Vista - BitLocker key change question

When you change the bitlocker key, the drive does get re-encrypted?
Sector by sector. What happens if the computer re-boots/ loses power during
this process. Are there TWO keys active at that point?

Not entirely 100% sure on this one, but I do hope to be of some help )

When you change the key, the drive does become re-encrypted inline with the
new key. From what I imagine, if you try and understand that the way the
drive encrypts depends on the key you first type, so if you type in the same
key on another machine, in theory it could be encrypted the same way (I
think...)

If the computer reboots, not necessarily in beta builds (so might apply to
the public release), the encryption will either kick off from where it left
off, or decrypt it and ask for the key again - whether it's the same key you
used before the encryption or whether it starts the whole process off again,
still not sure.

I do think it'll vary on the software/hardware types of encryption though -
you can get hardware chips with encryption stuff on it, so this may change
how things encrypt and whether the answers I gave still apply or not. It's
sketchy... but I hope that sheds *some* light on it ) We'll definately
know when the public release comes out, as will a whole load of
documentation comes with it.

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!

--: Original message follows :--
"Dominik" <Dominik@discussions.microsoft.com> wrote in message
news:03D924D8-0385-4CA9-9030-9F7044AED726@microsoft.com...
> When you change the bitlocker key, the drive does get re-encrypted?
> Sector by sector. What happens if the computer re-boots/ loses power
> during
> this process. Are there TWO keys active at that point?

Thanks.
It probably keeps a sector pointer; any sector before it is encrypted the
NEW FVE key and any sector after it will be ecrypted with the OLD FVE key.
This pointer will be moved forward.

Dominik

"Zack Whittaker" wrote:

> Not entirely 100% sure on this one, but I do hope to be of some help )
>
> When you change the key, the drive does become re-encrypted inline with the
> new key. From what I imagine, if you try and understand that the way the
> drive encrypts depends on the key you first type, so if you type in the same
> key on another machine, in theory it could be encrypted the same way (I
> think...)
>
> If the computer reboots, not necessarily in beta builds (so might apply to
> the public release), the encryption will either kick off from where it left
> off, or decrypt it and ask for the key again - whether it's the same key you
> used before the encryption or whether it starts the whole process off again,
> still not sure.

This isn't accurate.

Dominik,

the info you want is here.

http://www.microsoft.com/technet/win...y/bittech.mspx

They use two keys so that they don't have to decrypt/reencrypt the drive on
a rekey.

josh
http://windowsconnected.com


"Zack Whittaker" <admin@zacknet.co.uk> wrote in message
news:OMz03x$ZGHA.5088@TK2MSFTNGP03.phx.gbl...
> Not entirely 100% sure on this one, but I do hope to be of some help )
>
> When you change the key, the drive does become re-encrypted inline with
> the new key. From what I imagine, if you try and understand that the way
> the drive encrypts depends on the key you first type, so if you type in
> the same key on another machine, in theory it could be encrypted the same
> way (I think...)
>
> If the computer reboots, not necessarily in beta builds (so might apply to
> the public release), the encryption will either kick off from where it
> left off, or decrypt it and ask for the key again - whether it's the same
> key you used before the encryption or whether it starts the whole process
> off again, still not sure.
>
> I do think it'll vary on the software/hardware types of encryption
> though - you can get hardware chips with encryption stuff on it, so this
> may change how things encrypt and whether the answers I gave still apply
> or not. It's sketchy... but I hope that sheds *some* light on it ) We'll
> definately know when the public release comes out, as will a whole load of
> documentation comes with it.
>
> --
> Zack Whittaker
> » ZackNET Enterprises: www.zacknet.co.uk
> » MSBlog on ResDev: www.msblog.org
> » Vista Knowledge Base: www.vistabase.co.uk
> » This mailing is provided "as is" with no warranties, and confers no
> rights. All opinions expressed are those of myself unless stated so, and
> not
> of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
> that up!
>
> --: Original message follows :--
> "Dominik" <Dominik@discussions.microsoft.com> wrote in message
> news:03D924D8-0385-4CA9-9030-9F7044AED726@microsoft.com...
>> When you change the bitlocker key, the drive does get re-encrypted?
>> Sector by sector. What happens if the computer re-boots/ loses power
>> during
>> this process. Are there TWO keys active at that point?
>
>

Thank you very much! That good article describes it well.

