your pc with usb flash drive if they want to? Could they brute force you windows ten password with bitlocker enabled?
Test...

Power OFF
Power ON
You're required to input your bitlocker key
Then, the Windows password/PIN
Go away, and let the system sleep or whatever.
Do you again need to input the BitLocker key? Or just the Windows password/PIN?
 

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
How do you make your system sleep? Don't recall me doing that ever. What i normally do is like this.


Power on my pc. Then enter the bitlocker pin. Then enter the windows password.


Have my laptop connected to two external monitors. So when i go outside for a short time, i control alt delete and lock it. So you see my main external monitor with like a background picture and the date and time. The picture always seem to be different and random? My other external monitor and laptop screen is dark. So when i come back to my apartment, its the same thing. Then i click on the main external monitor screen and type in my windows password to unlock my computer and you see everything on all three screens.


When i go to bed, i would do the same thing as control alt delete and lock it. But then, i power off both of my external monitors... so when i do that, my laptop screen has that background picture and the date and time. Then the next time i want to use my computer, its literally the same how i left it. So i just power on both of my external monitors, then suddenly the background picture and the date and time shows up in my main external monitor. i then type in my windows password and then unlock my computer. i could also have typed my windows password into my laptop screen when both of my external monitors are still powered off.... then power both monitors on and well since its already unlocked... all three screens will be like when my pc is on.


So i been just locking my pc only and not putting it to sleep correct?


So could someone get into my pc in these situations? i mean both situations is literally almost the same except im leaving my pc on a lot longer than the first example. So i only had to type in my windows password to get unlock it.
 

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
i never used the sleep option ever. i only locked my pc and i mention how it works above whether its locked for a short time or for hours.


So you want me to right now unlock my computer. Then click on sleep and then all my monitors would all turn dark? Then once i move my mouse, it will either ask me to enter my bitlocker pin and then my windows password....OR it would just ask me for my windows password?


i never used the sleep option ever on this laptop because i had bad experiences with an old laptop of mine that would sleep for no reason. So would use it and then suddenly it goes to sleep for a minute or two and it kept randomly doing it few times a day. i did not use bitlocker with that old laptop and that was a long time ago.
 

USAFRet

Titan
Moderator
Mar 16, 2013
154,860
11,310
176,090
24,158
Well all i do is lock it. All it does is ask for the windows password.
Well, at that point, the BitLocker is already unlocked, leaving only the Windows password/PIN as security.
And will remain unlocked until you reboot.

Is there a particular threat model you're worried about?
Who might have physical access to this system while you are not in front of it?
 

ex_bubblehead

Champion
Moderator
While there are some very sophisticated ways of obtaining the necessary credentials available to forensic pros and hackers alike, you're not important enough to them to spend the time required. In other words, unless you do something stupid like leave your credentials written on a piece of paper lying around where they can be found, or you walk away without locking the session, you have nothing at all to worry about.

Now, just a side note. Hopefully you have recorded the BitLocker Recovery Key by either creating the recovery USB when you were prompted at the beginning or you have written the key down and placed at least 2 copies in safe places. Without that key you will be unable to ever access the contents of that drive again should BitLocker ever require that key.
 

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
The threat model i would be concerned with is if a thief get access to my laptop and can view the contents inside. Well any thief would be a concern. But if my laptop was powered off, well the concern isn't as much if they can't access my files. That is why i use bitlocker to encrypt it.


So are you telling me any thief with access to my laptop while its in that unlock mode where you only have to enter a windows password can get into my account or they can but its very hard? Heard a long time ago the windows password is useless and can be bypassed easily since many people tend to forget it. But its not different if i have bitlocker enabled? So how would they get access to my files while on that windows lock screen then? Can they brute force it? But do they need to have my laptop for a long time where they have a computer or machine next to it to do the brute force? They can't just take out my ssd and put it into their computer because in order to do that, they need to power off my laptop and then physically remove the ssd out. And when you do that and then turn on the ssd in their laptop, they need to know what is the bitlocker pin. So is my laptop safe even when its just in that lock mode where you only need to enter the windows password?


