Does bitlocker work without a TPM module or USB Flash Drive?

[piclistguy]

I am about to purchase a Dell M1330, which doesnt offer a TPM module.
I also don't want to deal with plugging in a USB Flash drive every
time I boot up (which could get stolen with a laptop).
I have the following questions regarding Bitlocker

#1 Can I still use the Bitlocker feature of Windows Vista with a TPM
module or USB flash drive?
#2 Are there any articles that document how secure Bitlocker is in
keeping your data safe if your laptop is stolen?
#3 If for some reason that operating system gets corrupt, is there a
way to extract my data off of the hard drive if I have the encryption
keys?

Thanks

 

[benedito78]

If you have no TPM you must use a USB key, the method of using the USB key
only does not appear on the bitlocker control panel but it can be done. I
haven't tried using bitlocker with a machine with no TPM yet so someone else
may be better suited to answer with the procedure.

http://technet2.microsoft.com/Windo...ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

There is a link to details about bitlocker, bitlocker uses AES128 or AES256
if you do the registry hack, AES has been around long enough that it is
trusted as a good encryption method. Microsoft added an "elephant diffuser"
with the idea that it would help combat a brute force attack. Bitlocker is
well documented and Microsoft has no trouble explaining how it works and
what pitfalls there may be so I for one trust it.

If you don't want to use the USB key and don't have a TPM, you could go to
www.truecrypt.org and try their encryption program, it is also well
documented and has been around awhile.

With either bitlocker or truecrypt, I'd say "lotsa luck" to anybody who got
ahold of your encrypted data, except maybe the NSA...

-Lou

 

[Gary Mount]

You can use BitLocker on a computer without a TPM module and without needing
to plug in a USB Flash drive.
You will have to enter a series of numbers whenever you boot up your
computer or come out of hibernation.
For example a set of numbers like the following
218207-465773-304260-135740-029018-277519-329681-038918
will be required.
You will be best to have a backup solution rather than hoping you can
recover your data from a corrupted hardrive/system.
After all, if your hard drive crashed, you would have a difficult time
getting the data off anyway.

 

[Man-wai Chang ToDie]

I am about to purchase a Dell M1330, which doesnt offer a TPM module.
I also don't want to deal with plugging in a USB Flash drive every
time I boot up (which could get stolen with a laptop).
I have the following questions regarding Bitlocker

How about trying TrueCrypt?

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Xubuntu 7.04) Linux 2.6.24.2
^ ^ 17:10:02 up 5 days 7:10 0 users load average: 0.02 0.02 0.00
? ? (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/

 

[Kevin Young]

I am about to purchase a Dell M1330, which doesnt offer a TPM module.
I also don't want to deal with plugging in a USB Flash drive every
time I boot up (which could get stolen with a laptop).
I have the following questions regarding Bitlocker

#1 Can I still use the Bitlocker feature of Windows Vista with a TPM
module or USB flash drive?
#2 Are there any articles that document how secure Bitlocker is in
keeping your data safe if your laptop is stolen?
#3 If for some reason that operating system gets corrupt, is there a
way to extract my data off of the hard drive if I have the encryption
keys?

Thanks

1. If you have an SD Card slot you can use an SD Card rather than a USB
Flash Drive with Bitlocker. When using a USB Drive or SD Drive you can
pull the SD Card or USB drive out of the computer as soon as Bitlocker
finds it at boot-up. In fact Bitlocker will prompt you to remove the
UZB Drive or SD Card but will continue to boot if you leave it in.

2. There's a white paper here that you can download on BitLocker:
<http://whitepapers.silicon.com/0,39024759,60304355p-39000366q,00.htm>

3. Get Acronis True Image Home and make an image of your drive for
back-up purposes. The back-up will not be encrypted with Bitlocker so
store your back-up device in a safe place. Acronis combined with a USB
Hard Drive makes back-ups easy and quick.

 

[glr]

I love the idea to store the Bitlocker key on a SD card. My Dell XPS M1530 has Vista Ultimate and, accordingly Bitlocker. Bitlocker unfortunately does not recognize the SD card during setup

Any tips

Greg


Post Originated from http://www.VistaForums.com Vista Support Forums

 

[Thomas Allen]

Well it has to be detected in bios as a usb device. IT is impossible to use
bitlocker without a usb drive or TPM module, as it needs something to get the
key to unlock the hard drive. Otherwise your hard drive could just get hacked
because it has the key on it.
Basically, if someone gets your hard drive it is all scrambled unless they
find the key.

 

[Alun Jones]

Well it has to be detected in bios as a usb device. IT is impossible to
use
bitlocker without a usb drive or TPM module, as it needs something to get
the
key to unlock the hard drive. Otherwise your hard drive could just get
hacked
because it has the key on it.
Basically, if someone gets your hard drive it is all scrambled unless they
find the key.

This is basically my argument against using USB + TPM.

The USB stick is likely either to be plugged in to the laptop (hey, who's
going to 'waste' a USB stick by storing a few dozen bytes on it, when they
could also use it for storing files that they want to carry around), or in
the laptop bag (in which case, the laptop is probably in there, so the thief
has it as well).

If you have the keying material, you can boot up the laptop, and then attack
it through traditional means (network, Firewire, etc).

I'd like to see USB + PIN supported, and I'd like to see people thinking
about PIN + TPM as the right solution.

Alun.
~~~~