Vista - BitLocker question

10-03-2007

Hello,

If I want to switch from using a startup key to TPM or vice versa, do I need
to decrypt the volume first or can I just disable BitLocker, then make the
switch after re-enabling BitLocker?

I'm planning to test this out today, but each encryption/decryption takes
about an hour. (I should have made my test volume smaller to speed that up,
but oh well . . .)

Also, how secure is BitLocker? Has anyone cracked it yet? Thanks.

--
Regards,
Martin X.
MCSA: M

10-03-2007

No need to decrypt then re-encrypt. You can use the command-line interface
to change the protection types. Run an elevated command prompt, switch to
%WINDIR%\system32, and run this command:

cscript manage-bde.wsf -protectors -?

You'll see that you can add and delete protectors. To add one, look at this:

cscript manage-bde.wsf -protectors -add -?

To delete one, look at this:

cscript manage-bde.wsf -protectors -delete -?

To answer your other question, the algorithm is 128-bit AES with an Elephant
diffuser (search it out if you're curious). It hasn't been cracked. You
might also be interested to know that, despite persistent rumors, there is
no back door:
http://blogs.technet.com/steriley/ar...ocker-too.aspx

--
Steve Riley
steve.riley@xxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

"Martin X." <martin@xxxxxx> wrote in message
news:usGa3VcBIHA.1212@xxxxxx

Quote:

> Hello,
>
>
>
> If I want to switch from using a startup key to TPM or vice versa, do I
> need
> to decrypt the volume first or can I just disable BitLocker, then make the
> switch after re-enabling BitLocker?
>
>
>
> I'm planning to test this out today, but each encryption/decryption takes
> about an hour. (I should have made my test volume smaller to speed that
> up,
> but oh well . . .)
>
>
>
> Also, how secure is BitLocker? Has anyone cracked it yet? Thanks.
>
>
> --
> Regards,
> Martin X.
> MCSA: M
>
>

10-03-2007	#1 (permalink)
Martin X. n/a posts	BitLocker question Hello, If I want to switch from using a startup key to TPM or vice versa, do I need to decrypt the volume first or can I just disable BitLocker, then make the switch after re-enabling BitLocker? I'm planning to test this out today, but each encryption/decryption takes about an hour. (I should have made my test volume smaller to speed that up, but oh well . . .) Also, how secure is BitLocker? Has anyone cracked it yet? Thanks. -- Regards, Martin X. MCSA: M
My System Specs

10-03-2007	#2 (permalink)
Steve Riley [MSFT] n/a posts	Re: BitLocker question No need to decrypt then re-encrypt. You can use the command-line interface to change the protection types. Run an elevated command prompt, switch to %WINDIR%\system32, and run this command: cscript manage-bde.wsf -protectors -? You'll see that you can add and delete protectors. To add one, look at this: cscript manage-bde.wsf -protectors -add -? To delete one, look at this: cscript manage-bde.wsf -protectors -delete -? To answer your other question, the algorithm is 128-bit AES with an Elephant diffuser (search it out if you're curious). It hasn't been cracked. You might also be interested to know that, despite persistent rumors, there is no back door: http://blogs.technet.com/steriley/ar...ocker-too.aspx -- Steve Riley steve.riley@xxxxxx http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com "Martin X." <martin@xxxxxx> wrote in message news:usGa3VcBIHA.1212@xxxxxx Quote: > Hello, > > > > If I want to switch from using a startup key to TPM or vice versa, do I > need > to decrypt the volume first or can I just disable BitLocker, then make the > switch after re-enabling BitLocker? > > > > I'm planning to test this out today, but each encryption/decryption takes > about an hour. (I should have made my test volume smaller to speed that > up, > but oh well . . .) > > > > Also, how secure is BitLocker? Has anyone cracked it yet? Thanks. > > > -- > Regards, > Martin X. > MCSA: M > >
My System Specs

Similar Threads
Thread	Forum
Bitlocker Question	Vista General
Bitlocker Question?	Vista security
Windows Vista BitLocker Question!	Vista General
BitLocker Question	Vista General
BitLocker key change question	Vista security