Yes have the bitlocker recovery key on a file on a usb flash drive. However, that flash drive isn't locked though and neither is that file. So its basically near my laptop. So i would need to encrypt the bitlocker recovery key file that is on my usb flash drive? Thus change the name of the file and encrypt it so when you open it, you see the bitlocker recovery key? Because if a thief has my laptop even when turned off, well if they plug in the usb stick into any computer, well the bitlocker recovery key is right there. So wouldn't it be safe to store the bitlocker recovery key in google drive? Because even if your gmail got hacked, well that person still needs your physical laptop correct? But you should store a copy of the bitlocker recovery key in google drive but encrypt it?
 
But if it is protected, i would just leave it locked so i don't need to power it on again and have to open all the programs again etc.
If you set Windows to hibernate, rather than just locking it or putting it to sleep, it will effectively shut down entirely, but then automatically restore your open applications and whatever you were working on when you start it back up again and enter your passwords. With hibernation, the contents of the system memory are written to a hibernation file on your system drive, and as a result should be encrypted with bitlocker, and inaccessible until the password is entered again.

Sleep mode, or the lock screen, on the other hand, keeps the unlock key for the bitlocker encryption in memory, which is why you don't need to enter that password again. So if you don't trust the Windows sign-in password to protect from access to the system, it might be better to stick to powering it down or hibernating it, both of which should clear the unencrypted contents of your RAM, and require the bitlocker password to be entered again. The startup process will likely take a longer compared to the lock screen alone, but with hibernation you shouldn't need to manually reopen what you were working on, at least.
 

ex_bubblehead

Champion
Moderator
Yes have the bitlocker recovery key on a file on a usb flash drive. However, that flash drive isn't locked though and neither is that file. So its basically near my laptop. So i would need to encrypt the bitlocker recovery key file that is on my usb flash drive? Thus change the name of the file and encrypt it so when you open it, you see the bitlocker recovery key? Because if a thief has my laptop even when turned off, well if they plug in the usb stick into any computer, well the bitlocker recovery key is right there. So wouldn't it be safe to store the bitlocker recovery key in google drive? Because even if your gmail got hacked, well that person still needs your physical laptop correct? But you should store a copy of the bitlocker recovery key in google drive but encrypt it?
That USB key is for emergency use only. By keeping it at the ready next to the laptop you might as well not have encrypted the drive to begin with. Lock that key away in a safe but accessible place and leave it. DO NOT make ANY changes to that USB stick or you can kiss your emergency access goodbye. You're way overthinking things here. BitLocker is not going to be cracked (unless you leave the key just lying around as you are now), especially if you periodically change the PIN. What you 'heard' about Windows passwords is absolute rubbish. Set a 16-20 character password with at least:


1 Uppercase character
1 Lowercase character
1 Character from the top row (shifted numbers)
1 Number

Do not use common, easy to guess words. The most secure passwords come from concatenating 2 or more completely unrelated words salted with special characters (ex> Gr@ssyWhal3Kitten$)

Not likely to be cracked in your lifetime.
 

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
So locking the computer as what i been doing all this time is the same as putting it to sleep?


But someone mention i should be hibernating my computer if i want it safe whether i go outside for a bit or just hibernate it if i go to bed and don't want to power off my computer? So when i hibernate computer, what happens? All my screens turn dark and go off? Do i need to power off my two other external monitors? But the moment i move my mouse, then you would wait a bit and then it would ask you for the bitlocker pin like at startup? Then you enter your window password... then your computer has all the programs and things opened like it was before you click hibernate. is that correct?


So you are saying the way i lock it, its not safe then? So if someone could guess my windows ten password, they can get in my pc? Again im talking about whether i power on my laptop and only enter my bitlocker pin and the on windows password screen... or i enter both. Then a bit later when i lock it... its on the lock screen. Can someone bypass this windows password screen? Possible but very hard? But the same person who has a windows password but do not have bitlocker enabled... then the windows password screen is absolutely useless and can be bypassed easily. is that correct? Always heard people say anyone can get pass the windows password screen... but if you have bitlocker enabled, then its different?
 
