Windows Vista Forums

Backing up Bitlocker Encrypted Drive Equals Not Encrypted

  1. #1


    markbyrn Guest

    Backing up Bitlocker Encrypted Drive Equals Not Encrypted

    When attempting to use the backup utility on the Bitlocker protected
    drive, the following informative notification is received:

    "You have chosen to backup disk C: which is encrypted. The backup
    location will not be encrypted. Make sure the backup is kept in a
    physically secure location."

    One doesn't need to be a security guru to realize the inherent
    weakness in making non-encrypted backups of your encrypted data. So
    the options are to either user use a third party program like
    DriveCrypt (or TrueCrypt when they have a Vista ready release) to
    secure the backup drive or not backup at all. If you choose the
    former option, you don't need Bitlocker and the latter option is
    untenable. Of all the Ultimate Extra's, I was hoping Bitlocker would
    save the day. Oh well.


      My System SpecsSystem Spec

  2.   


  3. #2


    Jupiter Jones [MVP] Guest

    Re: Backing up Bitlocker Encrypted Drive Equals Not Encrypted

    The weakness you refer is eliminated by "kept in a physically secure
    location."
    There is no weakness if the data is properly secured.
    The security required depends on the sensitivity of the data.
    Many use a safe deposit box or other off site secure location.
    For less sensitive, some use something as simple as a locked filing
    cabinet.

    --
    Jupiter Jones [MVP]
    http://www3.telus.net/dandemar
    http://www.dts-l.org


    "markbyrn" <markbyrn@gmail.com> wrote in message
    news:1172977195.168096.65390@t69g2000cwt.googlegroups.com...
    > When attempting to use the backup utility on the Bitlocker protected
    > drive, the following informative notification is received:
    >
    > "You have chosen to backup disk C: which is encrypted. The backup
    > location will not be encrypted. Make sure the backup is kept in a
    > physically secure location."
    >
    > One doesn't need to be a security guru to realize the inherent
    > weakness in making non-encrypted backups of your encrypted data. So
    > the options are to either user use a third party program like
    > DriveCrypt (or TrueCrypt when they have a Vista ready release) to
    > secure the backup drive or not backup at all. If you choose the
    > former option, you don't need Bitlocker and the latter option is
    > untenable. Of all the Ultimate Extra's, I was hoping Bitlocker
    > would
    > save the day. Oh well.



      My System SpecsSystem Spec

  4. #3


    Robert Moir Guest

    Re: Backing up Bitlocker Encrypted Drive Equals Not Encrypted


    "markbyrn" <markbyrn@gmail.com> wrote in message
    news:1172977195.168096.65390@t69g2000cwt.googlegroups.com...
    > One doesn't need to be a security guru to realize the inherent
    > weakness in making non-encrypted backups of your encrypted data.


    So it's a good thing the backup program warned you about it and told you to
    store your backups in a physically secure location, right?

    > So
    > the options are to either user use a third party program like
    > DriveCrypt (or TrueCrypt when they have a Vista ready release) to
    > secure the backup drive or not backup at all. If you choose the
    > former option, you don't need Bitlocker and the latter option is
    > untenable. Of all the Ultimate Extra's, I was hoping Bitlocker would
    > save the day. Oh well.


    Actually it isn't that simple at all. To backup with encryption, either the
    backup program stores the encryption keys/details with the backup which
    would take us back to the backup being insecure unless it's stored in a
    physically secure location, or you rely on setting a password to secure the
    backups which means you're at the mercy of the user a) setting a good
    password to begin with and b) not forgetting it. Past experience suggests
    that people will manage to fall down on both those conditions, picking a
    weak and easy to crack password, forget it, then whinge like hell about it
    prompting someone to write a "password recovery" tool which can then easily
    be subverted for malicious purposes.

    Or you can fail to worry about any of that, in which case you don't have a
    proper backup suitable for DR purposes because it doesn't worry about
    backing up anything required to re-create the encrypted state of the data,
    just the data in encrypted format. Hence it relies on the computer it was
    backed up from being in perfect working order when a restore is needed.
    Great for people who delete files by mistake and want to restore them but
    lousy for someone whose computer did a halt and catch fire and who needs to
    restore their data to a new machine.

    Life is full of compromises. How to deal with backing up encrypted data is
    just another set of compromises to be worked out.

    --
    Robert Moir
    http://www.rhymeswithgeek.com



      My System SpecsSystem Spec

  5. #4


    Jeffery Jones Guest

    Re: Backing up Bitlocker Encrypted Drive Equals Not Encrypted

    On 3 Mar 2007 18:59:55 -0800, "markbyrn" <markbyrn@gmail.com> wrote:

    >"You have chosen to backup disk C: which is encrypted. The backup
    >location will not be encrypted. Make sure the backup is kept in a
    >physically secure location."
    >
    >One doesn't need to be a security guru to realize the inherent
    >weakness in making non-encrypted backups of your encrypted data. So
    >the options are to either user use a third party program like
    >DriveCrypt (or TrueCrypt when they have a Vista ready release) to
    >secure the backup drive or not backup at all.


    How about EFS for the backup media?

      My System SpecsSystem Spec

  6. #5


    Guest

    Re: Backing up Bitlocker Encrypted Drive Equals Not Encrypted

    "Jeffery Jones" <keineverbung@newsgroups.nospam> wrote in message
    news:gvpqv294d4c9a1s5hen0l17vb6f8ni1981@4ax.com...
    > On 3 Mar 2007 18:59:55 -0800, "markbyrn" <markbyrn@gmail.com> wrote:
    >
    >>"You have chosen to backup disk C: which is encrypted. The backup
    >>location will not be encrypted. Make sure the backup is kept in a
    >>physically secure location."
    >>
    >>One doesn't need to be a security guru to realize the inherent
    >>weakness in making non-encrypted backups of your encrypted data. So
    >>the options are to either user use a third party program like
    >>DriveCrypt (or TrueCrypt when they have a Vista ready release) to
    >>secure the backup drive or not backup at all.

    >
    > How about EFS for the backup media?



    Also, if the backup target drive is a USB external hard drive, you can use
    manage-bde.wsf to enable BitLocker on the external hard drive.

    Then you simply have the issue of how to keep your keys backed up.

    Alun.
    ~~~~
    --
    Texas Imperial Software | Web: http://www.wftpd.com/
    23921 57th Ave SE | Blog: http://msmvps.com/alunj/
    Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
    Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.



      My System SpecsSystem Spec


Backing up Bitlocker Encrypted Drive Equals Not Encrypted
Similar Threads
Thread Forum
Need to recover encrypted files from Windows XP drive Vista security
Should Recovery Drive be Encrypted by Bitlocker? Vista security
Backing up Bitlocker encrypted data Vista security
Sync with an encrypted virtual drive Live Folder Share
how can we get encrypted file size of an NTFS encrypted file WinFX General