Dominik

"Josh" wrote:

> This isn't accurate.
>
> Dominik,
>
> the info you want is here.
>
> http://www.microsoft.com/technet/win...y/bittech.mspx
>
> They use two keys so that they don't have to decrypt/reencrypt the drive on
> a rekey.
>
> josh
> http://windowsconnected.com
>
>
> "Zack Whittaker" <admin@zacknet.co.uk> wrote in message
> news:OMz03x$ZGHA.5088@TK2MSFTNGP03.phx.gbl...
> > Not entirely 100% sure on this one, but I do hope to be of some help )
> >
> > When you change the key, the drive does become re-encrypted inline with
> > the new key. From what I imagine, if you try and understand that the way
> > the drive encrypts depends on the key you first type, so if you type in
> > the same key on another machine, in theory it could be encrypted the same
> > way (I think...)
> >
> > If the computer reboots, not necessarily in beta builds (so might apply to
> > the public release), the encryption will either kick off from where it
> > left off, or decrypt it and ask for the key again - whether it's the same
> > key you used before the encryption or whether it starts the whole process
> > off again, still not sure.
> >
> > I do think it'll vary on the software/hardware types of encryption
> > though - you can get hardware chips with encryption stuff on it, so this
> > may change how things encrypt and whether the answers I gave still apply
> > or not. It's sketchy... but I hope that sheds *some* light on it ) We'll
> > definately know when the public release comes out, as will a whole load of
> > documentation comes with it.
> >
> > --
> > Zack Whittaker
> > » ZackNET Enterprises: www.zacknet.co.uk
> > » MSBlog on ResDev: www.msblog.org
> > » Vista Knowledge Base: www.vistabase.co.uk
> > » This mailing is provided "as is" with no warranties, and confers no
> > rights. All opinions expressed are those of myself unless stated so, and
> > not
> > of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
> > that up!
> >
> > --: Original message follows :--
> > "Dominik" <Dominik@discussions.microsoft.com> wrote in message
> > news:03D924D8-0385-4CA9-9030-9F7044AED726@microsoft.com...
> >> When you change the bitlocker key, the drive does get re-encrypted?
> >> Sector by sector. What happens if the computer re-boots/ loses power
> >> during
> >> this process. Are there TWO keys active at that point?
> >
> >
>
>
>

Glad that article helped!
-
Jamie Hunter [MS]

"Dominik" <Dominik@discussions.microsoft.com> wrote in message
news:9C1B34CA-C20D-4F5F-A993-CEF885BACD16@microsoft.com...
> Thank you very much! That good article describes it well.
>
> Dominik
>
> "Josh" wrote:
>
>> This isn't accurate.
>>
>> Dominik,
>>
>> the info you want is here.
>>
>> http://www.microsoft.com/technet/win...y/bittech.mspx
>>
>> They use two keys so that they don't have to decrypt/reencrypt the drive
>> on
>> a rekey.
>>
>> josh
>> http://windowsconnected.com
>>
>>
>> "Zack Whittaker" <admin@zacknet.co.uk> wrote in message
>> news:OMz03x$ZGHA.5088@TK2MSFTNGP03.phx.gbl...
>> > Not entirely 100% sure on this one, but I do hope to be of some help
>> > )
>> >
>> > When you change the key, the drive does become re-encrypted inline with
>> > the new key. From what I imagine, if you try and understand that the
>> > way
>> > the drive encrypts depends on the key you first type, so if you type in
>> > the same key on another machine, in theory it could be encrypted the
>> > same
>> > way (I think...)
>> >
>> > If the computer reboots, not necessarily in beta builds (so might apply
>> > to
>> > the public release), the encryption will either kick off from where it
>> > left off, or decrypt it and ask for the key again - whether it's the
>> > same
>> > key you used before the encryption or whether it starts the whole
>> > process
>> > off again, still not sure.
>> >
>> > I do think it'll vary on the software/hardware types of encryption
>> > though - you can get hardware chips with encryption stuff on it, so
>> > this
>> > may change how things encrypt and whether the answers I gave still
>> > apply
>> > or not. It's sketchy... but I hope that sheds *some* light on it )
>> > We'll
>> > definately know when the public release comes out, as will a whole load
>> > of
>> > documentation comes with it.
>> >
>> > --
>> > Zack Whittaker
>> > » ZackNET Enterprises: www.zacknet.co.uk
>> > » MSBlog on ResDev: www.msblog.org
>> > » Vista Knowledge Base: www.vistabase.co.uk
>> > » This mailing is provided "as is" with no warranties, and confers no
>> > rights. All opinions expressed are those of myself unless stated so,
>> > and
>> > not
>> > of my employer, best friend, Ghandi, my mother or my cat. Glad we
>> > cleared
>> > that up!
>> >
>> > --: Original message follows :--
>> > "Dominik" <Dominik@discussions.microsoft.com> wrote in message
>> > news:03D924D8-0385-4CA9-9030-9F7044AED726@microsoft.com...
>> >> When you change the bitlocker key, the drive does get re-encrypted?
>> >> Sector by sector. What happens if the computer re-boots/ loses power
>> >> during
>> >> this process. Are there TWO keys active at that point?
>> >
>> >
>>
>>
>>