Locking the desktop and putting the computer to sleep are different, but both will similarly keep the encryption key in memory, so someone with physical access to your system using your Windows password to access the desktop would have access to everything, just as you would. Hibernating the computer is similar to shutting it down. The difference is that whatever is in system memory gets written to a file on your (encrypted) OS drive, then gets restored back into system memory when the computer is powered on again, so you can continue where you left off. So long as the system asks for your bitlocker key upon starting it up again, then the same should be required of others attempting to access the system.

As for the Windows lock screen, I'm not sure how secure it actually is, or whether there might be some exploit that could allow access to the drive contents from that screen. I wouldn't be at all surprised if Microsoft were to have put in a backdoor to bypass it though. Of course, if you want to get paranoid, the same could be said for bitlocker itself. They claim that it does not have a backdoor, though there's no way of easily verifying that for sure.

Set a 16-20 character password with at least:

1 Uppercase character
1 Lowercase character
1 Character from the top row (shifted numbers)
1 Number
To be fair, one doesn't necessarily need to do all that for a secure password. Just making a password sufficiently longer can result in greater entropy against a brute-force attack than using a variety of characters. For example, the password Gr@ssyWhal3Kitten$ would actually be less secure against pure brute-forcing than the password biglonggrassywhalekittens due to the extra characters, and might be easier to type and remember without writing it down somewhere. Of course, it would be easier for someone to crack using a dictionary-based attack, trying combinations of words rather than individuals letters, though the initial example might not be all that much better, since capitalizing the first letter of each word and replacing letters with similar-looking characters would be common variants they could test for. So I would hardly say that would be the "most secure" method. One option that could be more secure, while still being memorable, would be to combine the first letter or letters of each word from a random memorized excerpt from a book or something. That way, there would be no complete words to use a dictionary attack against.
 

pauly01

Distinguished
Oct 3, 2013
212
0
18,680
0
Okay so would that mean i should hibernate my laptop as oppose to just lock it then? You say if you lock it or put it to sleep, someone with physical access to the laptop using the windows password could access everything. However, what if they do not know what the windows password is? That means they cannot get into the system then? Again my two examples are


Me going outside for an hour or so and then coming back to my apartment. Could be few hours. But when i come back to my apartment, i don't want to power on the laptop and then open all the current programs and chrome tabs that i currently have opened. So my computer would be in the lock screen. So if someone had physical access to my laptop during that time, could they get in my computer if they do not know my windows password? Now... could they brute force my windows password or is that not possible? What if say someone has access to my laptop while its in lock mode... then bring the apartment to their apartment where they have all the tools to try to get in the laptop. Could they brute force it or do something to try to get in my computer since it has windows password? Now the moment they power off the laptop, obviously they would need to know the bitlocker pin which make it very hard etc. Now if someone had access to my laptop while locked... could they put a usb flash drive in my laptop to put malware/keylogger on it or is that possible? Seen video while back that you say if you are in a coffee shop and go somewhere for few minutes, someone could put a usb flash drive in your laptop and after a minute, pull the usb flash drive out and then you get malware. That is true right? But this is not possible when on the windows lock screen? My assumption is it would not be possible at all if laptop is not on right since bitlocker protects it? But could they do Bios or ram malware?


Me just leaving my laptop on overnight before i go to bed. So next day i use laptop... i can just use it where all my programs and chrome tabs opened are there. So here.. you would suggest hibernating the laptop overnight then? Again my main concern is if someone has access to my laptop even for a short time and do something malicious to it. So should i always hibernate my laptop as oppose to lock it? But if you say locking it still protects it because i have bitlocker ... then it should be still safe? So hiberate is basically the same protection as if your computer is off and you need to turn it on which means you have to enter bitlocker pin and then windows password. Locking it still protects it but the only difference is it's just one layer of security with the windows password as oppose to bitlocker pin and windows password? Again, main concern is if someone can just bypass that windows password screen because recall back then people said that is easily done... but thats only if you don't have bitlocker enabled correct?
 

ASK THE COMMUNITY