undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsamiraliakbari12y ago0 comments

> Windows has good FDE now.

A BitLocker's "feature" is that you can recover your key! So can Microsoft, NSA, etc. See: https://twitter.com/TheBlogPirate/status/471759810644283392

0 comments

5 comments · 1 top-level

Locke168912y ago· 4 in thread

You can recover it if you decided to store it on MS servers. You can just not do that.

pervycreeper12y ago

That doesn't remove any reason not to trust their implementation.

Karunamon12y ago

Sad but true - Given Microsoft's all-too-eager cooperation with the TLA's, any encryption product they pack with the OS is immediately suspect.

That doesn't just apply to Microsoft. I wouldn't trust FileVault on Apple or Red Hat's implementation of LUKS either.

atmosx12y ago

Apple has this 'feature' too.

Locke168912y ago

It's a perfectly reasonable feature. For one, it's not just for Microsoft servers -- in an enterprise environment you can just have it stored on your companies AD servers, so if for any reason an employee forgets or loses their key the company can recover the data.

However, you're still missing a fundamental aspect of security, which is that it's targeted, not universal. Your system is not 'secure', it's 'secure against x', where x is your adversary. If your set of adversaries includes, say, someone losing their laptop at the airport, but not Microsoft, then storing your keys on MS servers loses you nothing and gains you ease of use.

j / k navigate · click thread line to collapse